Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 174001 Details for
Bug 257121
Windows XP client Domain Authentication not working with "security = ADS"
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
Debug 10 output of attempt to authenticate (anonymized)
smb.log (text/plain), 414.38 KB, created by
Charles Gillet
on 2007-08-27 16:48:01 UTC
(
hide
)
Description:
Debug 10 output of attempt to authenticate (anonymized)
Filename:
MIME Type:
Creator:
Charles Gillet
Created:
2007-08-27 16:48:01 UTC
Size:
414.38 KB
patch
obsolete
>[2007/08/24 16:04:24, 5] lib/debug.c:debug_dump_status(391) > INFO: Current debug levels: > all: True/10 > tdb: False/0 > printdrivers: False/0 > lanman: False/0 > smb: False/0 > rpc_parse: False/0 > rpc_srv: False/0 > rpc_cli: False/0 > passdb: False/0 > sam: False/0 > auth: False/0 > winbind: False/0 > vfs: False/0 > idmap: False/0 > quota: False/0 > acls: False/0 > locking: False/0 > msdfs: False/0 > dmapi: False/0 >[2007/08/24 16:04:24, 3] lib/fault.c:dump_core_setup(134) > Maximum core file size limits now 16777216(soft) -1(hard) >[2007/08/24 16:04:24, 3] smbd/sec_ctx.c:get_current_groups(168) > get_current_groups: user is in 8 groups: 0, 1, 2, 3, 4, 6, 10, 101 >[2007/08/24 16:04:24, 0] smbd/server.c:main(847) > smbd version 3.0.23c-2.el5.2.0.2 started. > Copyright Andrew Tridgell and the Samba Team 1992-2006 >[2007/08/24 16:04:24, 2] smbd/server.c:main(851) > uid=0 gid=0 euid=0 egid=0 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > Build environment: >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > Built by: brewbuilder@hs20-bc1-5.build.redhat.com >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > Built on: Fri May 11 13:07:05 EDT 2007 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > Built using: gcc >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > Build host: Linux hs20-bc1-5.build.redhat.com 2.6.9-42.0.8.ELsmp #1 SMP Tue Jan 23 12:49:51 EST 2007 i686 i686 i386 GNU/Linux >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > SRCDIR: /builddir/build/BUILD/samba-3.0.23c/source >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > BUILDDIR: /builddir/build/BUILD/samba-3.0.23c/source >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > > Paths: >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > SBINDIR: /usr/sbin >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > BINDIR: /usr/bin >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > SWATDIR: /usr/share/swat >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > CONFIGFILE: /etc/samba/smb.conf >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > LOGFILEBASE: /var/log/samba >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > LMHOSTSFILE: /etc/samba/lmhosts >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > LIBDIR: /usr/lib/samba >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > SHLIBEXT: so >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > LOCKDIR: /var/cache/samba >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > PIDDIR: /var/run >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > SMB_PASSWD_FILE: /etc/samba/smbpasswd >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > PRIVATE_DIR: /etc/samba >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > > System Headers: >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_ACL_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_CDEFS_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_FCNTL_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_IOCTL_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_IPC_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_MMAN_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_MOUNT_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_PARAM_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_PRCTL_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_QUOTA_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_RESOURCE_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_SELECT_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_SHM_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_SOCKET_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_STATFS_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_STATVFS_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_STAT_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_SYSCALL_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_SYSLOG_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_SYSMACROS_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_TIME_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_TYPES_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_UIO_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_UNISTD_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_UN_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_VFS_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_WAIT_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_XATTR_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > > Headers: >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_AIO_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_ALLOCA_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_ARPA_INET_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_ASM_TYPES_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_ATTR_XATTR_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_CTYPE_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_DIRENT_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_DLFCN_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_EXECINFO_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_FCNTL_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_FLOAT_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_GLOB_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_GRP_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_GSSAPI_GSSAPI_GENERIC_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_GSSAPI_GSSAPI_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_INTTYPES_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LANGINFO_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LASTLOG_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LBER_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LDAP_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LIMITS_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LOCALE_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_MEMORY_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_MNTENT_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_NETINET_IN_SYSTM_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_NETINET_IP_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_NETINET_TCP_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_NET_IF_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_NSS_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_POLL_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_READLINE_HISTORY_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_READLINE_READLINE_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_RPCSVC_NIS_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_RPCSVC_YPCLNT_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_RPCSVC_YP_PROT_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_RPC_RPC_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SECURITY_PAM_APPL_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SECURITY_PAM_MODULES_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SECURITY__PAM_MACROS_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SHADOW_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STDARG_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STDINT_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STDLIB_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STRINGS_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STRING_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STROPTS_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYSCALL_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYSLOG_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_TERMIOS_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_TERMIO_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_UNISTD_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_UTIME_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > > UTMP Options: >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_GETUTMPX >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_UTMPX_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_UTMP_H >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_UT_UT_ADDR >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_UT_UT_EXIT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_UT_UT_HOST >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_UT_UT_ID >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_UT_UT_NAME >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_UT_UT_PID >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_UT_UT_TIME >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_UT_UT_TV >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_UT_UT_TYPE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_UT_UT_USER >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > PUTUTLINE_RETURNS_UTMP >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > WITH_UTMP >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > > HAVE_* Defines: >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_ADDRTYPE_IN_KRB5_ADDRESS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_AP_OPTS_USE_SUBKEY >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_ASPRINTF >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_ASPRINTF_DECL >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_ATEXIT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_BACKTRACE_SYMBOLS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_BER_SCANF >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_C99_VSNPRINTF >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_CHMOD >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_CHOWN >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_CHROOT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_CONNECT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_CREAT64 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_CRYPT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_CUPS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_DECODE_KRB5_AP_REQ >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_DEVICE_MAJOR_FN >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_DEVICE_MINOR_FN >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_DIRENT_D_OFF >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_DLCLOSE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_DLERROR >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_DLOPEN >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_DLSYM >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_DUP2 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_ENDMNTENT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_ENDNETGRENT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_ERRNO_DECL >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_EXECL >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_EXPLICIT_LARGEFILE_SUPPORT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_FCHMOD >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_FCHOWN >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_FCNTL_LOCK >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_FCVT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_FGETXATTR >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_FLISTXATTR >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_FOPEN64 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_FREMOVEXATTR >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_FSEEKO64 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_FSETXATTR >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_FSTAT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_FSTAT64 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_FSYNC >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_FTELLO64 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_FTRUNCATE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_FTRUNCATE64 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_FTRUNCATE_EXTEND >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_FUNCTION_MACRO >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_GETCWD >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_GETDIRENTRIES >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_GETGRENT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_GETGRNAM >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_GETGROUPLIST >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_GETMNTENT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_GETNETGRENT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_GETRLIMIT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_GETSPNAM >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_GETTIMEOFDAY_TZ >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_GETXATTR >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_GLOB >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_GRANTPT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_GSSAPI >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_GSS_DISPLAY_STATUS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_ICONV >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_IFACE_IFCONF >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_IMMEDIATE_STRUCTURES >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_INITGROUPS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_INNETGR >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_IPRINT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KERNEL_CHANGE_NOTIFY >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KERNEL_OPLOCKS_LINUX >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KERNEL_SHARE_MODES >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_AUTH_CON_SETUSERUSERKEY >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_C_ENCTYPE_COMPARE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_C_VERIFY_CHECKSUM >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_ENCRYPT_BLOCK >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_ENCRYPT_DATA >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_FREE_AP_REQ >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_FREE_DATA_CONTENTS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_FREE_KEYTAB_ENTRY_CONTENTS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_FREE_KTYPES >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_FREE_UNPARSED_NAME >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_GET_PERMITTED_ENCTYPES >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_GET_RENEWED_CREDS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_KEYBLOCK_IN_CREDS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_KEYTAB_ENTRY_KEY >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_KEYUSAGE_APP_DATA_CKSUM >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_KT_FREE_ENTRY >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_LOCATE_KDC >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_MK_REQ_EXTENDED >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_PRINCIPAL2SALT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_PRINC_COMPONENT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_SET_DEFAULT_TGS_KTYPES >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_SET_REAL_TIME >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_STRING_TO_KEY >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_TKT_ENC_PART2 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KRB5_USE_ENCTYPE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_KV5M_KEYTAB >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LDAP >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LDAP_ADD_RESULT_ENTRY >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LDAP_DN2AD_CANONICAL >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LDAP_INIT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LDAP_INITIALIZE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LDAP_SET_REBIND_PROC >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LGETXATTR >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LIBCOM_ERR >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LIBGSSAPI_KRB5 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LIBK5CRYPTO >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LIBKRB5 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LIBLBER >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LIBLDAP >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LIBPAM >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LIBREADLINE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LIBRESOLV >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LINK >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LINUX_XFS_QUOTAS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LISTXATTR >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LLISTXATTR >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LLSEEK >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LONGLONG >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LREMOVEXATTR >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LSEEK64 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LSETXATTR >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_LSTAT64 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_MAGIC_IN_KRB5_ADDRESS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_MAKEDEV >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_MEMMOVE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_MEMSET >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_MKNOD >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_MKTIME >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_MLOCK >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_MLOCKALL >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_MMAP >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_MUNLOCK >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_MUNLOCKALL >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_NANOSLEEP >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_NATIVE_ICONV >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_NEW_LIBREADLINE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_NL_LANGINFO >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_NO_AIO >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_OPEN64 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_PATHCONF >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_PIPE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_POLL >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_POSIX_ACLS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_PRCTL >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_PREAD >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_PREAD64 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_PUTUTLINE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_PUTUTXLINE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_PWRITE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_PWRITE64 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_QUOTACTL_LINUX >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_RAND >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_RANDOM >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_READDIR64 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_READLINK >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_REALPATH >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_REMOVEXATTR >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_RENAME >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SECURE_MKSTEMP >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SELECT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SENDFILE64 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SETBUFFER >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SETENV >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SETGROUPS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SETLINEBUF >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SETLOCALE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SETMNTENT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SETNETGRENT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SETPGID >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SETRESGID >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SETRESGID_DECL >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SETRESUID >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SETRESUID_DECL >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SETSID >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SETXATTR >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SHMGET >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SIGACTION >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SIGBLOCK >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SIGPROCMASK >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SIGSET >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SIG_ATOMIC_T_TYPE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SNPRINTF >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SNPRINTF_DECL >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SOCKLEN_T_TYPE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SRAND >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SRANDOM >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STAT64 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STAT_HIRES_TIMESTAMPS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STAT_ST_ATIM >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STAT_ST_BLKSIZE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STAT_ST_BLOCKS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STAT_ST_CTIM >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STAT_ST_MTIM >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STRCASECMP >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STRCHR >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STRDUP >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STRERROR >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STRFTIME >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STRNDUP >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STRNLEN >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STRPBRK >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STRSIGNAL >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STRTOUL >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STRUCT_DIRENT64 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STRUCT_FLOCK64 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STRUCT_STAT_ST_RDEV >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_STRUCT_TIMESPEC >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_ST_RDEV >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYMLINK >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYSCALL >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYSCONF >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYSLOG >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_SYS_QUOTAS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_TICKET_POINTER_IN_KRB5_AP_REQ >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_TIMEGM >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_UNIXSOCKET >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_UPDWTMP >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_UPDWTMPX >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_USLEEP >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_UTIMBUF >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_UTIME >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_UTIMES >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_VASPRINTF >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_VASPRINTF_DECL >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_VA_COPY >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_VOLATILE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_VSNPRINTF >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_VSNPRINTF_DECL >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_VSYSLOG >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_WAITPID >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_WORKING_AF_LOCAL >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_WRFILE_KEYTAB >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_XFS_QUOTAS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE_YP_GET_DEFAULT_DOMAIN >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE__ET_LIST >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE___CLOSE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE___DUP2 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE___FCNTL >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE___FORK >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE___FSTAT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE___FXSTAT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE___LSEEK >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE___LSTAT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE___LXSTAT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE___OPEN >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE___OPEN64 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE___PREAD64 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE___PWRITE64 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE___READ >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE___STAT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE___WRITE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > HAVE___XSTAT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > > --with Options: >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > WITH_ADS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > WITH_AUTOMOUNT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > WITH_CIFSMOUNT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > WITH_PAM >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > WITH_QUOTAS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > WITH_SENDFILE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > WITH_SYSLOG >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > WITH_UTMP >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > WITH_WINBIND >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > > Build Options: >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > COMPILER_SUPPORTS_LL >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > DEFAULT_DISPLAY_CHARSET >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > DEFAULT_DOS_CHARSET >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > DEFAULT_UNIX_CHARSET >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > KRB5_VERIFY_CHECKSUM_ARGS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > LDAP_SET_REBIND_PROC_ARGS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > LINUX >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > LINUX_SENDFILE_API >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > PACKAGE_BUGREPORT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > PACKAGE_NAME >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > PACKAGE_STRING >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > PACKAGE_TARNAME >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > PACKAGE_VERSION >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > REALPATH_TAKES_NULL >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > REPLACE_GETPASS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > RETSIGTYPE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > SEEKDIR_RETURNS_VOID >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > SIZEOF_DEV_T >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > SIZEOF_INO_T >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > SIZEOF_INT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > SIZEOF_LONG >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > SIZEOF_LONG_LONG >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > SIZEOF_OFF_T >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > SIZEOF_SHORT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > STAT_STATVFS64 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > STAT_ST_BLOCKSIZE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > STDC_HEADERS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > STRING_STATIC_MODULES >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > SYSCONF_SC_NGROUPS_MAX >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > SYSCONF_SC_NPROCESSORS_ONLN >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > SYSCONF_SC_PAGESIZE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > TIME_WITH_SYS_TIME >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > USE_SETRESUID >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > WITH_ADS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > WITH_AUTOMOUNT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > WITH_CIFSMOUNT >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > WITH_PAM >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > WITH_QUOTAS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > WITH_SENDFILE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > WITH_SYSLOG >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > WITH_WINBIND >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > _FILE_OFFSET_BITS >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > _GNU_SOURCE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > _LARGEFILE64_SOURCE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > _POSIX_C_SOURCE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > _POSIX_SOURCE >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > auth_script_init >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > charset_CP437_init >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > charset_CP850_init >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > idmap_ad_init >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > idmap_rid_init >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > offset_t >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > static_decl_auth >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > static_decl_charset >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > static_decl_idmap >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > static_decl_pdb >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > static_decl_rpc >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > static_decl_vfs >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > static_init_auth >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > static_init_charset >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > static_init_idmap >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > static_init_pdb >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > static_init_rpc >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > static_init_vfs >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > vfs_audit_init >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > vfs_cap_init >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > vfs_default_quota_init >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > vfs_expand_msdfs_init >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > vfs_extd_audit_init >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > vfs_fake_perms_init >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > vfs_full_audit_init >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > vfs_netatalk_init >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > vfs_readonly_init >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > vfs_recycle_init >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > vfs_shadow_copy_init >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > > Type sizes: >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > sizeof(char): 1 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > sizeof(int): 4 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > sizeof(long): 4 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > sizeof(long long): 8 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > sizeof(uint8): 1 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > sizeof(uint16): 2 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > sizeof(uint32): 4 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > sizeof(short): 2 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > sizeof(void*): 4 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > sizeof(size_t): 4 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > sizeof(off_t): 8 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > sizeof(ino_t): 8 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > sizeof(dev_t): 8 >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > > Builtin modules: >[2007/08/24 16:04:24, 4] smbd/build_options.c:output(44) > pdb_ldap pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_reg rpc_lsa_ds rpc_wks rpc_svcctl rpc_ntsvcs rpc_net rpc_netdfs rpc_srv rpc_spoolss rpc_eventlog rpc_samr idmap_ldap idmap_tdb auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin >[2007/08/24 16:04:24, 3] param/loadparm.c:lp_load(4954) > lp_load: refreshing parameters >[2007/08/24 16:04:24, 3] param/loadparm.c:init_globals(1410) > Initialising global parameters >[2007/08/24 16:04:24, 3] param/params.c:pm_process(572) > params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" >[2007/08/24 16:04:24, 3] param/loadparm.c:do_section(3696) > Processing section "[global]" > doing parameter workgroup = WINDOWS > doing parameter server string = Samba Server > doing parameter security = ADS > doing parameter load printers = yes > doing parameter cups options = raw > doing parameter log file = /var/log/samba/smbd.log > doing parameter max log size = 5000 > doing parameter realm = WINDOWS.DOMAIN > doing parameter dns proxy = no >[2007/08/24 16:04:24, 2] param/loadparm.c:do_section(3713) > Processing section "[homes]" >[2007/08/24 16:04:24, 8] param/loadparm.c:add_a_service(2498) > add_a_service: Creating snum = 0 for homes >[2007/08/24 16:04:24, 10] param/loadparm.c:hash_a_service(2535) > hash_a_service: creating tdb servicehash >[2007/08/24 16:04:24, 10] param/loadparm.c:hash_a_service(2545) > hash_a_service: hashing index 0 for service name homes > doing parameter comment = Home Directories > doing parameter browseable = no > doing parameter writable = yes >[2007/08/24 16:04:24, 2] param/loadparm.c:do_section(3713) > Processing section "[printers]" >[2007/08/24 16:04:24, 8] param/loadparm.c:add_a_service(2498) > add_a_service: Creating snum = 1 for printers >[2007/08/24 16:04:24, 10] param/loadparm.c:hash_a_service(2545) > hash_a_service: hashing index 1 for service name printers > doing parameter comment = All Printers > doing parameter path = /usr/spool/samba > doing parameter browseable = no > doing parameter guest ok = no > doing parameter writable = no > doing parameter printable = yes >[2007/08/24 16:04:24, 4] param/loadparm.c:lp_load(4985) > pm_process() returned Yes >[2007/08/24 16:04:24, 8] param/loadparm.c:add_a_service(2498) > add_a_service: Creating snum = 2 for IPC$ >[2007/08/24 16:04:24, 10] param/loadparm.c:hash_a_service(2545) > hash_a_service: hashing index 2 for service name IPC$ >[2007/08/24 16:04:24, 3] param/loadparm.c:lp_add_ipc(2632) > adding IPC service >[2007/08/24 16:04:24, 10] param/loadparm.c:set_server_role(4230) > set_server_role: role = ROLE_DOMAIN_MEMBER >[2007/08/24 16:04:24, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UCS-2LE >[2007/08/24 16:04:24, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UCS-2LE >[2007/08/24 16:04:24, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UTF-16LE >[2007/08/24 16:04:24, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UTF-16LE >[2007/08/24 16:04:24, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UCS-2BE >[2007/08/24 16:04:24, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UCS-2BE >[2007/08/24 16:04:24, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UTF-16BE >[2007/08/24 16:04:24, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UTF-16BE >[2007/08/24 16:04:24, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UTF8 >[2007/08/24 16:04:24, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UTF8 >[2007/08/24 16:04:24, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UTF-8 >[2007/08/24 16:04:24, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UTF-8 >[2007/08/24 16:04:24, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset ASCII >[2007/08/24 16:04:24, 5] lib/iconv.c:smb_register_charset(113) > Registered charset ASCII >[2007/08/24 16:04:24, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset 646 >[2007/08/24 16:04:24, 5] lib/iconv.c:smb_register_charset(113) > Registered charset 646 >[2007/08/24 16:04:24, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset ISO-8859-1 >[2007/08/24 16:04:24, 5] lib/iconv.c:smb_register_charset(113) > Registered charset ISO-8859-1 >[2007/08/24 16:04:24, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UCS2-HEX >[2007/08/24 16:04:24, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UCS2-HEX >[2007/08/24 16:04:24, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2007/08/24 16:04:24, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2007/08/24 16:04:24, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2007/08/24 16:04:24, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2007/08/24 16:04:24, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2007/08/24 16:04:24, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2007/08/24 16:04:24, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2007/08/24 16:04:24, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2007/08/24 16:04:24, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2007/08/24 16:04:24, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2007/08/24 16:04:24, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2007/08/24 16:04:24, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2007/08/24 16:04:24, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2007/08/24 16:04:24, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2007/08/24 16:04:24, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2007/08/24 16:04:24, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2007/08/24 16:04:24, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2007/08/24 16:04:24, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2007/08/24 16:04:24, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2007/08/24 16:04:24, 5] lib/charcnv.c:charset_name(81) > Substituting charset 'UTF-8' for LOCALE >[2007/08/24 16:04:24, 3] printing/pcap.c:pcap_cache_reload(117) > reloading printcap cache >[2007/08/24 16:04:24, 5] printing/print_cups.c:cups_cache_reload(71) > reloading cups printcap cache >[2007/08/24 16:04:24, 10] printing/print_cups.c:cups_server(51) > cups server left to default localhost >[2007/08/24 16:04:24, 3] printing/pcap.c:pcap_cache_reload(223) > reload status: ok >[2007/08/24 16:04:24, 3] printing/pcap.c:pcap_cache_reload(117) > reloading printcap cache >[2007/08/24 16:04:24, 5] printing/print_cups.c:cups_cache_reload(71) > reloading cups printcap cache >[2007/08/24 16:04:24, 10] printing/print_cups.c:cups_server(51) > cups server left to default localhost >[2007/08/24 16:04:24, 3] printing/pcap.c:pcap_cache_reload(223) > reload status: ok >[2007/08/24 16:04:24, 6] param/loadparm.c:lp_file_list_changed(3001) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Aug 24 16:02:59 2007 > >[2007/08/24 16:04:24, 2] lib/interface.c:add_interface(81) > added interface ip=30.1.1.30 bcast=30.1.1.30 nmask=255.255.255.0 >[2007/08/24 16:04:24, 5] lib/util.c:init_names(308) > Netbios name list:- > my_netbios_names[0]="NEMO" >[2007/08/24 16:04:24, 3] smbd/server.c:main(877) > loaded services >[2007/08/24 16:04:24, 3] smbd/server.c:main(892) > Becoming a daemon. >[2007/08/24 16:04:24, 8] lib/util.c:fcntl_lock(1974) > fcntl_lock fd=7 op=13 offset=0 count=1 type=1 >[2007/08/24 16:04:24, 8] lib/util.c:fcntl_lock(1993) > fcntl_lock: Lock call successful >[2007/08/24 16:04:24, 2] lib/tallocmsg.c:register_msg_pool_usage(61) > Registered MSG_REQ_POOL_USAGE >[2007/08/24 16:04:24, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71) > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED >[2007/08/24 16:04:24, 5] passdb/pdb_interface.c:smb_register_passdb(105) > Attempting to register passdb backend ldapsam >[2007/08/24 16:04:24, 5] passdb/pdb_interface.c:smb_register_passdb(118) > Successfully added passdb backend 'ldapsam' >[2007/08/24 16:04:24, 5] passdb/pdb_interface.c:smb_register_passdb(105) > Attempting to register passdb backend ldapsam_compat >[2007/08/24 16:04:24, 5] passdb/pdb_interface.c:smb_register_passdb(118) > Successfully added passdb backend 'ldapsam_compat' >[2007/08/24 16:04:24, 5] passdb/pdb_interface.c:smb_register_passdb(105) > Attempting to register passdb backend NDS_ldapsam >[2007/08/24 16:04:24, 5] passdb/pdb_interface.c:smb_register_passdb(118) > Successfully added passdb backend 'NDS_ldapsam' >[2007/08/24 16:04:24, 5] passdb/pdb_interface.c:smb_register_passdb(105) > Attempting to register passdb backend NDS_ldapsam_compat >[2007/08/24 16:04:24, 5] passdb/pdb_interface.c:smb_register_passdb(118) > Successfully added passdb backend 'NDS_ldapsam_compat' >[2007/08/24 16:04:24, 5] passdb/pdb_interface.c:smb_register_passdb(105) > Attempting to register passdb backend smbpasswd >[2007/08/24 16:04:24, 5] passdb/pdb_interface.c:smb_register_passdb(118) > Successfully added passdb backend 'smbpasswd' >[2007/08/24 16:04:24, 5] passdb/pdb_interface.c:smb_register_passdb(105) > Attempting to register passdb backend tdbsam >[2007/08/24 16:04:24, 5] passdb/pdb_interface.c:smb_register_passdb(118) > Successfully added passdb backend 'tdbsam' >[2007/08/24 16:04:24, 5] passdb/pdb_interface.c:make_pdb_method_name(158) > Attempting to find an passdb backend to match smbpasswd (smbpasswd) >[2007/08/24 16:04:24, 5] passdb/pdb_interface.c:make_pdb_method_name(179) > Found pdb backend smbpasswd >[2007/08/24 16:04:24, 5] passdb/pdb_interface.c:make_pdb_method_name(190) > pdb backend smbpasswd has a valid init >[2007/08/24 16:04:24, 5] lib/gencache.c:gencache_init(60) > Opening cache file at /var/cache/samba/gencache.tdb >[2007/08/24 16:04:24, 5] libsmb/namecache.c:namecache_enable(58) > namecache_enable: enabling netbios namecache, timeout 660 seconds >[2007/08/24 16:04:24, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Print] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] with subkey [Printers] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] with subkey [NULL] >[2007/08/24 16:04:24, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Ports] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] with subkey [NULL] >[2007/08/24 16:04:24, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Print] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM] with subkey [SYSTEM] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Print] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print] with subkey [NULL] >[2007/08/24 16:04:24, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM] with subkey [SYSTEM] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [LanmanServer] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer] with subkey [Shares] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares] with subkey [NULL] >[2007/08/24 16:04:24, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM] with subkey [SYSTEM] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [Eventlog] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] with subkey [NULL] >[2007/08/24 16:04:24, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Perflib] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] with subkey [NULL] >[2007/08/24 16:04:24, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM] with subkey [SOFTWARE] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE] with subkey [Microsoft] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft] with subkey [Windows NT] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT] with subkey [CurrentVersion] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] with subkey [Perflib] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib] with subkey [009] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009] with subkey [NULL] >[2007/08/24 16:04:24, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM] with subkey [SYSTEM] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Print] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print] with subkey [Monitors] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors] with subkey [NULL] >[2007/08/24 16:04:24, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM] with subkey [SYSTEM] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [ProductOptions] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions] with subkey [NULL] >[2007/08/24 16:04:24, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM] with subkey [SYSTEM] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Control] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control] with subkey [Terminal Server] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server] with subkey [DefaultUserConfiguration] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration] with subkey [NULL] >[2007/08/24 16:04:24, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM] with subkey [SYSTEM] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [TcpIp] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\TcpIp] with subkey [Parameters] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters] with subkey [NULL] >[2007/08/24 16:04:24, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM] with subkey [SYSTEM] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM] with subkey [CurrentControlSet] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet] with subkey [Services] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services] with subkey [Netlogon] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon] with subkey [Parameters] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] with subkey [NULL] >[2007/08/24 16:04:24, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKU] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKU] with subkey [NULL] >[2007/08/24 16:04:24, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKCR] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKCR] with subkey [NULL] >[2007/08/24 16:04:24, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKPD] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKPD] with subkey [NULL] >[2007/08/24 16:04:24, 6] registry/reg_db.c:init_registry_data(104) > init_registry_data: Adding [HKPT] >[2007/08/24 16:04:24, 10] registry/reg_db.c:init_registry_data(130) > init_registry_data: Storing key [HKPT] with subkey [NULL] >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_fetch_values(563) > regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports] >[2007/08/24 16:04:24, 8] registry/reg_db.c:regdb_unpack_values(513) > specific: [Samba Printer Port], len: 2 >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_fetch_values(563) > regdb_fetch_values: Looking for value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2007/08/24 16:04:24, 8] registry/reg_db.c:regdb_unpack_values(513) > specific: [DefaultSpoolDirectory], len: 70 >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_fetch_values(563) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2007/08/24 16:04:24, 8] registry/reg_db.c:regdb_unpack_values(513) > specific: [DisplayName], len: 20 >[2007/08/24 16:04:24, 8] registry/reg_db.c:regdb_unpack_values(513) > specific: [ErrorControl], len: 4 >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_fetch_values(563) > regdb_fetch_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog] >[2007/08/24 16:04:24, 8] registry/reg_db.c:regdb_unpack_values(513) > specific: [DisplayName], len: 20 >[2007/08/24 16:04:24, 8] registry/reg_db.c:regdb_unpack_values(513) > specific: [ErrorControl], len: 4 >[2007/08/24 16:04:24, 10] registry/reg_cachehook.c:reghook_cache_add(61) > reghook_cache_add: Adding key [/HKLM/SYSTEM/CurrentControlSet/Control/Print] >[2007/08/24 16:04:24, 8] lib/adt_tree.c:pathtree_add(201) > pathtree_add: Enter >[2007/08/24 16:04:24, 10] lib/adt_tree.c:pathtree_add(268) > pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Control/Print] to tree >[2007/08/24 16:04:24, 8] lib/adt_tree.c:pathtree_add(270) > pathtree_add: Exit >[2007/08/24 16:04:24, 10] registry/reg_cachehook.c:reghook_cache_add(61) > reghook_cache_add: Adding key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] >[2007/08/24 16:04:24, 8] lib/adt_tree.c:pathtree_add(201) > pathtree_add: Enter >[2007/08/24 16:04:24, 10] lib/adt_tree.c:pathtree_add(268) > pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Print/Printers] to tree >[2007/08/24 16:04:24, 8] lib/adt_tree.c:pathtree_add(270) > pathtree_add: Exit >[2007/08/24 16:04:24, 10] registry/reg_cachehook.c:reghook_cache_add(61) > reghook_cache_add: Adding key [/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] >[2007/08/24 16:04:24, 8] lib/adt_tree.c:pathtree_add(201) > pathtree_add: Enter >[2007/08/24 16:04:24, 10] lib/adt_tree.c:pathtree_add(268) > pathtree_add: Successfully added node [HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/Ports] to tree >[2007/08/24 16:04:24, 8] lib/adt_tree.c:pathtree_add(270) > pathtree_add: Exit >[2007/08/24 16:04:24, 10] registry/reg_cachehook.c:reghook_cache_add(61) > reghook_cache_add: Adding key [/HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] >[2007/08/24 16:04:24, 8] lib/adt_tree.c:pathtree_add(201) > pathtree_add: Enter >[2007/08/24 16:04:24, 10] lib/adt_tree.c:pathtree_add(268) > pathtree_add: Successfully added node [HKLM/SYSTEM/CurrentControlSet/Services/LanmanServer/Shares] to tree >[2007/08/24 16:04:24, 8] lib/adt_tree.c:pathtree_add(270) > pathtree_add: Exit >[2007/08/24 16:04:24, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2007/08/24 16:04:24, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2007/08/24 16:04:24, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2007/08/24 16:04:24, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2007/08/24 16:04:24, 5] auth/auth_util.c:debug_unix_user_token(474) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2007/08/24 16:04:24, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) > getsampwnam (smbpasswd): search by name: root >[2007/08/24 16:04:24, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) > startsmbfilepwent_internal: opening file /etc/samba/smbpasswd >[2007/08/24 16:04:24, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) > getsmbfilepwent: end of file reached. >[2007/08/24 16:04:24, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) > endsmbfilepwent_internal: closed password file. >[2007/08/24 16:04:24, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2007/08/24 16:04:24, 5] passdb/pdb_interface.c:pdb_default_uid_to_rid(1217) > pdb_default_uid_to_rid: Did not find user root (0) >[2007/08/24 16:04:24, 10] passdb/lookup_sid.c:uid_to_sid(1099) > uid_to_sid: local 0 -> S-1-22-1-0 >[2007/08/24 16:04:24, 10] passdb/lookup_sid.c:gid_to_sid(1137) > gid_to_sid: local 0 -> S-1-22-2-0 >[2007/08/24 16:04:24, 10] lib/privileges.c:grant_privilege(569) > grant_privilege: S-1-1-0 > original privilege mask: > SE_PRIV 0x0 0x0 0x0 0x0 > new privilege mask: > SE_PRIV 0x0 0x0 0x0 0x0 >[2007/08/24 16:04:24, 10] lib/privileges.c:grant_privilege(569) > grant_privilege: S-1-5-32-548 > original privilege mask: > SE_PRIV 0x0 0x0 0x0 0x0 > new privilege mask: > SE_PRIV 0x0 0x0 0x0 0x0 >[2007/08/24 16:04:24, 10] lib/privileges.c:grant_privilege(569) > grant_privilege: S-1-5-32-549 > original privilege mask: > SE_PRIV 0x0 0x0 0x0 0x0 > new privilege mask: > SE_PRIV 0x0 0x0 0x0 0x0 >[2007/08/24 16:04:24, 10] lib/privileges.c:grant_privilege(569) > grant_privilege: S-1-5-32-550 > original privilege mask: > SE_PRIV 0x0 0x0 0x0 0x0 > new privilege mask: > SE_PRIV 0x0 0x0 0x0 0x0 >[2007/08/24 16:04:24, 10] lib/privileges.c:grant_privilege(569) > grant_privilege: S-1-5-32-551 > original privilege mask: > SE_PRIV 0x0 0x0 0x0 0x0 > new privilege mask: > SE_PRIV 0x0 0x0 0x0 0x0 >[2007/08/24 16:04:24, 10] lib/privileges.c:grant_privilege(569) > grant_privilege: S-1-5-32-544 > original privilege mask: > SE_PRIV 0xff0 0x0 0x0 0x0 > new privilege mask: > SE_PRIV 0xff0 0x0 0x0 0x0 >[2007/08/24 16:04:24, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-22-1-0] >[2007/08/24 16:04:24, 5] lib/privileges.c:get_privileges_for_sids(459) > get_privileges_for_sids: sid = S-1-5-32-544 > Privilege set: > SE_PRIV 0xff0 0x0 0x0 0x0 >[2007/08/24 16:04:24, 5] lib/privileges.c:get_privileges_for_sids(459) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: > SE_PRIV 0x0 0x0 0x0 0x0 >[2007/08/24 16:04:24, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2007/08/24 16:04:24, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_open(248) > regdb_open: incrementing refcount (1) >[2007/08/24 16:04:24, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services] >[2007/08/24 16:04:24, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services] >[2007/08/24 16:04:24, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services] >[2007/08/24 16:04:24, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2007/08/24 16:04:24, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2007/08/24 16:04:24, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. >[2007/08/24 16:04:24, 3] lib/util_seaccess.c:se_access_check(250) >[2007/08/24 16:04:24, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 >[2007/08/24 16:04:24, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (f003f) granted. >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_open(248) > regdb_open: incrementing refcount (2) >[2007/08/24 16:04:24, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2007/08/24 16:04:24, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] >[2007/08/24 16:04:24, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler] >[2007/08/24 16:04:24, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2007/08/24 16:04:24, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2007/08/24 16:04:24, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. >[2007/08/24 16:04:24, 3] lib/util_seaccess.c:se_access_check(250) >[2007/08/24 16:04:24, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 >[2007/08/24 16:04:24, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (f003f) granted. >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_store_values(593) > regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler] >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (2) >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_open(248) > regdb_open: incrementing refcount (2) >[2007/08/24 16:04:24, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2007/08/24 16:04:24, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] >[2007/08/24 16:04:24, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/Spooler/Security] >[2007/08/24 16:04:24, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2007/08/24 16:04:24, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2007/08/24 16:04:24, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. >[2007/08/24 16:04:24, 3] lib/util_seaccess.c:se_access_check(250) >[2007/08/24 16:04:24, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 >[2007/08/24 16:04:24, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (f003f) granted. >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 sec_io_desc sec_desc >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 revision : 0001 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 type : 8004 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 off_owner_sid: 00000000 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 off_grp_sid : 00000000 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c off_sacl : 00000000 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 off_dacl : 00000014 >[2007/08/24 16:04:24, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 sec_io_acl dacl >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 revision: 0002 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 num_aces : 00000004 >[2007/08/24 16:04:24, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00001c sec_io_ace ace_list[00]: >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001c type : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001d flags: 00 >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000020 sec_io_access info >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 mask: 0002018d >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_dom_sid trustee >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0024 sid_rev_num: 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0025 num_auths : 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0026 id_auth[0] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0027 id_auth[1] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0028 id_auth[2] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0029 id_auth[3] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 002a id_auth[4] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 002b id_auth[5] : 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 002c sub_auths : 00000000 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001e size : 0014 >[2007/08/24 16:04:24, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 sec_io_ace ace_list[01]: >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0030 type : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0031 flags: 00 >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000034 sec_io_access info >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 mask: 000201fd >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_dom_sid trustee >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0038 sid_rev_num: 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0039 num_auths : 02 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003a id_auth[0] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003b id_auth[1] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003c id_auth[2] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003d id_auth[3] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003e id_auth[4] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003f id_auth[5] : 05 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0040 sub_auths : 00000020 00000223 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0032 size : 0018 >[2007/08/24 16:04:24, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000048 sec_io_ace ace_list[02]: >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0048 type : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0049 flags: 00 >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00004c sec_io_access info >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c mask: 000f01ff >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_dom_sid trustee >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0050 sid_rev_num: 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0051 num_auths : 02 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0052 id_auth[0] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0053 id_auth[1] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0054 id_auth[2] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0055 id_auth[3] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0056 id_auth[4] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0057 id_auth[5] : 05 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0058 sub_auths : 00000020 00000225 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 004a size : 0018 >[2007/08/24 16:04:24, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000060 sec_io_ace ace_list[03]: >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0060 type : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0061 flags: 00 >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000064 sec_io_access info >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 mask: 000f01ff >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000068 smb_io_dom_sid trustee >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0068 sid_rev_num: 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0069 num_auths : 02 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006a id_auth[0] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006b id_auth[1] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006c id_auth[2] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006d id_auth[3] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006e id_auth[4] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006f id_auth[5] : 05 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0070 sub_auths : 00000020 00000220 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 size : 0018 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 size : 0064 >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_store_values(593) > regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\Spooler\Security] >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (2) >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_open(248) > regdb_open: incrementing refcount (2) >[2007/08/24 16:04:24, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2007/08/24 16:04:24, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] >[2007/08/24 16:04:24, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON] >[2007/08/24 16:04:24, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2007/08/24 16:04:24, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2007/08/24 16:04:24, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. >[2007/08/24 16:04:24, 3] lib/util_seaccess.c:se_access_check(250) >[2007/08/24 16:04:24, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 >[2007/08/24 16:04:24, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (f003f) granted. >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_store_values(593) > regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON] >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (2) >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_open(248) > regdb_open: incrementing refcount (2) >[2007/08/24 16:04:24, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2007/08/24 16:04:24, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] >[2007/08/24 16:04:24, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/NETLOGON/Security] >[2007/08/24 16:04:24, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2007/08/24 16:04:24, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2007/08/24 16:04:24, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. >[2007/08/24 16:04:24, 3] lib/util_seaccess.c:se_access_check(250) >[2007/08/24 16:04:24, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 >[2007/08/24 16:04:24, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (f003f) granted. >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 sec_io_desc sec_desc >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 revision : 0001 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 type : 8004 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 off_owner_sid: 00000000 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 off_grp_sid : 00000000 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c off_sacl : 00000000 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 off_dacl : 00000014 >[2007/08/24 16:04:24, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 sec_io_acl dacl >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 revision: 0002 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 num_aces : 00000004 >[2007/08/24 16:04:24, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00001c sec_io_ace ace_list[00]: >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001c type : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001d flags: 00 >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000020 sec_io_access info >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 mask: 0002018d >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_dom_sid trustee >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0024 sid_rev_num: 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0025 num_auths : 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0026 id_auth[0] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0027 id_auth[1] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0028 id_auth[2] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0029 id_auth[3] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 002a id_auth[4] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 002b id_auth[5] : 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 002c sub_auths : 00000000 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001e size : 0014 >[2007/08/24 16:04:24, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 sec_io_ace ace_list[01]: >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0030 type : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0031 flags: 00 >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000034 sec_io_access info >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 mask: 000201fd >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_dom_sid trustee >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0038 sid_rev_num: 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0039 num_auths : 02 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003a id_auth[0] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003b id_auth[1] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003c id_auth[2] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003d id_auth[3] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003e id_auth[4] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003f id_auth[5] : 05 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0040 sub_auths : 00000020 00000223 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0032 size : 0018 >[2007/08/24 16:04:24, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000048 sec_io_ace ace_list[02]: >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0048 type : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0049 flags: 00 >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00004c sec_io_access info >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c mask: 000f01ff >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_dom_sid trustee >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0050 sid_rev_num: 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0051 num_auths : 02 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0052 id_auth[0] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0053 id_auth[1] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0054 id_auth[2] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0055 id_auth[3] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0056 id_auth[4] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0057 id_auth[5] : 05 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0058 sub_auths : 00000020 00000225 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 004a size : 0018 >[2007/08/24 16:04:24, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000060 sec_io_ace ace_list[03]: >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0060 type : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0061 flags: 00 >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000064 sec_io_access info >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 mask: 000f01ff >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000068 smb_io_dom_sid trustee >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0068 sid_rev_num: 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0069 num_auths : 02 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006a id_auth[0] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006b id_auth[1] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006c id_auth[2] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006d id_auth[3] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006e id_auth[4] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006f id_auth[5] : 05 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0070 sub_auths : 00000020 00000220 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 size : 0018 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 size : 0064 >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_store_values(593) > regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\NETLOGON\Security] >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (2) >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_open(248) > regdb_open: incrementing refcount (2) >[2007/08/24 16:04:24, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2007/08/24 16:04:24, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] >[2007/08/24 16:04:24, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry] >[2007/08/24 16:04:24, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2007/08/24 16:04:24, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2007/08/24 16:04:24, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. >[2007/08/24 16:04:24, 3] lib/util_seaccess.c:se_access_check(250) >[2007/08/24 16:04:24, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 >[2007/08/24 16:04:24, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (f003f) granted. >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_store_values(593) > regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry] >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (2) >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_open(248) > regdb_open: incrementing refcount (2) >[2007/08/24 16:04:24, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2007/08/24 16:04:24, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] >[2007/08/24 16:04:24, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Security] >[2007/08/24 16:04:24, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2007/08/24 16:04:24, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2007/08/24 16:04:24, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. >[2007/08/24 16:04:24, 3] lib/util_seaccess.c:se_access_check(250) >[2007/08/24 16:04:24, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 >[2007/08/24 16:04:24, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (f003f) granted. >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 sec_io_desc sec_desc >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 revision : 0001 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 type : 8004 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 off_owner_sid: 00000000 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 off_grp_sid : 00000000 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c off_sacl : 00000000 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 off_dacl : 00000014 >[2007/08/24 16:04:24, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 sec_io_acl dacl >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 revision: 0002 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 num_aces : 00000004 >[2007/08/24 16:04:24, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00001c sec_io_ace ace_list[00]: >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001c type : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001d flags: 00 >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000020 sec_io_access info >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 mask: 0002018d >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_dom_sid trustee >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0024 sid_rev_num: 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0025 num_auths : 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0026 id_auth[0] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0027 id_auth[1] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0028 id_auth[2] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0029 id_auth[3] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 002a id_auth[4] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 002b id_auth[5] : 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 002c sub_auths : 00000000 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001e size : 0014 >[2007/08/24 16:04:24, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 sec_io_ace ace_list[01]: >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0030 type : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0031 flags: 00 >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000034 sec_io_access info >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 mask: 000201fd >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_dom_sid trustee >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0038 sid_rev_num: 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0039 num_auths : 02 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003a id_auth[0] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003b id_auth[1] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003c id_auth[2] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003d id_auth[3] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003e id_auth[4] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003f id_auth[5] : 05 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0040 sub_auths : 00000020 00000223 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0032 size : 0018 >[2007/08/24 16:04:24, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000048 sec_io_ace ace_list[02]: >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0048 type : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0049 flags: 00 >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00004c sec_io_access info >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c mask: 000f01ff >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_dom_sid trustee >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0050 sid_rev_num: 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0051 num_auths : 02 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0052 id_auth[0] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0053 id_auth[1] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0054 id_auth[2] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0055 id_auth[3] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0056 id_auth[4] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0057 id_auth[5] : 05 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0058 sub_auths : 00000020 00000225 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 004a size : 0018 >[2007/08/24 16:04:24, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000060 sec_io_ace ace_list[03]: >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0060 type : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0061 flags: 00 >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000064 sec_io_access info >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 mask: 000f01ff >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000068 smb_io_dom_sid trustee >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0068 sid_rev_num: 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0069 num_auths : 02 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006a id_auth[0] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006b id_auth[1] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006c id_auth[2] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006d id_auth[3] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006e id_auth[4] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006f id_auth[5] : 05 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0070 sub_auths : 00000020 00000220 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 size : 0018 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 size : 0064 >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_store_values(593) > regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (2) >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_open(248) > regdb_open: incrementing refcount (2) >[2007/08/24 16:04:24, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2007/08/24 16:04:24, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] >[2007/08/24 16:04:24, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS] >[2007/08/24 16:04:24, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2007/08/24 16:04:24, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2007/08/24 16:04:24, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. >[2007/08/24 16:04:24, 3] lib/util_seaccess.c:se_access_check(250) >[2007/08/24 16:04:24, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 >[2007/08/24 16:04:24, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (f003f) granted. >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_store_values(593) > regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS] >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (2) >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_open(248) > regdb_open: incrementing refcount (2) >[2007/08/24 16:04:24, 7] registry/reg_frontend.c:regkey_open_internal(359) > regkey_open_internal: name = [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2007/08/24 16:04:24, 10] registry/reg_cachehook.c:reghook_cache_find(95) > reghook_cache_find: Searching for keyname [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] >[2007/08/24 16:04:24, 10] lib/adt_tree.c:pathtree_find(341) > pathtree_find: Enter [/HKLM/SYSTEM/CurrentControlSet/Services/WINS/Security] >[2007/08/24 16:04:24, 10] lib/adt_tree.c:pathtree_find(413) > pathtree_find: Exit >[2007/08/24 16:04:24, 5] registry/reg_frontend.c:registry_access_check(59) > registry_access_check: using root's token >[2007/08/24 16:04:24, 10] lib/util_seaccess.c:se_access_check(233) > se_access_check: requested access 0x000f003f, for NT token with 5 entries and first sid S-1-22-1-0. >[2007/08/24 16:04:24, 3] lib/util_seaccess.c:se_access_check(250) >[2007/08/24 16:04:24, 3] lib/util_seaccess.c:se_access_check(251) > se_access_check: user sid is S-1-22-1-0 > se_access_check: also S-1-5-32-544 > se_access_check: also S-1-1-0 > se_access_check: also S-1-5-2 > se_access_check: also S-1-5-11 > se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20019, current desired = f003f > se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f003f, current desired = d0026 >[2007/08/24 16:04:24, 5] lib/util_seaccess.c:se_access_check(308) > se_access_check: access (f003f) granted. >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 sec_io_desc sec_desc >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0000 revision : 0001 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0002 type : 8004 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 off_owner_sid: 00000000 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 off_grp_sid : 00000000 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c off_sacl : 00000000 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 off_dacl : 00000014 >[2007/08/24 16:04:24, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000014 sec_io_acl dacl >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0014 revision: 0002 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 num_aces : 00000004 >[2007/08/24 16:04:24, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00001c sec_io_ace ace_list[00]: >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001c type : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 001d flags: 00 >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000020 sec_io_access info >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 mask: 0002018d >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000024 smb_io_dom_sid trustee >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0024 sid_rev_num: 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0025 num_auths : 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0026 id_auth[0] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0027 id_auth[1] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0028 id_auth[2] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0029 id_auth[3] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 002a id_auth[4] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 002b id_auth[5] : 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 002c sub_auths : 00000000 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 001e size : 0014 >[2007/08/24 16:04:24, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000030 sec_io_ace ace_list[01]: >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0030 type : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0031 flags: 00 >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000034 sec_io_access info >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 mask: 000201fd >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_dom_sid trustee >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0038 sid_rev_num: 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0039 num_auths : 02 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003a id_auth[0] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003b id_auth[1] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003c id_auth[2] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003d id_auth[3] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003e id_auth[4] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003f id_auth[5] : 05 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0040 sub_auths : 00000020 00000223 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0032 size : 0018 >[2007/08/24 16:04:24, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000048 sec_io_ace ace_list[02]: >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0048 type : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0049 flags: 00 >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 00004c sec_io_access info >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c mask: 000f01ff >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_dom_sid trustee >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0050 sid_rev_num: 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0051 num_auths : 02 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0052 id_auth[0] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0053 id_auth[1] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0054 id_auth[2] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0055 id_auth[3] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0056 id_auth[4] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0057 id_auth[5] : 05 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0058 sub_auths : 00000020 00000225 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 004a size : 0018 >[2007/08/24 16:04:24, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000060 sec_io_ace ace_list[03]: >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0060 type : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0061 flags: 00 >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000064 sec_io_access info >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 mask: 000f01ff >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000068 smb_io_dom_sid trustee >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0068 sid_rev_num: 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0069 num_auths : 02 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006a id_auth[0] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006b id_auth[1] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006c id_auth[2] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006d id_auth[3] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006e id_auth[4] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006f id_auth[5] : 05 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0070 sub_auths : 00000020 00000220 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 size : 0018 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0016 size : 0064 >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_store_values(593) > regdb_store_values: Looking for value of key [HKLM\SYSTEM\CurrentControlSet\Services\WINS\Security] >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (2) >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (1) >[2007/08/24 16:04:24, 10] registry/reg_db.c:regdb_close(279) > regdb_close: decrementing refcount (0) >[2007/08/24 16:04:24, 10] printing/nt_printing.c:update_c_setprinter(710) > update_c_setprinter: c_setprinter = 0 >[2007/08/24 16:04:24, 6] libads/ldap.c:ads_find_dc(224) > ads_find_dc: looking for realm 'WINDOWS.DOMAIN' >[2007/08/24 16:04:24, 8] libsmb/namequery.c:get_sorted_dc_list(1551) > get_sorted_dc_list: attempting lookup using [ads] >[2007/08/24 16:04:24, 10] lib/gencache.c:gencache_get(312) > Cache entry with key = SAF/DOMAIN/WINDOWS.DOMAIN couldn't be found >[2007/08/24 16:04:24, 5] libsmb/namequery.c:saf_fetch(105) > saf_fetch: failed to find server for "WINDOWS.DOMAIN" domain >[2007/08/24 16:04:24, 3] libsmb/namequery.c:get_dc_list(1426) > get_dc_list: preferred server list: ", *" >[2007/08/24 16:04:24, 10] libsmb/namequery.c:internal_resolve_name(1132) > internal_resolve_name: looking up WINDOWS.DOMAIN#1c >[2007/08/24 16:04:24, 10] lib/gencache.c:gencache_get(287) > Returning valid cache entry: key = NBT/WINDOWS.DOMAIN#1C, value = 30.1.1.30:389,30.1.1.31:389, timeout = Fri Aug 24 16:12:46 2007 >[2007/08/24 16:04:24, 5] libsmb/namecache.c:namecache_fetch(201) > name WINDOWS.DOMAIN#1C found. >[2007/08/24 16:04:24, 8] libsmb/namequery.c:get_dc_list(1441) > Adding 2 DC's from auto lookup >[2007/08/24 16:04:24, 10] libsmb/namequery.c:remove_duplicate_addrs2(408) > remove_duplicate_addrs2: looking for duplicate address/port pairs >[2007/08/24 16:04:24, 4] libsmb/namequery.c:get_dc_list(1529) > get_dc_list: returning 2 ip addresses in an ordered list >[2007/08/24 16:04:24, 4] libsmb/namequery.c:get_dc_list(1530) > get_dc_list: 30.1.1.212:389 30.1.1.213:389 >[2007/08/24 16:04:24, 5] libads/ldap.c:ads_try_connect(127) > ads_try_connect: sending CLDAP request to 30.1.1.212 (realm: WINDOWS.DOMAIN) >[2007/08/24 16:04:24, 10] libsmb/namequery.c:saf_store(71) > saf_store: domain = [WINDOWS], server = [30.1.1.212], expire = [1187997564] >[2007/08/24 16:04:24, 10] lib/gencache.c:gencache_set(131) > Adding cache entry with key = SAF/DOMAIN/WINDOWS; value = 30.1.1.212 and timeout = Fri Aug 24 16:19:24 2007 > (900 seconds ahead) >[2007/08/24 16:04:24, 3] libads/ldap.c:ads_connect(287) > Connected to LDAP server 30.1.1.212 >[2007/08/24 16:04:24, 4] libads/ldap.c:ads_current_time(2262) > time offset is 108 seconds >[2007/08/24 16:04:24, 4] libads/sasl.c:ads_sasl_bind(468) > Found SASL mechanism GSS-SPNEGO >[2007/08/24 16:04:24, 3] libads/sasl.c:ads_sasl_spnego_bind(210) > ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 >[2007/08/24 16:04:24, 3] libads/sasl.c:ads_sasl_spnego_bind(210) > ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 >[2007/08/24 16:04:24, 3] libads/sasl.c:ads_sasl_spnego_bind(210) > ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 >[2007/08/24 16:04:24, 3] libads/sasl.c:ads_sasl_spnego_bind(210) > ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 >[2007/08/24 16:04:24, 3] libads/sasl.c:ads_sasl_spnego_bind(219) > ads_sasl_spnego_bind: got server principal name =urchin$@WINDOWS.DOMAIN >[2007/08/24 16:04:24, 3] libsmb/clikrb5.c:ads_krb5_mk_req(552) > ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) >[2007/08/24 16:04:24, 10] libads/kerberos.c:kerberos_kinit_password_ext(89) > kerberos_kinit_password: using MEMORY:prtpub_cache as ccache >[2007/08/24 16:04:24, 4] libsmb/clikrb5.c:ads_krb5_mk_req(568) > ads_krb5_mk_req: Advancing clock by 108 seconds to cope with clock skew >[2007/08/24 16:04:24, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(488) > ads_cleanup_expired_creds: Ticket in ccache[MEMORY:prtpub_cache] expiration Sat, 25 Aug 2007 02:06:12 PDT >[2007/08/24 16:04:24, 10] libsmb/clikrb5.c:ads_krb5_mk_req(581) > ads_krb5_mk_req: Ticket (urchin$@WINDOWS.DOMAIN) in ccache (MEMORY:prtpub_cache) is valid until: (Sat, 25 Aug 2007 02:06:12 PDT - 1188032772) >[2007/08/24 16:04:24, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(685) > Got KRB5 session key of length 16 >[2007/08/24 16:04:24, 10] printing/nt_printing.c:get_a_printer(4337) > get_a_printer: [printers] level 2 >[2007/08/24 16:04:24, 10] printing/nt_printing.c:get_a_printer_2_default(3664) > get_a_printer_2_default: driver name set to [] >[2007/08/24 16:04:24, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000000 sec_io_desc_buf nt_printing_getsec >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 max_len: 000000c8 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 ptr : 00000001 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 len : 000000c8 >[2007/08/24 16:04:24, 7] rpc_parse/parse_prs.c:prs_debug(84) > 00000c sec_io_desc sec >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000c revision : 0001 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 000e type : 8004 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 off_owner_sid: 000000a8 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 off_grp_sid : 000000b8 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 off_sacl : 00000000 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c off_dacl : 00000014 >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 0000b4 smb_io_dom_sid owner_sid >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00b4 sid_rev_num: 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00b5 num_auths : 02 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00b6 id_auth[0] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00b7 id_auth[1] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00b8 id_auth[2] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00b9 id_auth[3] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00ba id_auth[4] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00bb id_auth[5] : 05 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 00bc sub_auths : 00000020 00000220 >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 0000c4 smb_io_dom_sid grp_sid >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00c4 sid_rev_num: 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00c5 num_auths : 02 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00c6 id_auth[0] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00c7 id_auth[1] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00c8 id_auth[2] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00c9 id_auth[3] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00ca id_auth[4] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00cb id_auth[5] : 05 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 00cc sub_auths : 00000020 00000220 >[2007/08/24 16:04:24, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000020 sec_io_acl dacl >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0020 revision: 0002 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0022 size : 0094 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 num_aces : 00000005 >[2007/08/24 16:04:24, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000028 sec_io_ace ace_list[00]: >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0028 type : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0029 flags: 02 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 002a size : 0014 >[2007/08/24 16:04:24, 10] rpc_parse/parse_prs.c:prs_debug(84) > 00002c sec_io_access info >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c mask: 20020008 >[2007/08/24 16:04:24, 10] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_dom_sid trustee >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0030 sid_rev_num: 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0031 num_auths : 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0032 id_auth[0] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0033 id_auth[1] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0034 id_auth[2] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0035 id_auth[3] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0036 id_auth[4] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0037 id_auth[5] : 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0038 sub_auths : 00000000 >[2007/08/24 16:04:24, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00003c sec_io_ace ace_list[01]: >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003c type : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 003d flags: 09 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003e size : 0024 >[2007/08/24 16:04:24, 10] rpc_parse/parse_prs.c:prs_debug(84) > 000040 sec_io_access info >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 mask: 100f000c >[2007/08/24 16:04:24, 10] rpc_parse/parse_prs.c:prs_debug(84) > 000044 smb_io_dom_sid trustee >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0044 sid_rev_num: 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0045 num_auths : 05 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0046 id_auth[0] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0047 id_auth[1] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0048 id_auth[2] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0049 id_auth[3] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 004a id_auth[4] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 004b id_auth[5] : 05 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 004c sub_auths : 00000015 8ed5687a 8784e9f2 e426939e 000001f4 >[2007/08/24 16:04:24, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000060 sec_io_ace ace_list[02]: >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0060 type : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0061 flags: 02 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 size : 0024 >[2007/08/24 16:04:24, 10] rpc_parse/parse_prs.c:prs_debug(84) > 000064 sec_io_access info >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 mask: 100f000c >[2007/08/24 16:04:24, 10] rpc_parse/parse_prs.c:prs_debug(84) > 000068 smb_io_dom_sid trustee >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0068 sid_rev_num: 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0069 num_auths : 05 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006a id_auth[0] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006b id_auth[1] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006c id_auth[2] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006d id_auth[3] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006e id_auth[4] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 006f id_auth[5] : 05 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0070 sub_auths : 00000015 8ed5687a 8784e9f2 e426939e 000001f4 >[2007/08/24 16:04:24, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000084 sec_io_ace ace_list[03]: >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0084 type : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0085 flags: 09 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0086 size : 0018 >[2007/08/24 16:04:24, 10] rpc_parse/parse_prs.c:prs_debug(84) > 000088 sec_io_access info >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0088 mask: 100f000c >[2007/08/24 16:04:24, 10] rpc_parse/parse_prs.c:prs_debug(84) > 00008c smb_io_dom_sid trustee >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 008c sid_rev_num: 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 008d num_auths : 02 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 008e id_auth[0] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 008f id_auth[1] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0090 id_auth[2] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0091 id_auth[3] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0092 id_auth[4] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0093 id_auth[5] : 05 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0094 sub_auths : 00000020 00000220 >[2007/08/24 16:04:24, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00009c sec_io_ace ace_list[04]: >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 009c type : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 009d flags: 02 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009e size : 0018 >[2007/08/24 16:04:24, 10] rpc_parse/parse_prs.c:prs_debug(84) > 0000a0 sec_io_access info >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a0 mask: 100f000c >[2007/08/24 16:04:24, 10] rpc_parse/parse_prs.c:prs_debug(84) > 0000a4 smb_io_dom_sid trustee >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a4 sid_rev_num: 01 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a5 num_auths : 02 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a6 id_auth[0] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a7 id_auth[1] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a8 id_auth[2] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00a9 id_auth[3] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00aa id_auth[4] : 00 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 00ab id_auth[5] : 05 >[2007/08/24 16:04:24, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 00ac sub_auths : 00000020 00000220 >[2007/08/24 16:04:24, 10] printing/nt_printing.c:nt_printing_getsec(5241) > secdesc_ctr for printers has 5 aces: >[2007/08/24 16:04:24, 10] printing/nt_printing.c:nt_printing_getsec(5250) > S-1-1-0 0 2 0x20020008 >[2007/08/24 16:04:24, 10] printing/nt_printing.c:nt_printing_getsec(5250) > S-1-5-21-2396350586-2273634802-3827733406-500 0 9 0x100f000c >[2007/08/24 16:04:24, 10] printing/nt_printing.c:nt_printing_getsec(5250) > S-1-5-21-2396350586-2273634802-3827733406-500 0 2 0x100f000c >[2007/08/24 16:04:24, 10] printing/nt_printing.c:nt_printing_getsec(5250) > S-1-5-32-544 0 9 0x100f000c >[2007/08/24 16:04:24, 10] printing/nt_printing.c:nt_printing_getsec(5250) > S-1-5-32-544 0 2 0x100f000c >[2007/08/24 16:04:24, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2007/08/24 16:04:24, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2007/08/24 16:04:24, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2007/08/24 16:04:24, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2007/08/24 16:04:24, 5] auth/auth_util.c:debug_unix_user_token(474) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2007/08/24 16:04:24, 6] passdb/pdb_interface.c:pdb_getsampwsid(320) > pdb_getsampwsid: Building guest account >[2007/08/24 16:04:24, 10] passdb/pdb_get_set.c:pdb_set_username(534) > pdb_set_username: setting username nobody, was >[2007/08/24 16:04:24, 10] passdb/pdb_get_set.c:pdb_set_fullname(603) > pdb_set_full_name: setting full name Nobody, was >[2007/08/24 16:04:24, 10] passdb/pdb_get_set.c:pdb_set_domain(557) > pdb_set_domain: setting domain NEMO, was >[2007/08/24 16:04:24, 10] passdb/pdb_get_set.c:pdb_set_user_sid(463) > pdb_set_user_sid: setting user sid S-1-5-21-2317696774-568249013-3226904080-501 >[2007/08/24 16:04:24, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-2317696774-568249013-3226904080-501 from rid 501 >[2007/08/24 16:04:24, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2007/08/24 16:04:24, 10] lib/util_pw.c:getpwnam_alloc(76) > Got nobody from pwnam_cache >[2007/08/24 16:04:24, 10] lib/util_pw.c:getpwnam_alloc(76) > Got nobody from pwnam_cache >[2007/08/24 16:04:24, 10] lib/system_smbd.c:sys_getgrouplist(125) > sys_getgrouplist: user [nobody] >[2007/08/24 16:04:24, 10] passdb/lookup_sid.c:gid_to_sid(1137) > gid_to_sid: local 99 -> S-1-22-2-99 >[2007/08/24 16:04:24, 5] auth/auth_util.c:make_server_info_sam(625) > make_server_info_sam: made server info for user nobody -> nobody >[2007/08/24 16:04:24, 10] passdb/lookup_sid.c:lookup_name(64) > lookup_name: NEMO\nobody => NEMO (domain), nobody (name) >[2007/08/24 16:04:24, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2007/08/24 16:04:24, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2007/08/24 16:04:24, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2007/08/24 16:04:24, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2007/08/24 16:04:24, 5] auth/auth_util.c:debug_unix_user_token(474) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2007/08/24 16:04:24, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1313) > getsampwnam (smbpasswd): search by name: nobody >[2007/08/24 16:04:24, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(184) > startsmbfilepwent_internal: opening file /etc/samba/smbpasswd >[2007/08/24 16:04:24, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(539) > getsmbfilepwent: end of file reached. >[2007/08/24 16:04:24, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(301) > endsmbfilepwent_internal: closed password file. >[2007/08/24 16:04:24, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2007/08/24 16:04:24, 3] smbd/sec_ctx.c:push_sec_ctx(208) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2007/08/24 16:04:24, 3] smbd/uid.c:push_conn_ctx(345) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2007/08/24 16:04:24, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2007/08/24 16:04:24, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2007/08/24 16:04:24, 5] auth/auth_util.c:debug_unix_user_token(474) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2007/08/24 16:04:24, 3] smbd/sec_ctx.c:pop_sec_ctx(339) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2007/08/24 16:04:24, 10] passdb/lookup_sid.c:lookup_name(64) > lookup_name: Unix User\nobody => Unix User (domain), nobody (name) >[2007/08/24 16:04:24, 10] lib/util_pw.c:getpwnam_alloc(76) > Got nobody from pwnam_cache >[2007/08/24 16:04:24, 10] passdb/lookup_sid.c:sid_to_uid(1210) > sid_to_uid: S-1-22-1-99 -> 99 >[2007/08/24 16:04:24, 10] lib/system_smbd.c:sys_getgrouplist(125) > sys_getgrouplist: user [nobody] >[2007/08/24 16:04:24, 10] passdb/lookup_sid.c:gid_to_sid(1137) > gid_to_sid: local 99 -> S-1-22-2-99 >[2007/08/24 16:04:24, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-22-1-99] >[2007/08/24 16:04:24, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-22-2-99] >[2007/08/24 16:04:24, 5] lib/privileges.c:get_privileges_for_sids(459) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: > SE_PRIV 0x0 0x0 0x0 0x0 >[2007/08/24 16:04:24, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2007/08/24 16:04:24, 3] lib/privileges.c:get_privileges(261) > get_privileges: No privileges assigned to SID [S-1-5-32-546] >[2007/08/24 16:04:24, 10] passdb/lookup_sid.c:sid_to_gid(1295) > sid_to_gid: S-1-22-2-99 -> 99 >[2007/08/24 16:04:24, 10] auth/auth_util.c:create_local_token(1023) > Could not convert SID S-1-1-0 to gid, ignoring it >[2007/08/24 16:04:24, 10] auth/auth_util.c:create_local_token(1023) > Could not convert SID S-1-5-2 to gid, ignoring it >[2007/08/24 16:04:24, 10] auth/auth_util.c:create_local_token(1023) > Could not convert SID S-1-5-32-546 to gid, ignoring it >[2007/08/24 16:04:24, 10] auth/auth_util.c:debug_nt_user_token(454) > NT user token of user S-1-22-1-99 > contains 5 SIDs > SID[ 0]: S-1-22-1-99 > SID[ 1]: S-1-22-2-99 > SID[ 2]: S-1-1-0 > SID[ 3]: S-1-5-2 > SID[ 4]: S-1-5-32-546 > SE_PRIV 0x0 0x0 0x0 0x0 >[2007/08/24 16:04:24, 5] smbd/connection.c:claim_connection(170) > claiming 0 >[2007/08/24 16:04:24, 3] printing/printing.c:start_background_queue(1386) > start_background_queue: Starting background LPQ thread >[2007/08/24 16:04:24, 5] printing/printing.c:start_background_queue(1396) > start_background_queue: background LPQ thread started >[2007/08/24 16:04:24, 5] smbd/connection.c:claim_connection(170) > claiming smbd lpq backend 0 >[2007/08/24 16:04:24, 5] printing/printing.c:start_background_queue(1407) > start_background_queue: background LPQ thread waiting for messages >[2007/08/24 16:04:24, 10] lib/util_sock.c:open_socket_in(839) > bind succeeded on port 445 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 0 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 16384 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 87380 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 16384 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 87380 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2007/08/24 16:04:24, 10] lib/util_sock.c:open_socket_in(839) > bind succeeded on port 139 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 0 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 16384 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 87380 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 16384 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 87380 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2007/08/24 16:04:24, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2007/08/24 16:04:24, 2] smbd/server.c:open_sockets_smbd(384) > waiting for a connection >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 16384 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 87380 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 16384 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 87380 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2007/08/24 16:04:29, 6] param/loadparm.c:lp_file_list_changed(3001) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Aug 24 16:02:59 2007 > >[2007/08/24 16:04:29, 3] smbd/oplock.c:init_oplocks(862) > open_oplock_ipc: initializing messages. >[2007/08/24 16:04:29, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(260) > Linux kernel oplocks enabled >[2007/08/24 16:04:29, 4] lib/time.c:TimeInit(136) > TimeInit: Serverzone is 25200 >[2007/08/24 16:04:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2007/08/24 16:04:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 133 >[2007/08/24 16:04:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x85 >[2007/08/24 16:04:29, 3] smbd/process.c:process_smb(1110) > Transaction 0 of length 137 >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(500) >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(510) > size=133 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51283 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=0 > smb_bcc=98 >[2007/08/24 16:04:29, 10] lib/util.c:dump_data(2237) > [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG > [010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 > [020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for > [030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. > [040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM > [050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 > [060] 32 00 2. >[2007/08/24 16:04:29, 3] smbd/process.c:switch_message(914) > switch message SMBnegprot (pid 8788) conn 0x0 >[2007/08/24 16:04:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2007/08/24 16:04:29, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2007/08/24 16:04:29, 5] auth/auth_util.c:debug_unix_user_token(474) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2007/08/24 16:04:29, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(487) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(487) > Requested protocol [LANMAN1.0] >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(487) > Requested protocol [Windows for Workgroups 3.1a] >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(487) > Requested protocol [LM1.2X002] >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(487) > Requested protocol [LANMAN2.1] >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(487) > Requested protocol [NT LM 0.12] >[2007/08/24 16:04:29, 10] lib/util.c:set_remote_arch(2212) > set_remote_arch: Client arch is 'Win2K' >[2007/08/24 16:04:29, 6] param/loadparm.c:lp_file_list_changed(3001) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Aug 24 16:02:59 2007 > >[2007/08/24 16:04:29, 5] smbd/connection.c:claim_connection(170) > claiming 0 >[2007/08/24 16:04:29, 6] param/loadparm.c:lp_file_list_changed(3001) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Aug 24 16:02:59 2007 > >[2007/08/24 16:04:29, 10] lib/util.c:name_to_fqdn(2854) > name_to_fqdn: lookup for NEMO -> NEMO.redseal.net. >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_nt1(357) > using SPNEGO >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(580) > Selected protocol NT LM 0.12 >[2007/08/24 16:04:29, 5] smbd/negprot.c:reply_negprot(586) > negprot index=5 >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(500) >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(510) > size=175 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=17 > smb_vwv[ 0]= 5 (0x5) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=21504 (0x5400) > smb_vwv[ 8]= 34 (0x22) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]=33011 (0x80F3) > smb_vwv[11]=32896 (0x8080) > smb_vwv[12]=48828 (0xBEBC) > smb_vwv[13]=41759 (0xA31F) > smb_vwv[14]=51174 (0xC7E6) > smb_vwv[15]=41985 (0xA401) > smb_vwv[16]=27137 (0x6A01) > smb_bcc=106 >[2007/08/24 16:04:29, 10] lib/util.c:dump_data(2237) > [000] 6E 65 6D 6F 00 00 00 00 00 00 00 00 00 00 00 00 nemo.... ........ > [010] 60 58 06 06 2B 06 01 05 05 02 A0 4E 30 4C A0 24 `X..+... ...N0L.$ > [020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. .......* > [030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H...... ..+..... > [040] 37 02 02 0A A3 24 30 22 A0 20 1B 1E 63 69 66 73 7....$0" . ..cifs > [050] 2F 6E 65 6D 6F 2E 72 65 64 73 65 61 6C 2E 6E 65 /nemo.re dseal.ne > [060] 74 40 52 53 2E 4C 4F 43 41 4C t@WINDOWS.DOMAIN >[2007/08/24 16:04:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2007/08/24 16:04:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 1422 >[2007/08/24 16:04:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x58e >[2007/08/24 16:04:29, 3] smbd/process.c:process_smb(1110) > Transaction 1 of length 1426 >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(500) >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(510) > size=1422 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=64 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 1422 (0x58E) > smb_vwv[ 2]=16644 (0x4104) > smb_vwv[ 3]= 50 (0x32) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 1261 (0x4ED) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 212 (0xD4) > smb_vwv[11]=40960 (0xA000) > smb_bcc=1363 >[2007/08/24 16:04:29, 10] lib/util.c:dump_data(2237) > [000] 60 82 04 E9 06 06 2B 06 01 05 05 02 A0 82 04 DD `.....+. ........ > [010] 30 82 04 D9 A0 24 30 22 06 09 2A 86 48 82 F7 12 0....$0" ..*.H... > [020] 01 02 02 06 09 2A 86 48 86 F7 12 01 02 02 06 0A .....*.H ........ > [030] 2B 06 01 04 01 82 37 02 02 0A A2 82 04 AF 04 82 +.....7. ........ > [040] 04 AB 60 82 04 A7 06 09 2A 86 48 86 F7 12 01 02 ..`..... *.H..... > [050] 02 01 00 6E 82 04 96 30 82 04 92 A0 03 02 01 05 ...n...0 ........ > [060] A1 03 02 01 0E A2 07 03 05 00 20 00 00 00 A3 82 ........ .. ..... > [070] 03 C0 61 82 03 BC 30 82 03 B8 A0 03 02 01 05 A1 ..a...0. ........ > [080] 0A 1B 08 52 53 2E 4C 4F 43 41 4C A2 23 30 21 A0 ...WINDOWS.DOMAIN.#0!. > [090] 03 02 01 02 A1 1A 30 18 1B 04 63 69 66 73 1B 10 ......0. ..cifs.. > [0A0] 6E 65 6D 6F 2E 72 65 64 73 65 61 6C 2E 6E 65 74 nemo.red seal.net > [0B0] A3 82 03 7E 30 82 03 7A A0 03 02 01 17 A1 03 02 ...~0..z ........ > [0C0] 01 02 A2 82 03 6C 04 82 03 68 68 FF 1B 86 BD 7A .....l.. .hh....z > [0D0] 91 07 8B 65 FA 30 EA 65 6B A5 DB 0C A8 95 8A 8C ...e.0.e k....... > [0E0] 83 91 84 16 8B D4 3B 9F AB 2A 70 EA 44 86 23 75 ......;. .*p.D.#u > [0F0] CF 4E 6F CA 57 17 A3 48 3E BF 44 92 D1 C3 B9 99 .No.W..H >.D..... > [100] 73 A7 73 78 F0 68 AA 8F 3F 8B AA AC CF CD AE 53 s.sx.h.. ?......S > [110] 48 B8 2B D9 DD F7 F6 11 11 56 9D 0F 79 8B C9 0E H.+..... .V..y... > [120] 91 56 41 FC B8 F0 37 10 8B 65 6C 1A 4A A8 D8 42 .VA...7. .el.J..B > [130] 32 14 15 72 05 C2 9B F0 D4 E4 80 44 50 60 53 78 2..r.... ...DP`Sx > [140] A8 FD ED 72 DA 40 AE D6 1B 1F A0 A1 67 1E F5 7D ...r.@.. ....g..} > [150] B7 A0 7C DD CF A1 04 0D 9C 3E 28 9D C2 B4 88 0F ..|..... .>(..... > [160] 18 05 95 AF 96 C8 4B D9 B6 52 42 E6 0B 0A 0C 76 ......K. .RB....v > [170] 50 01 02 60 9D 8C 6F A7 AF EA CD AA 86 9F 1E EE P..`..o. ........ > [180] 61 CF 20 DE F2 B9 16 FB 7C 00 80 55 8D 54 AE 60 a. ..... |..U.T.` > [190] 0A FC 4B CB 13 23 B5 30 9B 55 F7 47 55 03 9B F8 ..K..#.0 .U.GU... > [1A0] 5F A3 09 8B C9 27 FC CE 28 67 B4 F8 C0 98 3D 8D _....'.. (g....=. > [1B0] 8D 0B C4 6E 11 AE 2D CA 33 9E A4 D1 B9 69 AA 34 ...n..-. 3....i.4 > [1C0] ED 7D 4D AE FD 0B 14 5C 20 9B 37 D4 76 FE DF 94 .}M....\ .7.v... > [1D0] 7A 06 76 B6 B7 6B DB 6F 6C B4 12 B0 15 76 33 7D z.v..k.o l....v3} > [1E0] B9 6C 1C 4B 01 FB E4 46 02 11 25 91 05 8A 91 17 .l.K...F ..%..... > [1F0] 75 D6 30 91 B0 A5 49 EF C2 79 82 8E 50 30 94 89 u.0...I. .y..P0.. >[2007/08/24 16:04:29, 3] smbd/process.c:switch_message(914) > switch message SMBsesssetupX (pid 8788) conn 0x0 >[2007/08/24 16:04:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2007/08/24 16:04:29, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2007/08/24 16:04:29, 5] auth/auth_util.c:debug_unix_user_token(474) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2007/08/24 16:04:29, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849) > wct=12 flg2=0xc807 >[2007/08/24 16:04:29, 2] smbd/sesssetup.c:setup_new_vc_session(799) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660) > Doing spnego session setup >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691) > NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] >[2007/08/24 16:04:29, 10] lib/util.c:set_remote_arch(2212) > set_remote_arch: Client arch is 'WinXP' >[2007/08/24 16:04:29, 10] smbd/password.c:register_vuid(186) > register_vuid: allocated vuid = 100 >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_spnego_negotiate(551) > Got OID 1 2 840 48018 1 2 2 >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_spnego_negotiate(551) > Got OID 1 2 840 113554 1 2 2 >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_spnego_negotiate(551) > Got OID 1 3 6 1 4 1 311 2 2 10 >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_spnego_negotiate(554) > Got secblob of size 1195 >[2007/08/24 16:04:29, 10] passdb/secrets.c:secrets_named_mutex(779) > secrets_named_mutex: got mutex for replay cache mutex >[2007/08/24 16:04:29, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(261) > ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type >[2007/08/24 16:04:29, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(261) > ads_secrets_verify_ticket: enc type [3] failed to decrypt with error Bad encryption type >[2007/08/24 16:04:29, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(252) > ads_secrets_verify_ticket: enc type [23] decrypted message ! >[2007/08/24 16:04:29, 10] passdb/secrets.c:secrets_named_mutex_release(791) > secrets_named_mutex: released mutex for replay cache mutex >[2007/08/24 16:04:29, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(685) > Got KRB5 session key of length 16 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 pac_io_pac_data pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 num_buffers: 00000004 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 version: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 pac_io_pac_info_hdr pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 type: 00000001 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c size: 000001e8 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 offset: 00000048 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 offsethi: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 pac_io_pac_info_hdr pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 type: 0000000a >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c size: 00000018 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 offset: 00000230 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 offsethi: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000028 pac_io_pac_info_hdr pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 type: 00000006 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c size: 00000014 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 offset: 00000248 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 offsethi: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000038 pac_io_pac_info_hdr pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 type: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c size: 00000014 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 offset: 00000260 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 offsethi: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000048 pac_io_pac_info_hdr_ctr pac data >[2007/08/24 16:04:29, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(503) > PAC_TYPE_LOGON_INFO >[2007/08/24 16:04:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000048 pac_io_pac_logon_info pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 unknown: 00081001 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c unknown: cccccccc >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0050 bufferlen: 000001d8 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 bufferlenhi: 00000000 >[2007/08/24 16:04:29, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000058 net_io_user_info3 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0058 ptr_user_info : 00020000 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00005c smb_io_time logon time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c low : f0aa443f >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0060 high: 01c7e69a >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000064 smb_io_time logoff time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 low : ffffffff >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0068 high: 7fffffff >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00006c smb_io_time kickoff time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c low : ffffffff >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 high: 7fffffff >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000074 smb_io_time last set time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 low : 283e984e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 high: 01c753fa >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00007c smb_io_time can change time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c low : 283e984e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0080 high: 01c753fa >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000084 smb_io_time must change time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0084 low : ffffffff >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0088 high: 7fffffff >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00008c smb_io_unihdr hdr_user_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 008c uni_str_len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 008e uni_max_len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0090 buffer : 00020004 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000094 smb_io_unihdr hdr_full_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0094 uni_str_len: 001c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0096 uni_max_len: 001c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0098 buffer : 00020008 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00009c smb_io_unihdr hdr_logon_script >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009c uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009e uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a0 buffer : 0002000c >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000a4 smb_io_unihdr hdr_profile_path >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a4 uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a6 uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a8 buffer : 00020010 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000ac smb_io_unihdr hdr_home_dir >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00ac uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00ae uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 buffer : 00020014 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000b4 smb_io_unihdr hdr_dir_drive >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00b4 uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00b6 uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b8 buffer : 00020018 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00bc logon_count : 03c9 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00be bad_pw_count : 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 user_rid : 00000453 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 group_rid : 00000201 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 num_groups : 00000008 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc buffer_groups : 0002001c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d0 user_flgs : 00000020 >[2007/08/24 16:04:29, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) > dump_user_flgs > account has LOGON_EXTRA_SIDS >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00d4 user_sess_key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unihdr hdr_logon_srv >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00e4 uni_str_len: 000c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00e6 uni_max_len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e8 buffer : 00020020 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000ec smb_io_unihdr hdr_logon_dom >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00ec uni_str_len: 0004 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00ee uni_max_len: 0006 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f0 buffer : 00020024 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f4 buffer_dom_id : 00020028 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00f8 lm_sess_key: 00 00 00 00 00 00 00 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0100 acct_flags : 00000210 >[2007/08/24 16:04:29, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) > dump_acct_flags > account has ACB_NORMAL > account has ACB_PWNOEXP >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0104 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0108 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 010c unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0110 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0114 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0118 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 011c unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0120 num_other_sids: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0124 buffer_other_sids: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0128 ptr_res_group_dom_sid: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 012c res_group_count: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0130 ptr_res_groups: 00000000 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000134 smb_io_unistr2 uni_user_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0134 uni_max_len: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0138 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 013c uni_str_len: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0140 buffer : c.h.a.r.l.e.s. >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00014e smb_io_unistr2 uni_full_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0150 uni_max_len: 0000000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0154 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0158 uni_str_len: 0000000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 015c buffer : C.h.a.r.l.e.s. .G.i.l.l.e.t. >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000178 smb_io_unistr2 uni_logon_script >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0178 uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 017c offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0180 uni_str_len: 00000000 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000184 smb_io_unistr2 uni_profile_path >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0184 uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0188 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 018c uni_str_len: 00000000 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000190 smb_io_unistr2 uni_home_dir >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0190 uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0194 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0198 uni_str_len: 00000000 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00019c smb_io_unistr2 uni_dir_drive >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 019c uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a0 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a4 uni_str_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a8 num_groups2 : 00000008 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001ac smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01ac g_rid: 00000512 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01b0 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001b4 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01b4 g_rid: 00000508 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01b8 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001bc smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01bc g_rid: 00000504 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01c0 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001c4 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01c4 g_rid: 00000200 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01c8 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001cc smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01cc g_rid: 00000505 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01d0 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001d4 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01d4 g_rid: 0000050e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01d8 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001dc smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01dc g_rid: 00000207 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01e0 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001e4 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01e4 g_rid: 00000201 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01e8 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001ec smb_io_unistr2 uni_logon_srv >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01ec uni_max_len: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01f0 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01f4 uni_str_len: 00000006 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 01f8 buffer : U.R.C.H.I.N. >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000204 smb_io_unistr2 uni_logon_dom >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0204 uni_max_len: 00000003 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0208 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 020c uni_str_len: 00000002 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0210 buffer : R.S. >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000214 smb_io_dom_sid2 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0214 num_auths: 00000004 >[2007/08/24 16:04:29, 10] rpc_parse/parse_prs.c:prs_debug(84) > 000218 smb_io_dom_sid sid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0218 sid_rev_num: 01 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0219 num_auths : 04 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021a id_auth[0] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021b id_auth[1] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021c id_auth[2] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021d id_auth[3] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021e id_auth[4] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021f id_auth[5] : 05 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0220 sub_auths : 00000015 8ed5687a 8784e9f2 e426939e >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000230 pac_io_pac_info_hdr_ctr pac data >[2007/08/24 16:04:29, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(543) > PAC_TYPE_LOGON_NAME >[2007/08/24 16:04:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000230 pac_io_logon_name pac data >[2007/08/24 16:04:29, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000230 smb_io_time logon_time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0230 low : b25b5d80 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0234 high: 01c7e69b >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0238 len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 023a name: c.h.a.r.l.e.s. >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000248 pac_io_pac_info_hdr_ctr pac data >[2007/08/24 16:04:29, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(516) > PAC_TYPE_SERVER_CHECKSUM >[2007/08/24 16:04:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000248 pac_io_pac_signature_data pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0248 type: ffffff76 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 024c signature: 3d 7d ef e2 19 2b 63 ce e2 93 03 a2 0e 94 be 02 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00025c pac_io_pac_info_hdr_ctr pac data >[2007/08/24 16:04:29, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(489) > offset in header(x260) and data(x25c) do not match, correcting >[2007/08/24 16:04:29, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(529) > PAC_TYPE_PRIVSVR_CHECKSUM >[2007/08/24 16:04:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000260 pac_io_pac_signature_data pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0260 type: ffffff76 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0264 signature: 63 6e b0 67 51 2d fd 18 ca fa 9c 0c 4c 52 b6 a1 >[2007/08/24 16:04:29, 10] libads/authdata.c:decode_pac_data(911) > Successfully validated Kerberos PAC >[2007/08/24 16:04:29, 10] libads/authdata.c:dump_pac_logon_info(723) > The PAC: > User Flags: 0x20 (32) > User Flags: LOGON_EXTRA_SIDS 0x20 (32) > User SID: S-1-5-21-2396350586-2273634802-3827733406-1107 > Group SID: S-1-5-21-2396350586-2273634802-3827733406-513 > Group Membership (Global and Universal Groups of own domain): > 0: sid: S-1-5-21-2396350586-2273634802-3827733406-1298 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 1: sid: S-1-5-21-2396350586-2273634802-3827733406-1288 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 2: sid: S-1-5-21-2396350586-2273634802-3827733406-1284 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 3: sid: S-1-5-21-2396350586-2273634802-3827733406-512 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 4: sid: S-1-5-21-2396350586-2273634802-3827733406-1285 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 5: sid: S-1-5-21-2396350586-2273634802-3827733406-1294 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 6: sid: S-1-5-21-2396350586-2273634802-3827733406-519 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 7: sid: S-1-5-21-2396350586-2273634802-3827733406-513 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > Group Membership (Domain Local Groups and Groups from Trusted Domains): > Group Membership (Ressource Groups (SID History ?)): >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_spnego_kerberos(207) > Ticket name is [linuxuser@WINDOWS.DOMAIN] >[2007/08/24 16:04:29, 10] libsmb/samlogon_cache.c:netsamlogon_cache_store(134) > netsamlogon_cache_store: SID [S-1-5-21-2396350586-2273634802-3827733406-1107] >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 timestamp: 46cf63fd >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000004 net_io_user_info3 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 ptr_user_info : 00020000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_time logon time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 low : f0aa443f >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c high: 01c7e69a >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_time logoff time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 low : ffffffff >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 high: 7fffffff >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_time kickoff time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 low : ffffffff >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c high: 7fffffff >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_time last set time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 low : 283e984e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 high: 01c753fa >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_time can change time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 low : 283e984e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c high: 01c753fa >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_time must change time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 low : ffffffff >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 high: 7fffffff >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_unihdr hdr_user_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 uni_str_len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a uni_max_len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c buffer : 00020004 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000040 smb_io_unihdr hdr_full_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0040 uni_str_len: 001c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0042 uni_max_len: 001c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 buffer : 00020008 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_unihdr hdr_logon_script >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0048 uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 004a uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c buffer : 0002000c >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_unihdr hdr_profile_path >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0050 uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0052 uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 buffer : 00020010 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000058 smb_io_unihdr hdr_home_dir >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0058 uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 005a uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c buffer : 00020014 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000060 smb_io_unihdr hdr_dir_drive >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0060 uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 buffer : 00020018 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0068 logon_count : 03c9 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006a bad_pw_count : 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c user_rid : 00000453 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 group_rid : 00000201 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 num_groups : 00000008 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 buffer_groups : 0002001c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c user_flgs : 00000020 >[2007/08/24 16:04:29, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) > dump_user_flgs > account has LOGON_EXTRA_SIDS >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0080 user_sess_key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000090 smb_io_unihdr hdr_logon_srv >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0090 uni_str_len: 000c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0092 uni_max_len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0094 buffer : 00020020 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000098 smb_io_unihdr hdr_logon_dom >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0098 uni_str_len: 0004 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009a uni_max_len: 0006 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 009c buffer : 00020024 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a0 buffer_dom_id : 00020028 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00a4 lm_sess_key: 00 00 00 00 00 00 00 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ac acct_flags : 00000210 >[2007/08/24 16:04:29, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) > dump_acct_flags > account has ACB_NORMAL > account has ACB_PWNOEXP >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b4 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b8 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00bc unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc num_other_sids: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d0 buffer_other_sids: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000d4 smb_io_unistr2 uni_user_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d4 uni_max_len: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d8 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00dc uni_str_len: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00e0 buffer : c.h.a.r.l.e.s. >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 uni_full_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f0 uni_max_len: 0000000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f4 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f8 uni_str_len: 0000000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00fc buffer : C.h.a.r.l.e.s. .G.i.l.l.e.t. >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000118 smb_io_unistr2 uni_logon_script >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0118 uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 011c offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0120 uni_str_len: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000124 smb_io_unistr2 uni_profile_path >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0124 uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0128 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 012c uni_str_len: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000130 smb_io_unistr2 uni_home_dir >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0130 uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0134 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0138 uni_str_len: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00013c smb_io_unistr2 uni_dir_drive >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 013c uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0140 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0144 uni_str_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0148 num_groups2 : 00000008 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00014c smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 014c g_rid: 00000512 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0150 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000154 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0154 g_rid: 00000508 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0158 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00015c smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 015c g_rid: 00000504 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0160 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000164 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0164 g_rid: 00000200 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0168 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00016c smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 016c g_rid: 00000505 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0170 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000174 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0174 g_rid: 0000050e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0178 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00017c smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 017c g_rid: 00000207 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0180 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000184 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0184 g_rid: 00000201 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0188 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00018c smb_io_unistr2 uni_logon_srv >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 018c uni_max_len: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0190 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0194 uni_str_len: 00000006 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0198 buffer : U.R.C.H.I.N. >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0001a4 smb_io_unistr2 uni_logon_dom >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a4 uni_max_len: 00000003 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a8 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01ac uni_str_len: 00000002 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 01b0 buffer : R.S. >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0001b4 smb_io_dom_sid2 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01b4 num_auths: 00000004 >[2007/08/24 16:04:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0001b8 smb_io_dom_sid sid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01b8 sid_rev_num: 01 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01b9 num_auths : 04 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01ba id_auth[0] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01bb id_auth[1] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01bc id_auth[2] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01bd id_auth[3] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01be id_auth[4] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01bf id_auth[5] : 05 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 01c0 sub_auths : 00000015 8ed5687a 8784e9f2 e426939e >[2007/08/24 16:04:29, 10] smbd/sesssetup.c:reply_spnego_kerberos(250) > Mapped to [WINDOWS] (using PAC) >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user WINDOWS\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(83) > Trying _Get_Pwnam(), username as given is WINDOWS\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is WINDOWS\LINUXUSER >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [WINDOWS\linuxuser]! >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals did find user [linuxuser]! >[2007/08/24 16:04:29, 6] param/loadparm.c:lp_file_list_changed(3001) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Aug 24 16:02:59 2007 > >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user WINDOWS\windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is windows\rs\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(83) > Trying _Get_Pwnam(), username as given is WINDOWS\windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is WINDOWS\WINDOWS\LINUXUSER >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in windows\rs\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [WINDOWS\windows\linuxuser]! >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is WINDOWS\LINUXUSER >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [windows\linuxuser]! >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is WINDOWS\LINUXUSER >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [windows\linuxuser]! >[2007/08/24 16:04:29, 1] smbd/sesssetup.c:reply_spnego_kerberos(334) > make_server_info_info3 failed: NT_STATUS_NO_SUCH_USER! >[2007/08/24 16:04:29, 3] smbd/error.c:error_packet(146) > error packet at smbd/sesssetup.c(339) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(500) >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(510) > size=35 > smb_com=0x73 > smb_rcls=109 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=64 > smt_wct=0 > smb_bcc=0 >[2007/08/24 16:04:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2007/08/24 16:04:29, 10] lib/util_sock.c:read_data(525) > read_data: read of 4 returned 0. Error = Success >[2007/08/24 16:04:29, 10] lib/util_sock.c:receive_smb_raw(672) > receive_smb_raw: length < 0! >[2007/08/24 16:04:29, 3] smbd/process.c:timeout_processing(1359) > timeout_processing: End of file from client (client has disconnected). >[2007/08/24 16:04:29, 5] lib/gencache.c:gencache_shutdown(90) > Closing cache file >[2007/08/24 16:04:29, 5] libsmb/namecache.c:namecache_shutdown(79) > namecache_shutdown: netbios namecache closed successfully. >[2007/08/24 16:04:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2007/08/24 16:04:29, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2007/08/24 16:04:29, 5] auth/auth_util.c:debug_unix_user_token(474) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2007/08/24 16:04:29, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2007/08/24 16:04:29, 3] smbd/connection.c:yield_connection(69) > Yielding connection to >[2007/08/24 16:04:29, 3] smbd/server.c:exit_server_common(675) > Server exit (normal exit) >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 16384 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 87380 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 16384 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 87380 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2007/08/24 16:04:29, 6] param/loadparm.c:lp_file_list_changed(3001) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Aug 24 16:02:59 2007 > >[2007/08/24 16:04:29, 3] smbd/oplock.c:init_oplocks(862) > open_oplock_ipc: initializing messages. >[2007/08/24 16:04:29, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(260) > Linux kernel oplocks enabled >[2007/08/24 16:04:29, 4] lib/time.c:TimeInit(136) > TimeInit: Serverzone is 25200 >[2007/08/24 16:04:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2007/08/24 16:04:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 133 >[2007/08/24 16:04:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x85 >[2007/08/24 16:04:29, 3] smbd/process.c:process_smb(1110) > Transaction 0 of length 137 >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(500) >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(510) > size=133 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51283 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=0 > smb_bcc=98 >[2007/08/24 16:04:29, 10] lib/util.c:dump_data(2237) > [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG > [010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 > [020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for > [030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. > [040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM > [050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 > [060] 32 00 2. >[2007/08/24 16:04:29, 3] smbd/process.c:switch_message(914) > switch message SMBnegprot (pid 8789) conn 0x0 >[2007/08/24 16:04:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2007/08/24 16:04:29, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2007/08/24 16:04:29, 5] auth/auth_util.c:debug_unix_user_token(474) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2007/08/24 16:04:29, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(487) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(487) > Requested protocol [LANMAN1.0] >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(487) > Requested protocol [Windows for Workgroups 3.1a] >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(487) > Requested protocol [LM1.2X002] >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(487) > Requested protocol [LANMAN2.1] >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(487) > Requested protocol [NT LM 0.12] >[2007/08/24 16:04:29, 10] lib/util.c:set_remote_arch(2212) > set_remote_arch: Client arch is 'Win2K' >[2007/08/24 16:04:29, 6] param/loadparm.c:lp_file_list_changed(3001) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Aug 24 16:02:59 2007 > >[2007/08/24 16:04:29, 5] smbd/connection.c:claim_connection(170) > claiming 0 >[2007/08/24 16:04:29, 6] param/loadparm.c:lp_file_list_changed(3001) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Aug 24 16:02:59 2007 > >[2007/08/24 16:04:29, 10] lib/util.c:name_to_fqdn(2854) > name_to_fqdn: lookup for NEMO -> NEMO.redseal.net. >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_nt1(357) > using SPNEGO >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(580) > Selected protocol NT LM 0.12 >[2007/08/24 16:04:29, 5] smbd/negprot.c:reply_negprot(586) > negprot index=5 >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(500) >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(510) > size=175 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=17 > smb_vwv[ 0]= 5 (0x5) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=21760 (0x5500) > smb_vwv[ 8]= 34 (0x22) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]=33011 (0x80F3) > smb_vwv[11]=32896 (0x8080) > smb_vwv[12]=48828 (0xBEBC) > smb_vwv[13]=41759 (0xA31F) > smb_vwv[14]=51174 (0xC7E6) > smb_vwv[15]=41985 (0xA401) > smb_vwv[16]=27137 (0x6A01) > smb_bcc=106 >[2007/08/24 16:04:29, 10] lib/util.c:dump_data(2237) > [000] 6E 65 6D 6F 00 00 00 00 00 00 00 00 00 00 00 00 nemo.... ........ > [010] 60 58 06 06 2B 06 01 05 05 02 A0 4E 30 4C A0 24 `X..+... ...N0L.$ > [020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. .......* > [030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H...... ..+..... > [040] 37 02 02 0A A3 24 30 22 A0 20 1B 1E 63 69 66 73 7....$0" . ..cifs > [050] 2F 6E 65 6D 6F 2E 72 65 64 73 65 61 6C 2E 6E 65 /nemo.re dseal.ne > [060] 74 40 52 53 2E 4C 4F 43 41 4C t@WINDOWS.DOMAIN AL >[2007/08/24 16:04:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2007/08/24 16:04:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 1422 >[2007/08/24 16:04:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x58e >[2007/08/24 16:04:29, 3] smbd/process.c:process_smb(1110) > Transaction 1 of length 1426 >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(500) >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(510) > size=1422 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=64 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 1422 (0x58E) > smb_vwv[ 2]=16644 (0x4104) > smb_vwv[ 3]= 50 (0x32) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 1261 (0x4ED) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 212 (0xD4) > smb_vwv[11]=40960 (0xA000) > smb_bcc=1363 >[2007/08/24 16:04:29, 10] lib/util.c:dump_data(2237) > [000] 60 82 04 E9 06 06 2B 06 01 05 05 02 A0 82 04 DD `.....+. ........ > [010] 30 82 04 D9 A0 24 30 22 06 09 2A 86 48 82 F7 12 0....$0" ..*.H... > [020] 01 02 02 06 09 2A 86 48 86 F7 12 01 02 02 06 0A .....*.H ........ > [030] 2B 06 01 04 01 82 37 02 02 0A A2 82 04 AF 04 82 +.....7. ........ > [040] 04 AB 60 82 04 A7 06 09 2A 86 48 86 F7 12 01 02 ..`..... *.H..... > [050] 02 01 00 6E 82 04 96 30 82 04 92 A0 03 02 01 05 ...n...0 ........ > [060] A1 03 02 01 0E A2 07 03 05 00 20 00 00 00 A3 82 ........ .. ..... > [070] 03 C0 61 82 03 BC 30 82 03 B8 A0 03 02 01 05 A1 ..a...0. ........ > [080] 0A 1B 08 52 53 2E 4C 4F 43 41 4C A2 23 30 21 A0 ...WINDOWS.DOMAIN.#0!. > [090] 03 02 01 02 A1 1A 30 18 1B 04 63 69 66 73 1B 10 ......0. ..cifs.. > [0A0] 6E 65 6D 6F 2E 72 65 64 73 65 61 6C 2E 6E 65 74 nemo.red seal.net > [0B0] A3 82 03 7E 30 82 03 7A A0 03 02 01 17 A1 03 02 ...~0..z ........ > [0C0] 01 02 A2 82 03 6C 04 82 03 68 68 FF 1B 86 BD 7A .....l.. .hh....z > [0D0] 91 07 8B 65 FA 30 EA 65 6B A5 DB 0C A8 95 8A 8C ...e.0.e k....... > [0E0] 83 91 84 16 8B D4 3B 9F AB 2A 70 EA 44 86 23 75 ......;. .*p.D.#u > [0F0] CF 4E 6F CA 57 17 A3 48 3E BF 44 92 D1 C3 B9 99 .No.W..H >.D..... > [100] 73 A7 73 78 F0 68 AA 8F 3F 8B AA AC CF CD AE 53 s.sx.h.. ?......S > [110] 48 B8 2B D9 DD F7 F6 11 11 56 9D 0F 79 8B C9 0E H.+..... .V..y... > [120] 91 56 41 FC B8 F0 37 10 8B 65 6C 1A 4A A8 D8 42 .VA...7. .el.J..B > [130] 32 14 15 72 05 C2 9B F0 D4 E4 80 44 50 60 53 78 2..r.... ...DP`Sx > [140] A8 FD ED 72 DA 40 AE D6 1B 1F A0 A1 67 1E F5 7D ...r.@.. ....g..} > [150] B7 A0 7C DD CF A1 04 0D 9C 3E 28 9D C2 B4 88 0F ..|..... .>(..... > [160] 18 05 95 AF 96 C8 4B D9 B6 52 42 E6 0B 0A 0C 76 ......K. .RB....v > [170] 50 01 02 60 9D 8C 6F A7 AF EA CD AA 86 9F 1E EE P..`..o. ........ > [180] 61 CF 20 DE F2 B9 16 FB 7C 00 80 55 8D 54 AE 60 a. ..... |..U.T.` > [190] 0A FC 4B CB 13 23 B5 30 9B 55 F7 47 55 03 9B F8 ..K..#.0 .U.GU... > [1A0] 5F A3 09 8B C9 27 FC CE 28 67 B4 F8 C0 98 3D 8D _....'.. (g....=. > [1B0] 8D 0B C4 6E 11 AE 2D CA 33 9E A4 D1 B9 69 AA 34 ...n..-. 3....i.4 > [1C0] ED 7D 4D AE FD 0B 14 5C 20 9B 37 D4 76 FE DF 94 .}M....\ .7.v... > [1D0] 7A 06 76 B6 B7 6B DB 6F 6C B4 12 B0 15 76 33 7D z.v..k.o l....v3} > [1E0] B9 6C 1C 4B 01 FB E4 46 02 11 25 91 05 8A 91 17 .l.K...F ..%..... > [1F0] 75 D6 30 91 B0 A5 49 EF C2 79 82 8E 50 30 94 89 u.0...I. .y..P0.. >[2007/08/24 16:04:29, 3] smbd/process.c:switch_message(914) > switch message SMBsesssetupX (pid 8789) conn 0x0 >[2007/08/24 16:04:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2007/08/24 16:04:29, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2007/08/24 16:04:29, 5] auth/auth_util.c:debug_unix_user_token(474) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2007/08/24 16:04:29, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849) > wct=12 flg2=0xc807 >[2007/08/24 16:04:29, 2] smbd/sesssetup.c:setup_new_vc_session(799) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660) > Doing spnego session setup >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691) > NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] >[2007/08/24 16:04:29, 10] lib/util.c:set_remote_arch(2212) > set_remote_arch: Client arch is 'WinXP' >[2007/08/24 16:04:29, 10] smbd/password.c:register_vuid(186) > register_vuid: allocated vuid = 100 >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_spnego_negotiate(551) > Got OID 1 2 840 48018 1 2 2 >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_spnego_negotiate(551) > Got OID 1 2 840 113554 1 2 2 >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_spnego_negotiate(551) > Got OID 1 3 6 1 4 1 311 2 2 10 >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_spnego_negotiate(554) > Got secblob of size 1195 >[2007/08/24 16:04:29, 10] passdb/secrets.c:secrets_named_mutex(779) > secrets_named_mutex: got mutex for replay cache mutex >[2007/08/24 16:04:29, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(261) > ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type >[2007/08/24 16:04:29, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(261) > ads_secrets_verify_ticket: enc type [3] failed to decrypt with error Bad encryption type >[2007/08/24 16:04:29, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(252) > ads_secrets_verify_ticket: enc type [23] decrypted message ! >[2007/08/24 16:04:29, 10] passdb/secrets.c:secrets_named_mutex_release(791) > secrets_named_mutex: released mutex for replay cache mutex >[2007/08/24 16:04:29, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(685) > Got KRB5 session key of length 16 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 pac_io_pac_data pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 num_buffers: 00000004 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 version: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 pac_io_pac_info_hdr pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 type: 00000001 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c size: 000001e8 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 offset: 00000048 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 offsethi: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 pac_io_pac_info_hdr pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 type: 0000000a >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c size: 00000018 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 offset: 00000230 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 offsethi: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000028 pac_io_pac_info_hdr pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 type: 00000006 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c size: 00000014 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 offset: 00000248 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 offsethi: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000038 pac_io_pac_info_hdr pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 type: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c size: 00000014 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 offset: 00000260 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 offsethi: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000048 pac_io_pac_info_hdr_ctr pac data >[2007/08/24 16:04:29, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(503) > PAC_TYPE_LOGON_INFO >[2007/08/24 16:04:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000048 pac_io_pac_logon_info pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 unknown: 00081001 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c unknown: cccccccc >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0050 bufferlen: 000001d8 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 bufferlenhi: 00000000 >[2007/08/24 16:04:29, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000058 net_io_user_info3 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0058 ptr_user_info : 00020000 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00005c smb_io_time logon time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c low : f0aa443f >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0060 high: 01c7e69a >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000064 smb_io_time logoff time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 low : ffffffff >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0068 high: 7fffffff >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00006c smb_io_time kickoff time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c low : ffffffff >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 high: 7fffffff >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000074 smb_io_time last set time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 low : 283e984e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 high: 01c753fa >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00007c smb_io_time can change time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c low : 283e984e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0080 high: 01c753fa >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000084 smb_io_time must change time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0084 low : ffffffff >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0088 high: 7fffffff >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00008c smb_io_unihdr hdr_user_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 008c uni_str_len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 008e uni_max_len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0090 buffer : 00020004 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000094 smb_io_unihdr hdr_full_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0094 uni_str_len: 001c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0096 uni_max_len: 001c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0098 buffer : 00020008 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00009c smb_io_unihdr hdr_logon_script >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009c uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009e uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a0 buffer : 0002000c >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000a4 smb_io_unihdr hdr_profile_path >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a4 uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a6 uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a8 buffer : 00020010 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000ac smb_io_unihdr hdr_home_dir >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00ac uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00ae uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 buffer : 00020014 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000b4 smb_io_unihdr hdr_dir_drive >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00b4 uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00b6 uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b8 buffer : 00020018 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00bc logon_count : 03c9 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00be bad_pw_count : 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 user_rid : 00000453 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 group_rid : 00000201 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 num_groups : 00000008 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc buffer_groups : 0002001c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d0 user_flgs : 00000020 >[2007/08/24 16:04:29, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) > dump_user_flgs > account has LOGON_EXTRA_SIDS >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00d4 user_sess_key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unihdr hdr_logon_srv >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00e4 uni_str_len: 000c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00e6 uni_max_len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e8 buffer : 00020020 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000ec smb_io_unihdr hdr_logon_dom >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00ec uni_str_len: 0004 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00ee uni_max_len: 0006 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f0 buffer : 00020024 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f4 buffer_dom_id : 00020028 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00f8 lm_sess_key: 00 00 00 00 00 00 00 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0100 acct_flags : 00000210 >[2007/08/24 16:04:29, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) > dump_acct_flags > account has ACB_NORMAL > account has ACB_PWNOEXP >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0104 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0108 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 010c unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0110 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0114 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0118 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 011c unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0120 num_other_sids: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0124 buffer_other_sids: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0128 ptr_res_group_dom_sid: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 012c res_group_count: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0130 ptr_res_groups: 00000000 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000134 smb_io_unistr2 uni_user_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0134 uni_max_len: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0138 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 013c uni_str_len: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0140 buffer : c.h.a.r.l.e.s. >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00014e smb_io_unistr2 uni_full_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0150 uni_max_len: 0000000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0154 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0158 uni_str_len: 0000000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 015c buffer : C.h.a.r.l.e.s. .G.i.l.l.e.t. >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000178 smb_io_unistr2 uni_logon_script >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0178 uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 017c offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0180 uni_str_len: 00000000 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000184 smb_io_unistr2 uni_profile_path >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0184 uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0188 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 018c uni_str_len: 00000000 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000190 smb_io_unistr2 uni_home_dir >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0190 uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0194 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0198 uni_str_len: 00000000 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00019c smb_io_unistr2 uni_dir_drive >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 019c uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a0 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a4 uni_str_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a8 num_groups2 : 00000008 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001ac smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01ac g_rid: 00000512 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01b0 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001b4 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01b4 g_rid: 00000508 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01b8 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001bc smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01bc g_rid: 00000504 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01c0 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001c4 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01c4 g_rid: 00000200 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01c8 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001cc smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01cc g_rid: 00000505 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01d0 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001d4 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01d4 g_rid: 0000050e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01d8 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001dc smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01dc g_rid: 00000207 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01e0 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001e4 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01e4 g_rid: 00000201 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01e8 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001ec smb_io_unistr2 uni_logon_srv >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01ec uni_max_len: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01f0 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01f4 uni_str_len: 00000006 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 01f8 buffer : U.R.C.H.I.N. >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000204 smb_io_unistr2 uni_logon_dom >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0204 uni_max_len: 00000003 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0208 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 020c uni_str_len: 00000002 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0210 buffer : R.S. >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000214 smb_io_dom_sid2 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0214 num_auths: 00000004 >[2007/08/24 16:04:29, 10] rpc_parse/parse_prs.c:prs_debug(84) > 000218 smb_io_dom_sid sid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0218 sid_rev_num: 01 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0219 num_auths : 04 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021a id_auth[0] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021b id_auth[1] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021c id_auth[2] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021d id_auth[3] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021e id_auth[4] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021f id_auth[5] : 05 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0220 sub_auths : 00000015 8ed5687a 8784e9f2 e426939e >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000230 pac_io_pac_info_hdr_ctr pac data >[2007/08/24 16:04:29, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(543) > PAC_TYPE_LOGON_NAME >[2007/08/24 16:04:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000230 pac_io_logon_name pac data >[2007/08/24 16:04:29, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000230 smb_io_time logon_time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0230 low : b25b5d80 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0234 high: 01c7e69b >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0238 len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 023a name: c.h.a.r.l.e.s. >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000248 pac_io_pac_info_hdr_ctr pac data >[2007/08/24 16:04:29, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(516) > PAC_TYPE_SERVER_CHECKSUM >[2007/08/24 16:04:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000248 pac_io_pac_signature_data pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0248 type: ffffff76 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 024c signature: 3d 7d ef e2 19 2b 63 ce e2 93 03 a2 0e 94 be 02 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00025c pac_io_pac_info_hdr_ctr pac data >[2007/08/24 16:04:29, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(489) > offset in header(x260) and data(x25c) do not match, correcting >[2007/08/24 16:04:29, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(529) > PAC_TYPE_PRIVSVR_CHECKSUM >[2007/08/24 16:04:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000260 pac_io_pac_signature_data pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0260 type: ffffff76 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0264 signature: 63 6e b0 67 51 2d fd 18 ca fa 9c 0c 4c 52 b6 a1 >[2007/08/24 16:04:29, 10] libads/authdata.c:decode_pac_data(911) > Successfully validated Kerberos PAC >[2007/08/24 16:04:29, 10] libads/authdata.c:dump_pac_logon_info(723) > The PAC: > User Flags: 0x20 (32) > User Flags: LOGON_EXTRA_SIDS 0x20 (32) > User SID: S-1-5-21-2396350586-2273634802-3827733406-1107 > Group SID: S-1-5-21-2396350586-2273634802-3827733406-513 > Group Membership (Global and Universal Groups of own domain): > 0: sid: S-1-5-21-2396350586-2273634802-3827733406-1298 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 1: sid: S-1-5-21-2396350586-2273634802-3827733406-1288 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 2: sid: S-1-5-21-2396350586-2273634802-3827733406-1284 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 3: sid: S-1-5-21-2396350586-2273634802-3827733406-512 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 4: sid: S-1-5-21-2396350586-2273634802-3827733406-1285 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 5: sid: S-1-5-21-2396350586-2273634802-3827733406-1294 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 6: sid: S-1-5-21-2396350586-2273634802-3827733406-519 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 7: sid: S-1-5-21-2396350586-2273634802-3827733406-513 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > Group Membership (Domain Local Groups and Groups from Trusted Domains): > Group Membership (Ressource Groups (SID History ?)): >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_spnego_kerberos(207) > Ticket name is [linuxuser@WINDOWS.DOMAIN] >[2007/08/24 16:04:29, 10] libsmb/samlogon_cache.c:netsamlogon_cache_store(134) > netsamlogon_cache_store: SID [S-1-5-21-2396350586-2273634802-3827733406-1107] >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 timestamp: 46cf63fd >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000004 net_io_user_info3 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 ptr_user_info : 00020000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_time logon time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 low : f0aa443f >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c high: 01c7e69a >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_time logoff time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 low : ffffffff >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 high: 7fffffff >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_time kickoff time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 low : ffffffff >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c high: 7fffffff >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_time last set time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 low : 283e984e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 high: 01c753fa >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_time can change time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 low : 283e984e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c high: 01c753fa >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_time must change time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 low : ffffffff >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 high: 7fffffff >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_unihdr hdr_user_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 uni_str_len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a uni_max_len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c buffer : 00020004 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000040 smb_io_unihdr hdr_full_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0040 uni_str_len: 001c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0042 uni_max_len: 001c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 buffer : 00020008 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_unihdr hdr_logon_script >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0048 uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 004a uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c buffer : 0002000c >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_unihdr hdr_profile_path >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0050 uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0052 uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 buffer : 00020010 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000058 smb_io_unihdr hdr_home_dir >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0058 uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 005a uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c buffer : 00020014 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000060 smb_io_unihdr hdr_dir_drive >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0060 uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 buffer : 00020018 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0068 logon_count : 03c9 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006a bad_pw_count : 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c user_rid : 00000453 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 group_rid : 00000201 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 num_groups : 00000008 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 buffer_groups : 0002001c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c user_flgs : 00000020 >[2007/08/24 16:04:29, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) > dump_user_flgs > account has LOGON_EXTRA_SIDS >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0080 user_sess_key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000090 smb_io_unihdr hdr_logon_srv >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0090 uni_str_len: 000c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0092 uni_max_len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0094 buffer : 00020020 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000098 smb_io_unihdr hdr_logon_dom >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0098 uni_str_len: 0004 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009a uni_max_len: 0006 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 009c buffer : 00020024 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a0 buffer_dom_id : 00020028 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00a4 lm_sess_key: 00 00 00 00 00 00 00 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ac acct_flags : 00000210 >[2007/08/24 16:04:29, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) > dump_acct_flags > account has ACB_NORMAL > account has ACB_PWNOEXP >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b4 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b8 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00bc unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc num_other_sids: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d0 buffer_other_sids: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000d4 smb_io_unistr2 uni_user_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d4 uni_max_len: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d8 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00dc uni_str_len: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00e0 buffer : c.h.a.r.l.e.s. >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 uni_full_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f0 uni_max_len: 0000000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f4 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f8 uni_str_len: 0000000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00fc buffer : C.h.a.r.l.e.s. .G.i.l.l.e.t. >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000118 smb_io_unistr2 uni_logon_script >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0118 uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 011c offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0120 uni_str_len: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000124 smb_io_unistr2 uni_profile_path >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0124 uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0128 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 012c uni_str_len: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000130 smb_io_unistr2 uni_home_dir >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0130 uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0134 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0138 uni_str_len: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00013c smb_io_unistr2 uni_dir_drive >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 013c uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0140 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0144 uni_str_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0148 num_groups2 : 00000008 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00014c smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 014c g_rid: 00000512 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0150 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000154 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0154 g_rid: 00000508 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0158 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00015c smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 015c g_rid: 00000504 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0160 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000164 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0164 g_rid: 00000200 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0168 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00016c smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 016c g_rid: 00000505 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0170 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000174 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0174 g_rid: 0000050e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0178 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00017c smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 017c g_rid: 00000207 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0180 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000184 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0184 g_rid: 00000201 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0188 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00018c smb_io_unistr2 uni_logon_srv >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 018c uni_max_len: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0190 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0194 uni_str_len: 00000006 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0198 buffer : U.R.C.H.I.N. >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0001a4 smb_io_unistr2 uni_logon_dom >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a4 uni_max_len: 00000003 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a8 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01ac uni_str_len: 00000002 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 01b0 buffer : R.S. >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0001b4 smb_io_dom_sid2 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01b4 num_auths: 00000004 >[2007/08/24 16:04:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0001b8 smb_io_dom_sid sid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01b8 sid_rev_num: 01 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01b9 num_auths : 04 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01ba id_auth[0] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01bb id_auth[1] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01bc id_auth[2] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01bd id_auth[3] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01be id_auth[4] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01bf id_auth[5] : 05 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 01c0 sub_auths : 00000015 8ed5687a 8784e9f2 e426939e >[2007/08/24 16:04:29, 10] smbd/sesssetup.c:reply_spnego_kerberos(250) > Mapped to [WINDOWS] (using PAC) >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user WINDOWS\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(83) > Trying _Get_Pwnam(), username as given is WINDOWS\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is WINDOWS\LINUXUSER >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [WINDOWS\linuxuser]! >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals did find user [linuxuser]! >[2007/08/24 16:04:29, 6] param/loadparm.c:lp_file_list_changed(3001) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Aug 24 16:02:59 2007 > >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user WINDOWS\windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is windows\rs\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(83) > Trying _Get_Pwnam(), username as given is WINDOWS\windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is WINDOWS\WINDOWS\LINUXUSER >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in windows\rs\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [WINDOWS\windows\linuxuser]! >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is WINDOWS\LINUXUSER >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [windows\linuxuser]! >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is WINDOWS\LINUXUSER >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [windows\linuxuser]! >[2007/08/24 16:04:29, 1] smbd/sesssetup.c:reply_spnego_kerberos(334) > make_server_info_info3 failed: NT_STATUS_NO_SUCH_USER! >[2007/08/24 16:04:29, 3] smbd/error.c:error_packet(146) > error packet at smbd/sesssetup.c(339) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(500) >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(510) > size=35 > smb_com=0x73 > smb_rcls=109 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=64 > smt_wct=0 > smb_bcc=0 >[2007/08/24 16:04:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 16384 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 87380 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 16384 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 87380 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2007/08/24 16:04:29, 6] param/loadparm.c:lp_file_list_changed(3001) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Aug 24 16:02:59 2007 > >[2007/08/24 16:04:29, 3] smbd/oplock.c:init_oplocks(862) > open_oplock_ipc: initializing messages. >[2007/08/24 16:04:29, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(260) > Linux kernel oplocks enabled >[2007/08/24 16:04:29, 4] lib/time.c:TimeInit(136) > TimeInit: Serverzone is 25200 >[2007/08/24 16:04:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2007/08/24 16:04:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 133 >[2007/08/24 16:04:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x85 >[2007/08/24 16:04:29, 3] smbd/process.c:process_smb(1110) > Transaction 0 of length 137 >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(500) >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(510) > size=133 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51283 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=0 > smb_bcc=98 >[2007/08/24 16:04:29, 10] lib/util.c:dump_data(2237) > [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG > [010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 > [020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for > [030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. > [040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM > [050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 > [060] 32 00 2. >[2007/08/24 16:04:29, 3] smbd/process.c:switch_message(914) > switch message SMBnegprot (pid 8790) conn 0x0 >[2007/08/24 16:04:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2007/08/24 16:04:29, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2007/08/24 16:04:29, 5] auth/auth_util.c:debug_unix_user_token(474) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2007/08/24 16:04:29, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(487) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(487) > Requested protocol [LANMAN1.0] >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(487) > Requested protocol [Windows for Workgroups 3.1a] >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(487) > Requested protocol [LM1.2X002] >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(487) > Requested protocol [LANMAN2.1] >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(487) > Requested protocol [NT LM 0.12] >[2007/08/24 16:04:29, 10] lib/util.c:set_remote_arch(2212) > set_remote_arch: Client arch is 'Win2K' >[2007/08/24 16:04:29, 6] param/loadparm.c:lp_file_list_changed(3001) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Aug 24 16:02:59 2007 > >[2007/08/24 16:04:29, 5] smbd/connection.c:claim_connection(170) > claiming 0 >[2007/08/24 16:04:29, 6] param/loadparm.c:lp_file_list_changed(3001) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Aug 24 16:02:59 2007 > >[2007/08/24 16:04:29, 10] lib/util.c:name_to_fqdn(2854) > name_to_fqdn: lookup for NEMO -> NEMO.redseal.net. >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_nt1(357) > using SPNEGO >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(580) > Selected protocol NT LM 0.12 >[2007/08/24 16:04:29, 5] smbd/negprot.c:reply_negprot(586) > negprot index=5 >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(500) >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(510) > size=175 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=17 > smb_vwv[ 0]= 5 (0x5) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=22016 (0x5600) > smb_vwv[ 8]= 34 (0x22) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]=33011 (0x80F3) > smb_vwv[11]=32896 (0x8080) > smb_vwv[12]=48828 (0xBEBC) > smb_vwv[13]=41759 (0xA31F) > smb_vwv[14]=51174 (0xC7E6) > smb_vwv[15]=41985 (0xA401) > smb_vwv[16]=27137 (0x6A01) > smb_bcc=106 >[2007/08/24 16:04:29, 10] lib/util.c:dump_data(2237) > [000] 6E 65 6D 6F 00 00 00 00 00 00 00 00 00 00 00 00 nemo.... ........ > [010] 60 58 06 06 2B 06 01 05 05 02 A0 4E 30 4C A0 24 `X..+... ...N0L.$ > [020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. .......* > [030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H...... ..+..... > [040] 37 02 02 0A A3 24 30 22 A0 20 1B 1E 63 69 66 73 7....$0" . ..cifs > [050] 2F 6E 65 6D 6F 2E 72 65 64 73 65 61 6C 2E 6E 65 /nemo.re dseal.ne > [060] 74 40 52 53 2E 4C 4F 43 41 4C t@WINDOWS.DOMAIN >[2007/08/24 16:04:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2007/08/24 16:04:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 1422 >[2007/08/24 16:04:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x58e >[2007/08/24 16:04:29, 3] smbd/process.c:process_smb(1110) > Transaction 1 of length 1426 >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(500) >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(510) > size=1422 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=64 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 1422 (0x58E) > smb_vwv[ 2]=16644 (0x4104) > smb_vwv[ 3]= 50 (0x32) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 1261 (0x4ED) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 212 (0xD4) > smb_vwv[11]=40960 (0xA000) > smb_bcc=1363 >[2007/08/24 16:04:29, 10] lib/util.c:dump_data(2237) > [000] 60 82 04 E9 06 06 2B 06 01 05 05 02 A0 82 04 DD `.....+. ........ > [010] 30 82 04 D9 A0 24 30 22 06 09 2A 86 48 82 F7 12 0....$0" ..*.H... > [020] 01 02 02 06 09 2A 86 48 86 F7 12 01 02 02 06 0A .....*.H ........ > [030] 2B 06 01 04 01 82 37 02 02 0A A2 82 04 AF 04 82 +.....7. ........ > [040] 04 AB 60 82 04 A7 06 09 2A 86 48 86 F7 12 01 02 ..`..... *.H..... > [050] 02 01 00 6E 82 04 96 30 82 04 92 A0 03 02 01 05 ...n...0 ........ > [060] A1 03 02 01 0E A2 07 03 05 00 20 00 00 00 A3 82 ........ .. ..... > [070] 03 C0 61 82 03 BC 30 82 03 B8 A0 03 02 01 05 A1 ..a...0. ........ > [080] 0A 1B 08 52 53 2E 4C 4F 43 41 4C A2 23 30 21 A0 ...WINDOWS.DOMAIN.#0!. > [090] 03 02 01 02 A1 1A 30 18 1B 04 63 69 66 73 1B 10 ......0. ..cifs.. > [0A0] 6E 65 6D 6F 2E 72 65 64 73 65 61 6C 2E 6E 65 74 nemo.red seal.net > [0B0] A3 82 03 7E 30 82 03 7A A0 03 02 01 17 A1 03 02 ...~0..z ........ > [0C0] 01 02 A2 82 03 6C 04 82 03 68 68 FF 1B 86 BD 7A .....l.. .hh....z > [0D0] 91 07 8B 65 FA 30 EA 65 6B A5 DB 0C A8 95 8A 8C ...e.0.e k....... > [0E0] 83 91 84 16 8B D4 3B 9F AB 2A 70 EA 44 86 23 75 ......;. .*p.D.#u > [0F0] CF 4E 6F CA 57 17 A3 48 3E BF 44 92 D1 C3 B9 99 .No.W..H >.D..... > [100] 73 A7 73 78 F0 68 AA 8F 3F 8B AA AC CF CD AE 53 s.sx.h.. ?......S > [110] 48 B8 2B D9 DD F7 F6 11 11 56 9D 0F 79 8B C9 0E H.+..... .V..y... > [120] 91 56 41 FC B8 F0 37 10 8B 65 6C 1A 4A A8 D8 42 .VA...7. .el.J..B > [130] 32 14 15 72 05 C2 9B F0 D4 E4 80 44 50 60 53 78 2..r.... ...DP`Sx > [140] A8 FD ED 72 DA 40 AE D6 1B 1F A0 A1 67 1E F5 7D ...r.@.. ....g..} > [150] B7 A0 7C DD CF A1 04 0D 9C 3E 28 9D C2 B4 88 0F ..|..... .>(..... > [160] 18 05 95 AF 96 C8 4B D9 B6 52 42 E6 0B 0A 0C 76 ......K. .RB....v > [170] 50 01 02 60 9D 8C 6F A7 AF EA CD AA 86 9F 1E EE P..`..o. ........ > [180] 61 CF 20 DE F2 B9 16 FB 7C 00 80 55 8D 54 AE 60 a. ..... |..U.T.` > [190] 0A FC 4B CB 13 23 B5 30 9B 55 F7 47 55 03 9B F8 ..K..#.0 .U.GU... > [1A0] 5F A3 09 8B C9 27 FC CE 28 67 B4 F8 C0 98 3D 8D _....'.. (g....=. > [1B0] 8D 0B C4 6E 11 AE 2D CA 33 9E A4 D1 B9 69 AA 34 ...n..-. 3....i.4 > [1C0] ED 7D 4D AE FD 0B 14 5C 20 9B 37 D4 76 FE DF 94 .}M....\ .7.v... > [1D0] 7A 06 76 B6 B7 6B DB 6F 6C B4 12 B0 15 76 33 7D z.v..k.o l....v3} > [1E0] B9 6C 1C 4B 01 FB E4 46 02 11 25 91 05 8A 91 17 .l.K...F ..%..... > [1F0] 75 D6 30 91 B0 A5 49 EF C2 79 82 8E 50 30 94 89 u.0...I. .y..P0.. >[2007/08/24 16:04:29, 3] smbd/process.c:switch_message(914) > switch message SMBsesssetupX (pid 8790) conn 0x0 >[2007/08/24 16:04:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2007/08/24 16:04:29, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2007/08/24 16:04:29, 5] auth/auth_util.c:debug_unix_user_token(474) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2007/08/24 16:04:29, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849) > wct=12 flg2=0xc807 >[2007/08/24 16:04:29, 2] smbd/sesssetup.c:setup_new_vc_session(799) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660) > Doing spnego session setup >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691) > NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] >[2007/08/24 16:04:29, 10] lib/util.c:set_remote_arch(2212) > set_remote_arch: Client arch is 'WinXP' >[2007/08/24 16:04:29, 10] smbd/password.c:register_vuid(186) > register_vuid: allocated vuid = 100 >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_spnego_negotiate(551) > Got OID 1 2 840 48018 1 2 2 >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_spnego_negotiate(551) > Got OID 1 2 840 113554 1 2 2 >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_spnego_negotiate(551) > Got OID 1 3 6 1 4 1 311 2 2 10 >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_spnego_negotiate(554) > Got secblob of size 1195 >[2007/08/24 16:04:29, 10] passdb/secrets.c:secrets_named_mutex(779) > secrets_named_mutex: got mutex for replay cache mutex >[2007/08/24 16:04:29, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(261) > ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type >[2007/08/24 16:04:29, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(261) > ads_secrets_verify_ticket: enc type [3] failed to decrypt with error Bad encryption type >[2007/08/24 16:04:29, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(252) > ads_secrets_verify_ticket: enc type [23] decrypted message ! >[2007/08/24 16:04:29, 10] passdb/secrets.c:secrets_named_mutex_release(791) > secrets_named_mutex: released mutex for replay cache mutex >[2007/08/24 16:04:29, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(685) > Got KRB5 session key of length 16 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 pac_io_pac_data pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 num_buffers: 00000004 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 version: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 pac_io_pac_info_hdr pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 type: 00000001 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c size: 000001e8 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 offset: 00000048 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 offsethi: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 pac_io_pac_info_hdr pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 type: 0000000a >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c size: 00000018 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 offset: 00000230 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 offsethi: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000028 pac_io_pac_info_hdr pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 type: 00000006 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c size: 00000014 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 offset: 00000248 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 offsethi: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000038 pac_io_pac_info_hdr pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 type: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c size: 00000014 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 offset: 00000260 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 offsethi: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000048 pac_io_pac_info_hdr_ctr pac data >[2007/08/24 16:04:29, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(503) > PAC_TYPE_LOGON_INFO >[2007/08/24 16:04:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000048 pac_io_pac_logon_info pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 unknown: 00081001 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c unknown: cccccccc >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0050 bufferlen: 000001d8 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 bufferlenhi: 00000000 >[2007/08/24 16:04:29, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000058 net_io_user_info3 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0058 ptr_user_info : 00020000 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00005c smb_io_time logon time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c low : f0aa443f >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0060 high: 01c7e69a >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000064 smb_io_time logoff time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 low : ffffffff >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0068 high: 7fffffff >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00006c smb_io_time kickoff time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c low : ffffffff >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 high: 7fffffff >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000074 smb_io_time last set time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 low : 283e984e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 high: 01c753fa >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00007c smb_io_time can change time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c low : 283e984e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0080 high: 01c753fa >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000084 smb_io_time must change time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0084 low : ffffffff >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0088 high: 7fffffff >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00008c smb_io_unihdr hdr_user_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 008c uni_str_len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 008e uni_max_len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0090 buffer : 00020004 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000094 smb_io_unihdr hdr_full_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0094 uni_str_len: 001c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0096 uni_max_len: 001c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0098 buffer : 00020008 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00009c smb_io_unihdr hdr_logon_script >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009c uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009e uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a0 buffer : 0002000c >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000a4 smb_io_unihdr hdr_profile_path >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a4 uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a6 uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a8 buffer : 00020010 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000ac smb_io_unihdr hdr_home_dir >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00ac uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00ae uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 buffer : 00020014 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000b4 smb_io_unihdr hdr_dir_drive >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00b4 uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00b6 uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b8 buffer : 00020018 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00bc logon_count : 03c9 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00be bad_pw_count : 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 user_rid : 00000453 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 group_rid : 00000201 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 num_groups : 00000008 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc buffer_groups : 0002001c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d0 user_flgs : 00000020 >[2007/08/24 16:04:29, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) > dump_user_flgs > account has LOGON_EXTRA_SIDS >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00d4 user_sess_key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unihdr hdr_logon_srv >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00e4 uni_str_len: 000c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00e6 uni_max_len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e8 buffer : 00020020 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000ec smb_io_unihdr hdr_logon_dom >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00ec uni_str_len: 0004 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00ee uni_max_len: 0006 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f0 buffer : 00020024 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f4 buffer_dom_id : 00020028 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00f8 lm_sess_key: 00 00 00 00 00 00 00 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0100 acct_flags : 00000210 >[2007/08/24 16:04:29, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) > dump_acct_flags > account has ACB_NORMAL > account has ACB_PWNOEXP >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0104 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0108 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 010c unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0110 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0114 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0118 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 011c unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0120 num_other_sids: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0124 buffer_other_sids: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0128 ptr_res_group_dom_sid: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 012c res_group_count: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0130 ptr_res_groups: 00000000 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000134 smb_io_unistr2 uni_user_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0134 uni_max_len: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0138 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 013c uni_str_len: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0140 buffer : c.h.a.r.l.e.s. >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00014e smb_io_unistr2 uni_full_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0150 uni_max_len: 0000000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0154 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0158 uni_str_len: 0000000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 015c buffer : C.h.a.r.l.e.s. .G.i.l.l.e.t. >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000178 smb_io_unistr2 uni_logon_script >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0178 uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 017c offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0180 uni_str_len: 00000000 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000184 smb_io_unistr2 uni_profile_path >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0184 uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0188 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 018c uni_str_len: 00000000 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000190 smb_io_unistr2 uni_home_dir >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0190 uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0194 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0198 uni_str_len: 00000000 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00019c smb_io_unistr2 uni_dir_drive >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 019c uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a0 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a4 uni_str_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a8 num_groups2 : 00000008 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001ac smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01ac g_rid: 00000512 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01b0 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001b4 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01b4 g_rid: 00000508 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01b8 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001bc smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01bc g_rid: 00000504 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01c0 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001c4 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01c4 g_rid: 00000200 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01c8 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001cc smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01cc g_rid: 00000505 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01d0 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001d4 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01d4 g_rid: 0000050e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01d8 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001dc smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01dc g_rid: 00000207 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01e0 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001e4 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01e4 g_rid: 00000201 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01e8 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001ec smb_io_unistr2 uni_logon_srv >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01ec uni_max_len: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01f0 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01f4 uni_str_len: 00000006 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 01f8 buffer : U.R.C.H.I.N. >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000204 smb_io_unistr2 uni_logon_dom >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0204 uni_max_len: 00000003 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0208 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 020c uni_str_len: 00000002 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0210 buffer : R.S. >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000214 smb_io_dom_sid2 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0214 num_auths: 00000004 >[2007/08/24 16:04:29, 10] rpc_parse/parse_prs.c:prs_debug(84) > 000218 smb_io_dom_sid sid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0218 sid_rev_num: 01 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0219 num_auths : 04 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021a id_auth[0] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021b id_auth[1] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021c id_auth[2] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021d id_auth[3] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021e id_auth[4] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021f id_auth[5] : 05 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0220 sub_auths : 00000015 8ed5687a 8784e9f2 e426939e >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000230 pac_io_pac_info_hdr_ctr pac data >[2007/08/24 16:04:29, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(543) > PAC_TYPE_LOGON_NAME >[2007/08/24 16:04:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000230 pac_io_logon_name pac data >[2007/08/24 16:04:29, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000230 smb_io_time logon_time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0230 low : b25b5d80 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0234 high: 01c7e69b >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0238 len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 023a name: c.h.a.r.l.e.s. >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000248 pac_io_pac_info_hdr_ctr pac data >[2007/08/24 16:04:29, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(516) > PAC_TYPE_SERVER_CHECKSUM >[2007/08/24 16:04:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000248 pac_io_pac_signature_data pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0248 type: ffffff76 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 024c signature: 3d 7d ef e2 19 2b 63 ce e2 93 03 a2 0e 94 be 02 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00025c pac_io_pac_info_hdr_ctr pac data >[2007/08/24 16:04:29, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(489) > offset in header(x260) and data(x25c) do not match, correcting >[2007/08/24 16:04:29, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(529) > PAC_TYPE_PRIVSVR_CHECKSUM >[2007/08/24 16:04:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000260 pac_io_pac_signature_data pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0260 type: ffffff76 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0264 signature: 63 6e b0 67 51 2d fd 18 ca fa 9c 0c 4c 52 b6 a1 >[2007/08/24 16:04:29, 10] libads/authdata.c:decode_pac_data(911) > Successfully validated Kerberos PAC >[2007/08/24 16:04:29, 10] libads/authdata.c:dump_pac_logon_info(723) > The PAC: > User Flags: 0x20 (32) > User Flags: LOGON_EXTRA_SIDS 0x20 (32) > User SID: S-1-5-21-2396350586-2273634802-3827733406-1107 > Group SID: S-1-5-21-2396350586-2273634802-3827733406-513 > Group Membership (Global and Universal Groups of own domain): > 0: sid: S-1-5-21-2396350586-2273634802-3827733406-1298 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 1: sid: S-1-5-21-2396350586-2273634802-3827733406-1288 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 2: sid: S-1-5-21-2396350586-2273634802-3827733406-1284 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 3: sid: S-1-5-21-2396350586-2273634802-3827733406-512 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 4: sid: S-1-5-21-2396350586-2273634802-3827733406-1285 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 5: sid: S-1-5-21-2396350586-2273634802-3827733406-1294 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 6: sid: S-1-5-21-2396350586-2273634802-3827733406-519 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 7: sid: S-1-5-21-2396350586-2273634802-3827733406-513 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > Group Membership (Domain Local Groups and Groups from Trusted Domains): > Group Membership (Ressource Groups (SID History ?)): >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_spnego_kerberos(207) > Ticket name is [linuxuser@WINDOWS.DOMAIN] >[2007/08/24 16:04:29, 10] libsmb/samlogon_cache.c:netsamlogon_cache_store(134) > netsamlogon_cache_store: SID [S-1-5-21-2396350586-2273634802-3827733406-1107] >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 timestamp: 46cf63fd >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000004 net_io_user_info3 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 ptr_user_info : 00020000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_time logon time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 low : f0aa443f >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c high: 01c7e69a >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_time logoff time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 low : ffffffff >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 high: 7fffffff >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_time kickoff time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 low : ffffffff >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c high: 7fffffff >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_time last set time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 low : 283e984e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 high: 01c753fa >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_time can change time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 low : 283e984e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c high: 01c753fa >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_time must change time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 low : ffffffff >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 high: 7fffffff >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_unihdr hdr_user_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 uni_str_len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a uni_max_len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c buffer : 00020004 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000040 smb_io_unihdr hdr_full_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0040 uni_str_len: 001c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0042 uni_max_len: 001c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 buffer : 00020008 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_unihdr hdr_logon_script >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0048 uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 004a uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c buffer : 0002000c >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_unihdr hdr_profile_path >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0050 uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0052 uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 buffer : 00020010 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000058 smb_io_unihdr hdr_home_dir >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0058 uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 005a uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c buffer : 00020014 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000060 smb_io_unihdr hdr_dir_drive >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0060 uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 buffer : 00020018 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0068 logon_count : 03c9 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006a bad_pw_count : 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c user_rid : 00000453 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 group_rid : 00000201 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 num_groups : 00000008 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 buffer_groups : 0002001c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c user_flgs : 00000020 >[2007/08/24 16:04:29, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) > dump_user_flgs > account has LOGON_EXTRA_SIDS >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0080 user_sess_key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000090 smb_io_unihdr hdr_logon_srv >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0090 uni_str_len: 000c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0092 uni_max_len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0094 buffer : 00020020 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000098 smb_io_unihdr hdr_logon_dom >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0098 uni_str_len: 0004 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009a uni_max_len: 0006 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 009c buffer : 00020024 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a0 buffer_dom_id : 00020028 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00a4 lm_sess_key: 00 00 00 00 00 00 00 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ac acct_flags : 00000210 >[2007/08/24 16:04:29, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) > dump_acct_flags > account has ACB_NORMAL > account has ACB_PWNOEXP >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b4 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b8 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00bc unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc num_other_sids: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d0 buffer_other_sids: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000d4 smb_io_unistr2 uni_user_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d4 uni_max_len: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d8 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00dc uni_str_len: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00e0 buffer : c.h.a.r.l.e.s. >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 uni_full_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f0 uni_max_len: 0000000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f4 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f8 uni_str_len: 0000000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00fc buffer : C.h.a.r.l.e.s. .G.i.l.l.e.t. >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000118 smb_io_unistr2 uni_logon_script >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0118 uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 011c offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0120 uni_str_len: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000124 smb_io_unistr2 uni_profile_path >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0124 uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0128 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 012c uni_str_len: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000130 smb_io_unistr2 uni_home_dir >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0130 uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0134 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0138 uni_str_len: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00013c smb_io_unistr2 uni_dir_drive >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 013c uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0140 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0144 uni_str_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0148 num_groups2 : 00000008 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00014c smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 014c g_rid: 00000512 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0150 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000154 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0154 g_rid: 00000508 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0158 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00015c smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 015c g_rid: 00000504 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0160 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000164 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0164 g_rid: 00000200 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0168 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00016c smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 016c g_rid: 00000505 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0170 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000174 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0174 g_rid: 0000050e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0178 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00017c smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 017c g_rid: 00000207 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0180 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000184 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0184 g_rid: 00000201 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0188 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00018c smb_io_unistr2 uni_logon_srv >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 018c uni_max_len: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0190 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0194 uni_str_len: 00000006 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0198 buffer : U.R.C.H.I.N. >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0001a4 smb_io_unistr2 uni_logon_dom >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a4 uni_max_len: 00000003 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a8 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01ac uni_str_len: 00000002 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 01b0 buffer : R.S. >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0001b4 smb_io_dom_sid2 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01b4 num_auths: 00000004 >[2007/08/24 16:04:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0001b8 smb_io_dom_sid sid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01b8 sid_rev_num: 01 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01b9 num_auths : 04 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01ba id_auth[0] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01bb id_auth[1] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01bc id_auth[2] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01bd id_auth[3] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01be id_auth[4] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01bf id_auth[5] : 05 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 01c0 sub_auths : 00000015 8ed5687a 8784e9f2 e426939e >[2007/08/24 16:04:29, 10] smbd/sesssetup.c:reply_spnego_kerberos(250) > Mapped to [WINDOWS] (using PAC) >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user WINDOWS\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(83) > Trying _Get_Pwnam(), username as given is WINDOWS\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is WINDOWS\LINUXUSER >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [WINDOWS\linuxuser]! >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals did find user [linuxuser]! >[2007/08/24 16:04:29, 6] param/loadparm.c:lp_file_list_changed(3001) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Aug 24 16:02:59 2007 > >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user WINDOWS\windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is windows\rs\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(83) > Trying _Get_Pwnam(), username as given is WINDOWS\windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is WINDOWS\WINDOWS\LINUXUSER >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in windows\rs\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [WINDOWS\windows\linuxuser]! >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is WINDOWS\LINUXUSER >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [windows\linuxuser]! >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is WINDOWS\LINUXUSER >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [windows\linuxuser]! >[2007/08/24 16:04:29, 1] smbd/sesssetup.c:reply_spnego_kerberos(334) > make_server_info_info3 failed: NT_STATUS_NO_SUCH_USER! >[2007/08/24 16:04:29, 3] smbd/error.c:error_packet(146) > error packet at smbd/sesssetup.c(339) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(500) >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(510) > size=35 > smb_com=0x73 > smb_rcls=109 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=64 > smt_wct=0 > smb_bcc=0 >[2007/08/24 16:04:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2007/08/24 16:04:29, 10] lib/util_sock.c:read_data(525) > read_data: read of 4 returned 0. Error = Success >[2007/08/24 16:04:29, 10] lib/util_sock.c:receive_smb_raw(672) > receive_smb_raw: length < 0! >[2007/08/24 16:04:29, 3] smbd/process.c:timeout_processing(1359) > timeout_processing: End of file from client (client has disconnected). >[2007/08/24 16:04:29, 5] lib/gencache.c:gencache_shutdown(90) > Closing cache file >[2007/08/24 16:04:29, 5] libsmb/namecache.c:namecache_shutdown(79) > namecache_shutdown: netbios namecache closed successfully. >[2007/08/24 16:04:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2007/08/24 16:04:29, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2007/08/24 16:04:29, 5] auth/auth_util.c:debug_unix_user_token(474) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2007/08/24 16:04:29, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2007/08/24 16:04:29, 3] smbd/connection.c:yield_connection(69) > Yielding connection to >[2007/08/24 16:04:29, 3] smbd/server.c:exit_server_common(675) > Server exit (normal exit) >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 16384 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 87380 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_KEEPALIVE = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_REUSEADDR = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_BROADCAST = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_NODELAY = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPCNT = 9 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPIDLE = 7200 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option TCP_KEEPINTVL = 75 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_LOWDELAY = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option IPTOS_THROUGHPUT = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDBUF = 16384 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVBUF = 87380 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDLOWAT = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVLOWAT = 1 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_SNDTIMEO = 0 >[2007/08/24 16:04:29, 5] lib/util_sock.c:print_socket_options(206) > socket option SO_RCVTIMEO = 0 >[2007/08/24 16:04:29, 6] param/loadparm.c:lp_file_list_changed(3001) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Aug 24 16:02:59 2007 > >[2007/08/24 16:04:29, 3] smbd/oplock.c:init_oplocks(862) > open_oplock_ipc: initializing messages. >[2007/08/24 16:04:29, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(260) > Linux kernel oplocks enabled >[2007/08/24 16:04:29, 4] lib/time.c:TimeInit(136) > TimeInit: Serverzone is 25200 >[2007/08/24 16:04:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2007/08/24 16:04:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 133 >[2007/08/24 16:04:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x85 >[2007/08/24 16:04:29, 3] smbd/process.c:process_smb(1110) > Transaction 0 of length 137 >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(500) >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(510) > size=133 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51283 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=0 > smb_bcc=98 >[2007/08/24 16:04:29, 10] lib/util.c:dump_data(2237) > [000] 02 50 43 20 4E 45 54 57 4F 52 4B 20 50 52 4F 47 .PC NETW ORK PROG > [010] 52 41 4D 20 31 2E 30 00 02 4C 41 4E 4D 41 4E 31 RAM 1.0. .LANMAN1 > [020] 2E 30 00 02 57 69 6E 64 6F 77 73 20 66 6F 72 20 .0..Wind ows for > [030] 57 6F 72 6B 67 72 6F 75 70 73 20 33 2E 31 61 00 Workgrou ps 3.1a. > [040] 02 4C 4D 31 2E 32 58 30 30 32 00 02 4C 41 4E 4D .LM1.2X0 02..LANM > [050] 41 4E 32 2E 31 00 02 4E 54 20 4C 4D 20 30 2E 31 AN2.1..N T LM 0.1 > [060] 32 00 2. >[2007/08/24 16:04:29, 3] smbd/process.c:switch_message(914) > switch message SMBnegprot (pid 8791) conn 0x0 >[2007/08/24 16:04:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2007/08/24 16:04:29, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2007/08/24 16:04:29, 5] auth/auth_util.c:debug_unix_user_token(474) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2007/08/24 16:04:29, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(487) > Requested protocol [PC NETWORK PROGRAM 1.0] >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(487) > Requested protocol [LANMAN1.0] >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(487) > Requested protocol [Windows for Workgroups 3.1a] >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(487) > Requested protocol [LM1.2X002] >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(487) > Requested protocol [LANMAN2.1] >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(487) > Requested protocol [NT LM 0.12] >[2007/08/24 16:04:29, 10] lib/util.c:set_remote_arch(2212) > set_remote_arch: Client arch is 'Win2K' >[2007/08/24 16:04:29, 6] param/loadparm.c:lp_file_list_changed(3001) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Aug 24 16:02:59 2007 > >[2007/08/24 16:04:29, 5] smbd/connection.c:claim_connection(170) > claiming 0 >[2007/08/24 16:04:29, 6] param/loadparm.c:lp_file_list_changed(3001) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Aug 24 16:02:59 2007 > >[2007/08/24 16:04:29, 10] lib/util.c:name_to_fqdn(2854) > name_to_fqdn: lookup for NEMO -> NEMO.redseal.net. >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_nt1(357) > using SPNEGO >[2007/08/24 16:04:29, 3] smbd/negprot.c:reply_negprot(580) > Selected protocol NT LM 0.12 >[2007/08/24 16:04:29, 5] smbd/negprot.c:reply_negprot(586) > negprot index=5 >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(500) >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(510) > size=175 > smb_com=0x72 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=0 > smt_wct=17 > smb_vwv[ 0]= 5 (0x5) > smb_vwv[ 1]=12803 (0x3203) > smb_vwv[ 2]= 256 (0x100) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 65 (0x41) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 256 (0x100) > smb_vwv[ 7]=22272 (0x5700) > smb_vwv[ 8]= 34 (0x22) > smb_vwv[ 9]=64768 (0xFD00) > smb_vwv[10]=33011 (0x80F3) > smb_vwv[11]=32896 (0x8080) > smb_vwv[12]=48828 (0xBEBC) > smb_vwv[13]=41759 (0xA31F) > smb_vwv[14]=51174 (0xC7E6) > smb_vwv[15]=41985 (0xA401) > smb_vwv[16]=27137 (0x6A01) > smb_bcc=106 >[2007/08/24 16:04:29, 10] lib/util.c:dump_data(2237) > [000] 6E 65 6D 6F 00 00 00 00 00 00 00 00 00 00 00 00 nemo.... ........ > [010] 60 58 06 06 2B 06 01 05 05 02 A0 4E 30 4C A0 24 `X..+... ...N0L.$ > [020] 30 22 06 09 2A 86 48 86 F7 12 01 02 02 06 09 2A 0"..*.H. .......* > [030] 86 48 82 F7 12 01 02 02 06 0A 2B 06 01 04 01 82 .H...... ..+..... > [040] 37 02 02 0A A3 24 30 22 A0 20 1B 1E 63 69 66 73 7....$0" . ..cifs > [050] 2F 6E 65 6D 6F 2E 72 65 64 73 65 61 6C 2E 6E 65 /nemo.re dseal.ne > [060] 74 40 52 53 2E 4C 4F 43 41 4C t@WINDOWS.DOMAIN >[2007/08/24 16:04:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2007/08/24 16:04:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 1422 >[2007/08/24 16:04:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x58e >[2007/08/24 16:04:29, 3] smbd/process.c:process_smb(1110) > Transaction 1 of length 1426 >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(500) >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(510) > size=1422 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=64 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 1422 (0x58E) > smb_vwv[ 2]=16644 (0x4104) > smb_vwv[ 3]= 50 (0x32) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 1261 (0x4ED) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 212 (0xD4) > smb_vwv[11]=40960 (0xA000) > smb_bcc=1363 >[2007/08/24 16:04:29, 10] lib/util.c:dump_data(2237) > [000] 60 82 04 E9 06 06 2B 06 01 05 05 02 A0 82 04 DD `.....+. ........ > [010] 30 82 04 D9 A0 24 30 22 06 09 2A 86 48 82 F7 12 0....$0" ..*.H... > [020] 01 02 02 06 09 2A 86 48 86 F7 12 01 02 02 06 0A .....*.H ........ > [030] 2B 06 01 04 01 82 37 02 02 0A A2 82 04 AF 04 82 +.....7. ........ > [040] 04 AB 60 82 04 A7 06 09 2A 86 48 86 F7 12 01 02 ..`..... *.H..... > [050] 02 01 00 6E 82 04 96 30 82 04 92 A0 03 02 01 05 ...n...0 ........ > [060] A1 03 02 01 0E A2 07 03 05 00 20 00 00 00 A3 82 ........ .. ..... > [070] 03 C0 61 82 03 BC 30 82 03 B8 A0 03 02 01 05 A1 ..a...0. ........ > [080] 0A 1B 08 52 53 2E 4C 4F 43 41 4C A2 23 30 21 A0 ...WINDOWS.DOMAIN.#0!. > [090] 03 02 01 02 A1 1A 30 18 1B 04 63 69 66 73 1B 10 ......0. ..cifs.. > [0A0] 6E 65 6D 6F 2E 72 65 64 73 65 61 6C 2E 6E 65 74 nemo.red seal.net > [0B0] A3 82 03 7E 30 82 03 7A A0 03 02 01 17 A1 03 02 ...~0..z ........ > [0C0] 01 02 A2 82 03 6C 04 82 03 68 68 FF 1B 86 BD 7A .....l.. .hh....z > [0D0] 91 07 8B 65 FA 30 EA 65 6B A5 DB 0C A8 95 8A 8C ...e.0.e k....... > [0E0] 83 91 84 16 8B D4 3B 9F AB 2A 70 EA 44 86 23 75 ......;. .*p.D.#u > [0F0] CF 4E 6F CA 57 17 A3 48 3E BF 44 92 D1 C3 B9 99 .No.W..H >.D..... > [100] 73 A7 73 78 F0 68 AA 8F 3F 8B AA AC CF CD AE 53 s.sx.h.. ?......S > [110] 48 B8 2B D9 DD F7 F6 11 11 56 9D 0F 79 8B C9 0E H.+..... .V..y... > [120] 91 56 41 FC B8 F0 37 10 8B 65 6C 1A 4A A8 D8 42 .VA...7. .el.J..B > [130] 32 14 15 72 05 C2 9B F0 D4 E4 80 44 50 60 53 78 2..r.... ...DP`Sx > [140] A8 FD ED 72 DA 40 AE D6 1B 1F A0 A1 67 1E F5 7D ...r.@.. ....g..} > [150] B7 A0 7C DD CF A1 04 0D 9C 3E 28 9D C2 B4 88 0F ..|..... .>(..... > [160] 18 05 95 AF 96 C8 4B D9 B6 52 42 E6 0B 0A 0C 76 ......K. .RB....v > [170] 50 01 02 60 9D 8C 6F A7 AF EA CD AA 86 9F 1E EE P..`..o. ........ > [180] 61 CF 20 DE F2 B9 16 FB 7C 00 80 55 8D 54 AE 60 a. ..... |..U.T.` > [190] 0A FC 4B CB 13 23 B5 30 9B 55 F7 47 55 03 9B F8 ..K..#.0 .U.GU... > [1A0] 5F A3 09 8B C9 27 FC CE 28 67 B4 F8 C0 98 3D 8D _....'.. (g....=. > [1B0] 8D 0B C4 6E 11 AE 2D CA 33 9E A4 D1 B9 69 AA 34 ...n..-. 3....i.4 > [1C0] ED 7D 4D AE FD 0B 14 5C 20 9B 37 D4 76 FE DF 94 .}M....\ .7.v... > [1D0] 7A 06 76 B6 B7 6B DB 6F 6C B4 12 B0 15 76 33 7D z.v..k.o l....v3} > [1E0] B9 6C 1C 4B 01 FB E4 46 02 11 25 91 05 8A 91 17 .l.K...F ..%..... > [1F0] 75 D6 30 91 B0 A5 49 EF C2 79 82 8E 50 30 94 89 u.0...I. .y..P0.. >[2007/08/24 16:04:29, 3] smbd/process.c:switch_message(914) > switch message SMBsesssetupX (pid 8791) conn 0x0 >[2007/08/24 16:04:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2007/08/24 16:04:29, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2007/08/24 16:04:29, 5] auth/auth_util.c:debug_unix_user_token(474) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2007/08/24 16:04:29, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849) > wct=12 flg2=0xc807 >[2007/08/24 16:04:29, 2] smbd/sesssetup.c:setup_new_vc_session(799) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660) > Doing spnego session setup >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691) > NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] >[2007/08/24 16:04:29, 10] lib/util.c:set_remote_arch(2212) > set_remote_arch: Client arch is 'WinXP' >[2007/08/24 16:04:29, 10] smbd/password.c:register_vuid(186) > register_vuid: allocated vuid = 100 >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_spnego_negotiate(551) > Got OID 1 2 840 48018 1 2 2 >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_spnego_negotiate(551) > Got OID 1 2 840 113554 1 2 2 >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_spnego_negotiate(551) > Got OID 1 3 6 1 4 1 311 2 2 10 >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_spnego_negotiate(554) > Got secblob of size 1195 >[2007/08/24 16:04:29, 10] passdb/secrets.c:secrets_named_mutex(779) > secrets_named_mutex: got mutex for replay cache mutex >[2007/08/24 16:04:29, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(261) > ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type >[2007/08/24 16:04:29, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(261) > ads_secrets_verify_ticket: enc type [3] failed to decrypt with error Bad encryption type >[2007/08/24 16:04:29, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(252) > ads_secrets_verify_ticket: enc type [23] decrypted message ! >[2007/08/24 16:04:29, 10] passdb/secrets.c:secrets_named_mutex_release(791) > secrets_named_mutex: released mutex for replay cache mutex >[2007/08/24 16:04:29, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(685) > Got KRB5 session key of length 16 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 pac_io_pac_data pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 num_buffers: 00000004 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 version: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 pac_io_pac_info_hdr pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 type: 00000001 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c size: 000001e8 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 offset: 00000048 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 offsethi: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 pac_io_pac_info_hdr pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 type: 0000000a >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c size: 00000018 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 offset: 00000230 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 offsethi: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000028 pac_io_pac_info_hdr pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 type: 00000006 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c size: 00000014 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 offset: 00000248 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 offsethi: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000038 pac_io_pac_info_hdr pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 type: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c size: 00000014 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 offset: 00000260 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 offsethi: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000048 pac_io_pac_info_hdr_ctr pac data >[2007/08/24 16:04:29, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(503) > PAC_TYPE_LOGON_INFO >[2007/08/24 16:04:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000048 pac_io_pac_logon_info pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 unknown: 00081001 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c unknown: cccccccc >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0050 bufferlen: 000001d8 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 bufferlenhi: 00000000 >[2007/08/24 16:04:29, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000058 net_io_user_info3 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0058 ptr_user_info : 00020000 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00005c smb_io_time logon time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c low : f0aa443f >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0060 high: 01c7e69a >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000064 smb_io_time logoff time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 low : ffffffff >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0068 high: 7fffffff >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00006c smb_io_time kickoff time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c low : ffffffff >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 high: 7fffffff >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000074 smb_io_time last set time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 low : 283e984e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 high: 01c753fa >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00007c smb_io_time can change time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c low : 283e984e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0080 high: 01c753fa >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000084 smb_io_time must change time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0084 low : ffffffff >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0088 high: 7fffffff >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00008c smb_io_unihdr hdr_user_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 008c uni_str_len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 008e uni_max_len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0090 buffer : 00020004 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000094 smb_io_unihdr hdr_full_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0094 uni_str_len: 001c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0096 uni_max_len: 001c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0098 buffer : 00020008 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00009c smb_io_unihdr hdr_logon_script >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009c uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009e uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a0 buffer : 0002000c >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000a4 smb_io_unihdr hdr_profile_path >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a4 uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a6 uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a8 buffer : 00020010 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000ac smb_io_unihdr hdr_home_dir >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00ac uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00ae uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 buffer : 00020014 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000b4 smb_io_unihdr hdr_dir_drive >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00b4 uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00b6 uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b8 buffer : 00020018 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00bc logon_count : 03c9 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00be bad_pw_count : 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 user_rid : 00000453 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 group_rid : 00000201 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 num_groups : 00000008 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc buffer_groups : 0002001c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d0 user_flgs : 00000020 >[2007/08/24 16:04:29, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) > dump_user_flgs > account has LOGON_EXTRA_SIDS >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00d4 user_sess_key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unihdr hdr_logon_srv >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00e4 uni_str_len: 000c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00e6 uni_max_len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e8 buffer : 00020020 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000ec smb_io_unihdr hdr_logon_dom >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00ec uni_str_len: 0004 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00ee uni_max_len: 0006 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f0 buffer : 00020024 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f4 buffer_dom_id : 00020028 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00f8 lm_sess_key: 00 00 00 00 00 00 00 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0100 acct_flags : 00000210 >[2007/08/24 16:04:29, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) > dump_acct_flags > account has ACB_NORMAL > account has ACB_PWNOEXP >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0104 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0108 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 010c unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0110 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0114 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0118 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 011c unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0120 num_other_sids: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0124 buffer_other_sids: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0128 ptr_res_group_dom_sid: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 012c res_group_count: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0130 ptr_res_groups: 00000000 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000134 smb_io_unistr2 uni_user_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0134 uni_max_len: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0138 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 013c uni_str_len: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0140 buffer : c.h.a.r.l.e.s. >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00014e smb_io_unistr2 uni_full_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0150 uni_max_len: 0000000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0154 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0158 uni_str_len: 0000000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 015c buffer : C.h.a.r.l.e.s. .G.i.l.l.e.t. >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000178 smb_io_unistr2 uni_logon_script >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0178 uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 017c offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0180 uni_str_len: 00000000 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000184 smb_io_unistr2 uni_profile_path >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0184 uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0188 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 018c uni_str_len: 00000000 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000190 smb_io_unistr2 uni_home_dir >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0190 uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0194 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0198 uni_str_len: 00000000 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00019c smb_io_unistr2 uni_dir_drive >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 019c uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a0 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a4 uni_str_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a8 num_groups2 : 00000008 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001ac smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01ac g_rid: 00000512 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01b0 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001b4 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01b4 g_rid: 00000508 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01b8 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001bc smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01bc g_rid: 00000504 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01c0 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001c4 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01c4 g_rid: 00000200 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01c8 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001cc smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01cc g_rid: 00000505 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01d0 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001d4 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01d4 g_rid: 0000050e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01d8 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001dc smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01dc g_rid: 00000207 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01e0 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001e4 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01e4 g_rid: 00000201 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01e8 attr : 00000007 >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001ec smb_io_unistr2 uni_logon_srv >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01ec uni_max_len: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01f0 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01f4 uni_str_len: 00000006 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 01f8 buffer : U.R.C.H.I.N. >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000204 smb_io_unistr2 uni_logon_dom >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0204 uni_max_len: 00000003 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0208 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 020c uni_str_len: 00000002 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0210 buffer : R.S. >[2007/08/24 16:04:29, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000214 smb_io_dom_sid2 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0214 num_auths: 00000004 >[2007/08/24 16:04:29, 10] rpc_parse/parse_prs.c:prs_debug(84) > 000218 smb_io_dom_sid sid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0218 sid_rev_num: 01 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0219 num_auths : 04 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021a id_auth[0] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021b id_auth[1] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021c id_auth[2] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021d id_auth[3] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021e id_auth[4] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021f id_auth[5] : 05 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0220 sub_auths : 00000015 8ed5687a 8784e9f2 e426939e >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000230 pac_io_pac_info_hdr_ctr pac data >[2007/08/24 16:04:29, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(543) > PAC_TYPE_LOGON_NAME >[2007/08/24 16:04:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000230 pac_io_logon_name pac data >[2007/08/24 16:04:29, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000230 smb_io_time logon_time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0230 low : b25b5d80 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0234 high: 01c7e69b >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0238 len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 023a name: c.h.a.r.l.e.s. >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000248 pac_io_pac_info_hdr_ctr pac data >[2007/08/24 16:04:29, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(516) > PAC_TYPE_SERVER_CHECKSUM >[2007/08/24 16:04:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000248 pac_io_pac_signature_data pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0248 type: ffffff76 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 024c signature: 3d 7d ef e2 19 2b 63 ce e2 93 03 a2 0e 94 be 02 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00025c pac_io_pac_info_hdr_ctr pac data >[2007/08/24 16:04:29, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(489) > offset in header(x260) and data(x25c) do not match, correcting >[2007/08/24 16:04:29, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(529) > PAC_TYPE_PRIVSVR_CHECKSUM >[2007/08/24 16:04:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000260 pac_io_pac_signature_data pac data >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0260 type: ffffff76 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0264 signature: 63 6e b0 67 51 2d fd 18 ca fa 9c 0c 4c 52 b6 a1 >[2007/08/24 16:04:29, 10] libads/authdata.c:decode_pac_data(911) > Successfully validated Kerberos PAC >[2007/08/24 16:04:29, 10] libads/authdata.c:dump_pac_logon_info(723) > The PAC: > User Flags: 0x20 (32) > User Flags: LOGON_EXTRA_SIDS 0x20 (32) > User SID: S-1-5-21-2396350586-2273634802-3827733406-1107 > Group SID: S-1-5-21-2396350586-2273634802-3827733406-513 > Group Membership (Global and Universal Groups of own domain): > 0: sid: S-1-5-21-2396350586-2273634802-3827733406-1298 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 1: sid: S-1-5-21-2396350586-2273634802-3827733406-1288 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 2: sid: S-1-5-21-2396350586-2273634802-3827733406-1284 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 3: sid: S-1-5-21-2396350586-2273634802-3827733406-512 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 4: sid: S-1-5-21-2396350586-2273634802-3827733406-1285 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 5: sid: S-1-5-21-2396350586-2273634802-3827733406-1294 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 6: sid: S-1-5-21-2396350586-2273634802-3827733406-519 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 7: sid: S-1-5-21-2396350586-2273634802-3827733406-513 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > Group Membership (Domain Local Groups and Groups from Trusted Domains): > Group Membership (Ressource Groups (SID History ?)): >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_spnego_kerberos(207) > Ticket name is [linuxuser@WINDOWS.DOMAIN] >[2007/08/24 16:04:29, 10] libsmb/samlogon_cache.c:netsamlogon_cache_store(134) > netsamlogon_cache_store: SID [S-1-5-21-2396350586-2273634802-3827733406-1107] >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 timestamp: 46cf63fd >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000004 net_io_user_info3 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 ptr_user_info : 00020000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_time logon time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 low : f0aa443f >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c high: 01c7e69a >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_time logoff time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 low : ffffffff >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 high: 7fffffff >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_time kickoff time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 low : ffffffff >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c high: 7fffffff >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_time last set time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 low : 283e984e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 high: 01c753fa >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_time can change time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 low : 283e984e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c high: 01c753fa >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_time must change time >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 low : ffffffff >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 high: 7fffffff >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_unihdr hdr_user_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 uni_str_len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a uni_max_len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c buffer : 00020004 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000040 smb_io_unihdr hdr_full_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0040 uni_str_len: 001c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0042 uni_max_len: 001c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 buffer : 00020008 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_unihdr hdr_logon_script >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0048 uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 004a uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c buffer : 0002000c >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_unihdr hdr_profile_path >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0050 uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0052 uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 buffer : 00020010 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000058 smb_io_unihdr hdr_home_dir >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0058 uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 005a uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c buffer : 00020014 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000060 smb_io_unihdr hdr_dir_drive >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0060 uni_str_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 uni_max_len: 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 buffer : 00020018 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0068 logon_count : 03c9 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006a bad_pw_count : 0000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c user_rid : 00000453 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 group_rid : 00000201 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 num_groups : 00000008 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 buffer_groups : 0002001c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c user_flgs : 00000020 >[2007/08/24 16:04:29, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) > dump_user_flgs > account has LOGON_EXTRA_SIDS >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0080 user_sess_key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000090 smb_io_unihdr hdr_logon_srv >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0090 uni_str_len: 000c >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0092 uni_max_len: 000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0094 buffer : 00020020 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000098 smb_io_unihdr hdr_logon_dom >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0098 uni_str_len: 0004 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009a uni_max_len: 0006 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 009c buffer : 00020024 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a0 buffer_dom_id : 00020028 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00a4 lm_sess_key: 00 00 00 00 00 00 00 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ac acct_flags : 00000210 >[2007/08/24 16:04:29, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) > dump_acct_flags > account has ACB_NORMAL > account has ACB_PWNOEXP >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b4 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b8 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00bc unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 unkown: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc num_other_sids: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d0 buffer_other_sids: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000d4 smb_io_unistr2 uni_user_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d4 uni_max_len: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d8 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00dc uni_str_len: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00e0 buffer : c.h.a.r.l.e.s. >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 uni_full_name >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f0 uni_max_len: 0000000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f4 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f8 uni_str_len: 0000000e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00fc buffer : C.h.a.r.l.e.s. .G.i.l.l.e.t. >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000118 smb_io_unistr2 uni_logon_script >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0118 uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 011c offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0120 uni_str_len: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000124 smb_io_unistr2 uni_profile_path >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0124 uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0128 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 012c uni_str_len: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000130 smb_io_unistr2 uni_home_dir >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0130 uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0134 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0138 uni_str_len: 00000000 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00013c smb_io_unistr2 uni_dir_drive >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 013c uni_max_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0140 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0144 uni_str_len: 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0148 num_groups2 : 00000008 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00014c smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 014c g_rid: 00000512 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0150 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000154 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0154 g_rid: 00000508 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0158 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00015c smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 015c g_rid: 00000504 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0160 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000164 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0164 g_rid: 00000200 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0168 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00016c smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 016c g_rid: 00000505 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0170 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000174 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0174 g_rid: 0000050e >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0178 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00017c smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 017c g_rid: 00000207 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0180 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000184 smb_io_gid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0184 g_rid: 00000201 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0188 attr : 00000007 >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00018c smb_io_unistr2 uni_logon_srv >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 018c uni_max_len: 00000007 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0190 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0194 uni_str_len: 00000006 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0198 buffer : U.R.C.H.I.N. >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0001a4 smb_io_unistr2 uni_logon_dom >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a4 uni_max_len: 00000003 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a8 offset : 00000000 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01ac uni_str_len: 00000002 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 01b0 buffer : R.S. >[2007/08/24 16:04:29, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0001b4 smb_io_dom_sid2 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01b4 num_auths: 00000004 >[2007/08/24 16:04:29, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0001b8 smb_io_dom_sid sid >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01b8 sid_rev_num: 01 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01b9 num_auths : 04 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01ba id_auth[0] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01bb id_auth[1] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01bc id_auth[2] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01bd id_auth[3] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01be id_auth[4] : 00 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01bf id_auth[5] : 05 >[2007/08/24 16:04:29, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 01c0 sub_auths : 00000015 8ed5687a 8784e9f2 e426939e >[2007/08/24 16:04:29, 10] smbd/sesssetup.c:reply_spnego_kerberos(250) > Mapped to [WINDOWS] (using PAC) >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user WINDOWS\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(83) > Trying _Get_Pwnam(), username as given is WINDOWS\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is WINDOWS\LINUXUSER >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [WINDOWS\linuxuser]! >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals did find user [linuxuser]! >[2007/08/24 16:04:29, 6] param/loadparm.c:lp_file_list_changed(3001) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Aug 24 16:02:59 2007 > >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user WINDOWS\windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is windows\rs\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(83) > Trying _Get_Pwnam(), username as given is WINDOWS\windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is WINDOWS\WINDOWS\LINUXUSER >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in windows\rs\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [WINDOWS\windows\linuxuser]! >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is WINDOWS\LINUXUSER >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [windows\linuxuser]! >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is WINDOWS\LINUXUSER >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in windows\linuxuser >[2007/08/24 16:04:29, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [windows\linuxuser]! >[2007/08/24 16:04:29, 1] smbd/sesssetup.c:reply_spnego_kerberos(334) > make_server_info_info3 failed: NT_STATUS_NO_SUCH_USER! >[2007/08/24 16:04:29, 3] smbd/error.c:error_packet(146) > error packet at smbd/sesssetup.c(339) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(500) >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(510) > size=35 > smb_com=0x73 > smb_rcls=109 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=64 > smt_wct=0 > smb_bcc=0 >[2007/08/24 16:04:29, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2007/08/24 16:04:29, 10] lib/util_sock.c:read_smb_length_return_keepalive(623) > got smb length of 1422 >[2007/08/24 16:04:29, 6] smbd/process.c:process_smb(1109) > got message type 0x0 of len 0x58e >[2007/08/24 16:04:29, 3] smbd/process.c:process_smb(1110) > Transaction 2 of length 1426 >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(500) >[2007/08/24 16:04:29, 5] lib/util.c:show_msg(510) > size=1422 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=0 > smb_mid=128 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 1422 (0x58E) > smb_vwv[ 2]=16644 (0x4104) > smb_vwv[ 3]= 50 (0x32) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 1261 (0x4ED) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 212 (0xD4) > smb_vwv[11]=40960 (0xA000) > smb_bcc=1363 >[2007/08/24 16:04:29, 10] lib/util.c:dump_data(2237) > [000] 60 82 04 E9 06 06 2B 06 01 05 05 02 A0 82 04 DD `.....+. ........ > [010] 30 82 04 D9 A0 24 30 22 06 09 2A 86 48 82 F7 12 0....$0" ..*.H... > [020] 01 02 02 06 09 2A 86 48 86 F7 12 01 02 02 06 0A .....*.H ........ > [030] 2B 06 01 04 01 82 37 02 02 0A A2 82 04 AF 04 82 +.....7. ........ > [040] 04 AB 60 82 04 A7 06 09 2A 86 48 86 F7 12 01 02 ..`..... *.H..... > [050] 02 01 00 6E 82 04 96 30 82 04 92 A0 03 02 01 05 ...n...0 ........ > [060] A1 03 02 01 0E A2 07 03 05 00 20 00 00 00 A3 82 ........ .. ..... > [070] 03 C0 61 82 03 BC 30 82 03 B8 A0 03 02 01 05 A1 ..a...0. ........ > [080] 0A 1B 08 52 53 2E 4C 4F 43 41 4C A2 23 30 21 A0 ...WINDOWS.DOMAIN.#0!. > [090] 03 02 01 02 A1 1A 30 18 1B 04 63 69 66 73 1B 10 ......0. ..cifs.. > [0A0] 6E 65 6D 6F 2E 72 65 64 73 65 61 6C 2E 6E 65 74 nemo.red seal.net > [0B0] A3 82 03 7E 30 82 03 7A A0 03 02 01 17 A1 03 02 ...~0..z ........ > [0C0] 01 02 A2 82 03 6C 04 82 03 68 68 FF 1B 86 BD 7A .....l.. .hh....z > [0D0] 91 07 8B 65 FA 30 EA 65 6B A5 DB 0C A8 95 8A 8C ...e.0.e k....... > [0E0] 83 91 84 16 8B D4 3B 9F AB 2A 70 EA 44 86 23 75 ......;. .*p.D.#u > [0F0] CF 4E 6F CA 57 17 A3 48 3E BF 44 92 D1 C3 B9 99 .No.W..H >.D..... > [100] 73 A7 73 78 F0 68 AA 8F 3F 8B AA AC CF CD AE 53 s.sx.h.. ?......S > [110] 48 B8 2B D9 DD F7 F6 11 11 56 9D 0F 79 8B C9 0E H.+..... .V..y... > [120] 91 56 41 FC B8 F0 37 10 8B 65 6C 1A 4A A8 D8 42 .VA...7. .el.J..B > [130] 32 14 15 72 05 C2 9B F0 D4 E4 80 44 50 60 53 78 2..r.... ...DP`Sx > [140] A8 FD ED 72 DA 40 AE D6 1B 1F A0 A1 67 1E F5 7D ...r.@.. ....g..} > [150] B7 A0 7C DD CF A1 04 0D 9C 3E 28 9D C2 B4 88 0F ..|..... .>(..... > [160] 18 05 95 AF 96 C8 4B D9 B6 52 42 E6 0B 0A 0C 76 ......K. .RB....v > [170] 50 01 02 60 9D 8C 6F A7 AF EA CD AA 86 9F 1E EE P..`..o. ........ > [180] 61 CF 20 DE F2 B9 16 FB 7C 00 80 55 8D 54 AE 60 a. ..... |..U.T.` > [190] 0A FC 4B CB 13 23 B5 30 9B 55 F7 47 55 03 9B F8 ..K..#.0 .U.GU... > [1A0] 5F A3 09 8B C9 27 FC CE 28 67 B4 F8 C0 98 3D 8D _....'.. (g....=. > [1B0] 8D 0B C4 6E 11 AE 2D CA 33 9E A4 D1 B9 69 AA 34 ...n..-. 3....i.4 > [1C0] ED 7D 4D AE FD 0B 14 5C 20 9B 37 D4 76 FE DF 94 .}M....\ .7.v... > [1D0] 7A 06 76 B6 B7 6B DB 6F 6C B4 12 B0 15 76 33 7D z.v..k.o l....v3} > [1E0] B9 6C 1C 4B 01 FB E4 46 02 11 25 91 05 8A 91 17 .l.K...F ..%..... > [1F0] 75 D6 30 91 B0 A5 49 EF C2 79 82 8E 50 30 94 89 u.0...I. .y..P0.. >[2007/08/24 16:04:29, 3] smbd/process.c:switch_message(914) > switch message SMBsesssetupX (pid 8791) conn 0x0 >[2007/08/24 16:04:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2007/08/24 16:04:29, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2007/08/24 16:04:29, 5] auth/auth_util.c:debug_unix_user_token(474) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2007/08/24 16:04:29, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_sesssetup_and_X(849) > wct=12 flg2=0xc807 >[2007/08/24 16:04:29, 2] smbd/sesssetup.c:setup_new_vc_session(799) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660) > Doing spnego session setup >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691) > NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] >[2007/08/24 16:04:29, 10] smbd/password.c:register_vuid(186) > register_vuid: allocated vuid = 101 >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_spnego_negotiate(551) > Got OID 1 2 840 48018 1 2 2 >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_spnego_negotiate(551) > Got OID 1 2 840 113554 1 2 2 >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_spnego_negotiate(551) > Got OID 1 3 6 1 4 1 311 2 2 10 >[2007/08/24 16:04:29, 3] smbd/sesssetup.c:reply_spnego_negotiate(554) > Got secblob of size 1195 >[2007/08/24 16:04:29, 10] passdb/secrets.c:secrets_named_mutex(779) > secrets_named_mutex: got mutex for replay cache mutex >[2007/08/24 16:04:29, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(261) > ads_secrets_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type >[2007/08/24 16:04:29, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(261) > ads_secrets_verify_ticket: enc type [3] failed to decrypt with error Bad encryption type >[2007/08/24 16:04:30, 10] libads/kerberos_verify.c:ads_secrets_verify_ticket(252) > ads_secrets_verify_ticket: enc type [23] decrypted message ! >[2007/08/24 16:04:30, 10] passdb/secrets.c:secrets_named_mutex_release(791) > secrets_named_mutex: released mutex for replay cache mutex >[2007/08/24 16:04:30, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(685) > Got KRB5 session key of length 16 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000000 pac_io_pac_data pac data >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 num_buffers: 00000004 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 version: 00000000 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 pac_io_pac_info_hdr pac data >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 type: 00000001 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c size: 000001e8 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 offset: 00000048 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 offsethi: 00000000 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 pac_io_pac_info_hdr pac data >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 type: 0000000a >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c size: 00000018 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 offset: 00000230 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 offsethi: 00000000 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000028 pac_io_pac_info_hdr pac data >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 type: 00000006 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c size: 00000014 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 offset: 00000248 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 offsethi: 00000000 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000038 pac_io_pac_info_hdr pac data >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0038 type: 00000007 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c size: 00000014 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0040 offset: 00000260 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 offsethi: 00000000 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000048 pac_io_pac_info_hdr_ctr pac data >[2007/08/24 16:04:30, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(503) > PAC_TYPE_LOGON_INFO >[2007/08/24 16:04:30, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000048 pac_io_pac_logon_info pac data >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0048 unknown: 00081001 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c unknown: cccccccc >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0050 bufferlen: 000001d8 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 bufferlenhi: 00000000 >[2007/08/24 16:04:30, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000058 net_io_user_info3 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0058 ptr_user_info : 00020000 >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00005c smb_io_time logon time >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c low : f0aa443f >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0060 high: 01c7e69a >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000064 smb_io_time logoff time >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 low : ffffffff >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0068 high: 7fffffff >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00006c smb_io_time kickoff time >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c low : ffffffff >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 high: 7fffffff >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000074 smb_io_time last set time >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 low : 283e984e >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 high: 01c753fa >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00007c smb_io_time can change time >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c low : 283e984e >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0080 high: 01c753fa >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000084 smb_io_time must change time >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0084 low : ffffffff >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0088 high: 7fffffff >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00008c smb_io_unihdr hdr_user_name >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 008c uni_str_len: 000e >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 008e uni_max_len: 000e >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0090 buffer : 00020004 >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000094 smb_io_unihdr hdr_full_name >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0094 uni_str_len: 001c >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0096 uni_max_len: 001c >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0098 buffer : 00020008 >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00009c smb_io_unihdr hdr_logon_script >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009c uni_str_len: 0000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009e uni_max_len: 0000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a0 buffer : 0002000c >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000a4 smb_io_unihdr hdr_profile_path >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a4 uni_str_len: 0000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00a6 uni_max_len: 0000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a8 buffer : 00020010 >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000ac smb_io_unihdr hdr_home_dir >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00ac uni_str_len: 0000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00ae uni_max_len: 0000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 buffer : 00020014 >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000b4 smb_io_unihdr hdr_dir_drive >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00b4 uni_str_len: 0000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00b6 uni_max_len: 0000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b8 buffer : 00020018 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00bc logon_count : 03c9 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00be bad_pw_count : 0000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 user_rid : 00000453 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 group_rid : 00000201 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 num_groups : 00000008 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc buffer_groups : 0002001c >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d0 user_flgs : 00000020 >[2007/08/24 16:04:30, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) > dump_user_flgs > account has LOGON_EXTRA_SIDS >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00d4 user_sess_key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000e4 smb_io_unihdr hdr_logon_srv >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00e4 uni_str_len: 000c >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00e6 uni_max_len: 000e >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00e8 buffer : 00020020 >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0000ec smb_io_unihdr hdr_logon_dom >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00ec uni_str_len: 0004 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 00ee uni_max_len: 0006 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f0 buffer : 00020024 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f4 buffer_dom_id : 00020028 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00f8 lm_sess_key: 00 00 00 00 00 00 00 00 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0100 acct_flags : 00000210 >[2007/08/24 16:04:30, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) > dump_acct_flags > account has ACB_NORMAL > account has ACB_PWNOEXP >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0104 unkown: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0108 unkown: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 010c unkown: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0110 unkown: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0114 unkown: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0118 unkown: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 011c unkown: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0120 num_other_sids: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0124 buffer_other_sids: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0128 ptr_res_group_dom_sid: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 012c res_group_count: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0130 ptr_res_groups: 00000000 >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000134 smb_io_unistr2 uni_user_name >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0134 uni_max_len: 00000007 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0138 offset : 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 013c uni_str_len: 00000007 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0140 buffer : c.h.a.r.l.e.s. >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00014e smb_io_unistr2 uni_full_name >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0150 uni_max_len: 0000000e >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0154 offset : 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0158 uni_str_len: 0000000e >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 015c buffer : C.h.a.r.l.e.s. .G.i.l.l.e.t. >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000178 smb_io_unistr2 uni_logon_script >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0178 uni_max_len: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 017c offset : 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0180 uni_str_len: 00000000 >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000184 smb_io_unistr2 uni_profile_path >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0184 uni_max_len: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0188 offset : 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 018c uni_str_len: 00000000 >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000190 smb_io_unistr2 uni_home_dir >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0190 uni_max_len: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0194 offset : 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0198 uni_str_len: 00000000 >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 00019c smb_io_unistr2 uni_dir_drive >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 019c uni_max_len: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a0 offset : 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a4 uni_str_len: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a8 num_groups2 : 00000008 >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001ac smb_io_gid >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01ac g_rid: 00000512 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01b0 attr : 00000007 >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001b4 smb_io_gid >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01b4 g_rid: 00000508 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01b8 attr : 00000007 >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001bc smb_io_gid >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01bc g_rid: 00000504 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01c0 attr : 00000007 >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001c4 smb_io_gid >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01c4 g_rid: 00000200 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01c8 attr : 00000007 >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001cc smb_io_gid >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01cc g_rid: 00000505 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01d0 attr : 00000007 >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001d4 smb_io_gid >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01d4 g_rid: 0000050e >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01d8 attr : 00000007 >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001dc smb_io_gid >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01dc g_rid: 00000207 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01e0 attr : 00000007 >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001e4 smb_io_gid >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01e4 g_rid: 00000201 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01e8 attr : 00000007 >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 0001ec smb_io_unistr2 uni_logon_srv >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01ec uni_max_len: 00000007 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01f0 offset : 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01f4 uni_str_len: 00000006 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 01f8 buffer : U.R.C.H.I.N. >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000204 smb_io_unistr2 uni_logon_dom >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0204 uni_max_len: 00000003 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0208 offset : 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 020c uni_str_len: 00000002 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0210 buffer : R.S. >[2007/08/24 16:04:30, 9] rpc_parse/parse_prs.c:prs_debug(84) > 000214 smb_io_dom_sid2 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0214 num_auths: 00000004 >[2007/08/24 16:04:30, 10] rpc_parse/parse_prs.c:prs_debug(84) > 000218 smb_io_dom_sid sid >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0218 sid_rev_num: 01 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 0219 num_auths : 04 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021a id_auth[0] : 00 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021b id_auth[1] : 00 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021c id_auth[2] : 00 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021d id_auth[3] : 00 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021e id_auth[4] : 00 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 021f id_auth[5] : 05 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 0220 sub_auths : 00000015 8ed5687a 8784e9f2 e426939e >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000230 pac_io_pac_info_hdr_ctr pac data >[2007/08/24 16:04:30, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(543) > PAC_TYPE_LOGON_NAME >[2007/08/24 16:04:30, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000230 pac_io_logon_name pac data >[2007/08/24 16:04:30, 8] rpc_parse/parse_prs.c:prs_debug(84) > 000230 smb_io_time logon_time >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0230 low : b25b5d80 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0234 high: 01c7e69b >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0238 len: 000e >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 023a name: c.h.a.r.l.e.s. >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000248 pac_io_pac_info_hdr_ctr pac data >[2007/08/24 16:04:30, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(516) > PAC_TYPE_SERVER_CHECKSUM >[2007/08/24 16:04:30, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000248 pac_io_pac_signature_data pac data >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0248 type: ffffff76 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 024c signature: 3d 7d ef e2 19 2b 63 ce e2 93 03 a2 0e 94 be 02 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00025c pac_io_pac_info_hdr_ctr pac data >[2007/08/24 16:04:30, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(489) > offset in header(x260) and data(x25c) do not match, correcting >[2007/08/24 16:04:30, 5] libads/authdata.c:pac_io_pac_info_hdr_ctr(529) > PAC_TYPE_PRIVSVR_CHECKSUM >[2007/08/24 16:04:30, 7] rpc_parse/parse_prs.c:prs_debug(84) > 000260 pac_io_pac_signature_data pac data >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0260 type: ffffff76 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0264 signature: 63 6e b0 67 51 2d fd 18 ca fa 9c 0c 4c 52 b6 a1 >[2007/08/24 16:04:30, 10] libads/authdata.c:decode_pac_data(911) > Successfully validated Kerberos PAC >[2007/08/24 16:04:30, 10] libads/authdata.c:dump_pac_logon_info(723) > The PAC: > User Flags: 0x20 (32) > User Flags: LOGON_EXTRA_SIDS 0x20 (32) > User SID: S-1-5-21-2396350586-2273634802-3827733406-1107 > Group SID: S-1-5-21-2396350586-2273634802-3827733406-513 > Group Membership (Global and Universal Groups of own domain): > 0: sid: S-1-5-21-2396350586-2273634802-3827733406-1298 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 1: sid: S-1-5-21-2396350586-2273634802-3827733406-1288 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 2: sid: S-1-5-21-2396350586-2273634802-3827733406-1284 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 3: sid: S-1-5-21-2396350586-2273634802-3827733406-512 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 4: sid: S-1-5-21-2396350586-2273634802-3827733406-1285 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 5: sid: S-1-5-21-2396350586-2273634802-3827733406-1294 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 6: sid: S-1-5-21-2396350586-2273634802-3827733406-519 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > 7: sid: S-1-5-21-2396350586-2273634802-3827733406-513 > attr: 0x7 == SE_GROUP_MANDATORY SE_GROUP_ENABLED_BY_DEFAULT SE_GROUP_ENABLED > Group Membership (Domain Local Groups and Groups from Trusted Domains): > Group Membership (Ressource Groups (SID History ?)): >[2007/08/24 16:04:30, 3] smbd/sesssetup.c:reply_spnego_kerberos(207) > Ticket name is [linuxuser@WINDOWS.DOMAIN] >[2007/08/24 16:04:30, 10] libsmb/samlogon_cache.c:netsamlogon_cache_store(134) > netsamlogon_cache_store: SID [S-1-5-21-2396350586-2273634802-3827733406-1107] >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0000 timestamp: 46cf63fe >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_debug(84) > 000004 net_io_user_info3 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0004 ptr_user_info : 00020000 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000008 smb_io_time logon time >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0008 low : f0aa443f >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 000c high: 01c7e69a >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000010 smb_io_time logoff time >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0010 low : ffffffff >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0014 high: 7fffffff >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000018 smb_io_time kickoff time >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0018 low : ffffffff >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 001c high: 7fffffff >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000020 smb_io_time last set time >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0020 low : 283e984e >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0024 high: 01c753fa >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000028 smb_io_time can change time >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0028 low : 283e984e >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 002c high: 01c753fa >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000030 smb_io_time must change time >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0030 low : ffffffff >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0034 high: 7fffffff >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000038 smb_io_unihdr hdr_user_name >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0038 uni_str_len: 000e >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 003a uni_max_len: 000e >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 003c buffer : 00020004 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000040 smb_io_unihdr hdr_full_name >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0040 uni_str_len: 001c >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0042 uni_max_len: 001c >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0044 buffer : 00020008 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000048 smb_io_unihdr hdr_logon_script >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0048 uni_str_len: 0000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 004a uni_max_len: 0000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 004c buffer : 0002000c >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000050 smb_io_unihdr hdr_profile_path >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0050 uni_str_len: 0000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0052 uni_max_len: 0000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0054 buffer : 00020010 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000058 smb_io_unihdr hdr_home_dir >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0058 uni_str_len: 0000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 005a uni_max_len: 0000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 005c buffer : 00020014 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000060 smb_io_unihdr hdr_dir_drive >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0060 uni_str_len: 0000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0062 uni_max_len: 0000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0064 buffer : 00020018 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0068 logon_count : 03c9 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 006a bad_pw_count : 0000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 006c user_rid : 00000453 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0070 group_rid : 00000201 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0074 num_groups : 00000008 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0078 buffer_groups : 0002001c >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 007c user_flgs : 00000020 >[2007/08/24 16:04:30, 10] rpc_parse/parse_net.c:dump_user_flgs(1555) > dump_user_flgs > account has LOGON_EXTRA_SIDS >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 0080 user_sess_key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000090 smb_io_unihdr hdr_logon_srv >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0090 uni_str_len: 000c >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0092 uni_max_len: 000e >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0094 buffer : 00020020 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000098 smb_io_unihdr hdr_logon_dom >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 0098 uni_str_len: 0004 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint16(675) > 009a uni_max_len: 0006 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 009c buffer : 00020024 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00a0 buffer_dom_id : 00020028 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint8s(851) > 00a4 lm_sess_key: 00 00 00 00 00 00 00 00 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00ac acct_flags : 00000210 >[2007/08/24 16:04:30, 10] rpc_parse/parse_net.c:dump_acct_flags(1528) > dump_acct_flags > account has ACB_NORMAL > account has ACB_PWNOEXP >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b0 unkown: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b4 unkown: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00b8 unkown: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00bc unkown: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c0 unkown: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c4 unkown: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00c8 unkown: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00cc num_other_sids: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d0 buffer_other_sids: 00000000 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000d4 smb_io_unistr2 uni_user_name >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d4 uni_max_len: 00000007 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00d8 offset : 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00dc uni_str_len: 00000007 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00e0 buffer : c.h.a.r.l.e.s. >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0000ee smb_io_unistr2 uni_full_name >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f0 uni_max_len: 0000000e >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f4 offset : 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 00f8 uni_str_len: 0000000e >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 00fc buffer : C.h.a.r.l.e.s. .G.i.l.l.e.t. >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000118 smb_io_unistr2 uni_logon_script >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0118 uni_max_len: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 011c offset : 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0120 uni_str_len: 00000000 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000124 smb_io_unistr2 uni_profile_path >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0124 uni_max_len: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0128 offset : 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 012c uni_str_len: 00000000 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000130 smb_io_unistr2 uni_home_dir >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0130 uni_max_len: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0134 offset : 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0138 uni_str_len: 00000000 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00013c smb_io_unistr2 uni_dir_drive >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 013c uni_max_len: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0140 offset : 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0144 uni_str_len: 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0148 num_groups2 : 00000008 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00014c smb_io_gid >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 014c g_rid: 00000512 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0150 attr : 00000007 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000154 smb_io_gid >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0154 g_rid: 00000508 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0158 attr : 00000007 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00015c smb_io_gid >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 015c g_rid: 00000504 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0160 attr : 00000007 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000164 smb_io_gid >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0164 g_rid: 00000200 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0168 attr : 00000007 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00016c smb_io_gid >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 016c g_rid: 00000505 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0170 attr : 00000007 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000174 smb_io_gid >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0174 g_rid: 0000050e >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0178 attr : 00000007 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00017c smb_io_gid >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 017c g_rid: 00000207 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0180 attr : 00000007 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 000184 smb_io_gid >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0184 g_rid: 00000201 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0188 attr : 00000007 >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 00018c smb_io_unistr2 uni_logon_srv >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 018c uni_max_len: 00000007 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0190 offset : 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 0194 uni_str_len: 00000006 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 0198 buffer : U.R.C.H.I.N. >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0001a4 smb_io_unistr2 uni_logon_dom >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a4 uni_max_len: 00000003 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01a8 offset : 00000000 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01ac uni_str_len: 00000002 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:dbg_rw_punival(936) > 01b0 buffer : R.S. >[2007/08/24 16:04:30, 6] rpc_parse/parse_prs.c:prs_debug(84) > 0001b4 smb_io_dom_sid2 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32(704) > 01b4 num_auths: 00000004 >[2007/08/24 16:04:30, 7] rpc_parse/parse_prs.c:prs_debug(84) > 0001b8 smb_io_dom_sid sid >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01b8 sid_rev_num: 01 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01b9 num_auths : 04 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01ba id_auth[0] : 00 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01bb id_auth[1] : 00 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01bc id_auth[2] : 00 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01bd id_auth[3] : 00 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01be id_auth[4] : 00 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint8(615) > 01bf id_auth[5] : 05 >[2007/08/24 16:04:30, 5] rpc_parse/parse_prs.c:prs_uint32s(991) > 01c0 sub_auths : 00000015 8ed5687a 8784e9f2 e426939e >[2007/08/24 16:04:30, 10] smbd/sesssetup.c:reply_spnego_kerberos(250) > Mapped to [WINDOWS] (using PAC) >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user WINDOWS\linuxuser >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is windows\linuxuser >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_internals(83) > Trying _Get_Pwnam(), username as given is WINDOWS\linuxuser >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is WINDOWS\LINUXUSER >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in windows\linuxuser >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [WINDOWS\linuxuser]! >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user linuxuser >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is linuxuser >[2007/08/24 16:04:30, 10] lib/util_pw.c:getpwnam_alloc(76) > Got linuxuser from pwnam_cache >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals did find user [linuxuser]! >[2007/08/24 16:04:30, 6] param/loadparm.c:lp_file_list_changed(3001) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Fri Aug 24 16:02:59 2007 > >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user WINDOWS\windows\linuxuser >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is windows\rs\linuxuser >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_internals(83) > Trying _Get_Pwnam(), username as given is WINDOWS\windows\linuxuser >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is WINDOWS\WINDOWS\LINUXUSER >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in windows\rs\linuxuser >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [WINDOWS\windows\linuxuser]! >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user windows\linuxuser >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is windows\linuxuser >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is WINDOWS\LINUXUSER >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in windows\linuxuser >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [windows\linuxuser]! >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_alloc(131) > Finding user windows\linuxuser >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_internals(75) > Trying _Get_Pwnam(), username as lowercase is windows\linuxuser >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_internals(93) > Trying _Get_Pwnam(), username as uppercase is WINDOWS\LINUXUSER >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_internals(102) > Checking combinations of 0 uppercase letters in windows\linuxuser >[2007/08/24 16:04:30, 5] lib/username.c:Get_Pwnam_internals(108) > Get_Pwnam_internals didn't find user [windows\linuxuser]! >[2007/08/24 16:04:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(334) > make_server_info_info3 failed: NT_STATUS_NO_SUCH_USER! >[2007/08/24 16:04:30, 3] smbd/error.c:error_packet(146) > error packet at smbd/sesssetup.c(339) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE >[2007/08/24 16:04:30, 5] lib/util.c:show_msg(500) >[2007/08/24 16:04:30, 5] lib/util.c:show_msg(510) > size=35 > smb_com=0x73 > smb_rcls=109 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51201 > smb_tid=0 > smb_pid=65279 > smb_uid=101 > smb_mid=128 > smt_wct=0 > smb_bcc=0 >[2007/08/24 16:04:30, 10] smbd/process.c:setup_select_timeout(1284) > change_notify_timeout: -1 >[2007/08/24 16:04:30, 10] lib/util_sock.c:read_data(525) > read_data: read of 4 returned 0. Error = Success >[2007/08/24 16:04:30, 10] lib/util_sock.c:receive_smb_raw(672) > receive_smb_raw: length < 0! >[2007/08/24 16:04:30, 3] smbd/process.c:timeout_processing(1359) > timeout_processing: End of file from client (client has disconnected). >[2007/08/24 16:04:30, 5] lib/gencache.c:gencache_shutdown(90) > Closing cache file >[2007/08/24 16:04:30, 5] libsmb/namecache.c:namecache_shutdown(79) > namecache_shutdown: netbios namecache closed successfully. >[2007/08/24 16:04:30, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2007/08/24 16:04:30, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2007/08/24 16:04:30, 5] auth/auth_util.c:debug_unix_user_token(474) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2007/08/24 16:04:30, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2007/08/24 16:04:30, 3] smbd/connection.c:yield_connection(69) > Yielding connection to >[2007/08/24 16:04:30, 3] smbd/server.c:exit_server_common(675) > Server exit (normal exit) >[2007/08/24 16:04:36, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2007/08/24 16:04:36, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2007/08/24 16:04:36, 5] auth/auth_util.c:debug_unix_user_token(474) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2007/08/24 16:04:36, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2007/08/24 16:04:36, 3] smbd/connection.c:yield_connection(69) > Yielding connection to >[2007/08/24 16:04:36, 3] smbd/server.c:exit_server_common(675) > Server exit (normal exit) >[2007/08/24 16:04:36, 10] smbd/process.c:async_processing(291) > async_processing: Doing async processing. >[2007/08/24 16:04:36, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2007/08/24 16:04:36, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2007/08/24 16:04:36, 5] auth/auth_util.c:debug_unix_user_token(474) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2007/08/24 16:04:36, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2007/08/24 16:04:36, 3] smbd/connection.c:yield_connection(69) > Yielding connection to >[2007/08/24 16:04:36, 3] smbd/server.c:exit_server_common(675) > Server exit (termination signal) >[2007/08/24 16:04:36, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2007/08/24 16:04:36, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) >[2007/08/24 16:04:36, 5] auth/auth_util.c:debug_unix_user_token(474) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2007/08/24 16:04:36, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2007/08/24 16:04:36, 3] smbd/connection.c:yield_connection(69) > Yielding connection to >[2007/08/24 16:04:36, 3] smbd/connection.c:yield_connection(76) > yield_connection: tdb_delete for name failed with error Record does not exist. >[2007/08/24 16:04:36, 3] smbd/server.c:exit_server_common(675) > Server exit (normal exit)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=174001">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 257121
: 174001