[2013/10/06 18:22:29.384591,  3] lib/access.c:338(allow_access)
  Allowed connection from 192.168.1.15 (192.168.1.15)
[2013/10/06 18:22:29.384809,  3] smbd/oplock.c:922(init_oplocks)
  init_oplocks: initializing messages.
[2013/10/06 18:22:29.384987,  3] smbd/oplock_linux.c:246(linux_init_kernel_oplocks)
  Linux kernel oplocks enabled
[2013/10/06 18:22:29.385211,  3] smbd/process.c:1609(process_smb)
  Transaction 0 of length 72 (0 toread)
[2013/10/06 18:22:29.385430,  2] smbd/reply.c:553(reply_special)
  netbios connect: name1=CRUSADER       0x20 name2=MX8PC          0x0
[2013/10/06 18:22:29.385565,  2] smbd/reply.c:573(reply_special)
  netbios connect: local=crusader remote=mx8pc, name type = 0
[2013/10/06 18:22:29.387453,  3] smbd/process.c:1609(process_smb)
  Transaction 0 of length 137 (0 toread)
[2013/10/06 18:22:29.387580,  3] smbd/process.c:1414(switch_message)
  switch message SMBnegprot (pid 1997) conn 0x0
[2013/10/06 18:22:29.388311,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2013/10/06 18:22:29.388422,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [LANMAN1.0]
[2013/10/06 18:22:29.388518,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [Windows for Workgroups 3.1a]
[2013/10/06 18:22:29.388757,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [LM1.2X002]
[2013/10/06 18:22:29.388849,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [LANMAN2.1]
[2013/10/06 18:22:29.388935,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [NT LM 0.12]
[2013/10/06 18:22:29.389152,  3] smbd/negprot.c:401(reply_nt1)
  not using SPNEGO
[2013/10/06 18:22:29.389268,  3] smbd/negprot.c:704(reply_negprot)
  Selected protocol NT LM 0.12
[2013/10/06 18:22:29.391219,  3] smbd/process.c:1609(process_smb)
  Transaction 1 of length 274 (0 toread)
[2013/10/06 18:22:29.391352,  3] smbd/process.c:1414(switch_message)
  switch message SMBsesssetupX (pid 1997) conn 0x0
[2013/10/06 18:22:29.391497,  3] smbd/sesssetup.c:1345(reply_sesssetup_and_X)
  wct=13 flg2=0xc807
[2013/10/06 18:22:29.391653,  3] smbd/sesssetup.c:1548(reply_sesssetup_and_X)
  Domain=[home]  NativeOS=[Windows 2002 Dodatek Service Pack 3 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[]
[2013/10/06 18:22:29.391749,  2] smbd/sesssetup.c:1291(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2013/10/06 18:22:29.391832,  3] smbd/sesssetup.c:1564(reply_sesssetup_and_X)
  sesssetupX:name=[home]\[fervi]@[mx8pc]
[2013/10/06 18:22:29.392211,  0] auth/user_util.c:357(map_username)
  can't open username map /etc/samba/smbusers. Error Nie ma takiego pliku ani katalogu
[2013/10/06 18:22:29.392849,  3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [home]\[fervi]@[mx8pc] with the new password interface
[2013/10/06 18:22:29.392947,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  mapped user is: [home]\[fervi]@[mx8pc]
[2013/10/06 18:22:29.395524,  3] passdb/lookup_sid.c:1754(get_primary_group_sid)
  Forcing Primary Group to 'Domain Users' for fervi
[2013/10/06 18:22:29.396171,  3] auth/auth.c:268(check_ntlm_password)
  check_ntlm_password: sam authentication for user [fervi] succeeded
[2013/10/06 18:22:29.396293,  2] auth/auth.c:309(check_ntlm_password)
  check_ntlm_password:  authentication for user [fervi] -> [fervi] -> [fervi] succeeded
[2013/10/06 18:22:29.397691,  3] smbd/password.c:298(register_existing_vuid)
  register_existing_vuid: User name: fervi	Real name: 
[2013/10/06 18:22:29.397802,  3] smbd/password.c:308(register_existing_vuid)
  register_existing_vuid: UNIX uid 1003 is UNIX user fervi, and will be vuid 100
[2013/10/06 18:22:29.397995,  3] smbd/password.c:224(register_homes_share)
  Using static (or previously created) service for user 'fervi'; path = '/home/samba/users/fervi'
[2013/10/06 18:22:29.398127,  3] smbd/process.c:1414(switch_message)
  switch message SMBtconX (pid 1997) conn 0x0
[2013/10/06 18:22:29.398273,  3] lib/access.c:338(allow_access)
  Allowed connection from 192.168.1.15 (192.168.1.15)
[2013/10/06 18:22:29.398299,  3] smbd/service.c:872(make_connection_snum)
  Connect path is '/tmp' for service [IPC$]
[2013/10/06 18:22:29.398299,  3] smbd/vfs.c:102(vfs_init_default)
  Initialising default vfs hooks
[2013/10/06 18:22:29.398342,  3] smbd/vfs.c:128(vfs_init_custom)
  Initialising custom vfs hooks from [/[Default VFS]/]
[2013/10/06 18:22:29.398555,  3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp)
  string_to_sid: SID root is not in a valid format
[2013/10/06 18:22:29.398882,  3] passdb/lookup_sid.c:1754(get_primary_group_sid)
  Forcing Primary Group to 'Domain Users' for root
[2013/10/06 18:22:29.399169,  3] smbd/service.c:1114(make_connection_snum)
  mx8pc (192.168.1.15) connect to service IPC$ initially as user fervi (uid=1003, gid=1003) (pid 1997)
[2013/10/06 18:22:29.399283,  3] smbd/reply.c:871(reply_tcon_and_X)
  tconX service=IPC$ 
[2013/10/06 18:22:29.400790,  3] smbd/process.c:1609(process_smb)
  Transaction 2 of length 104 (0 toread)
[2013/10/06 18:22:29.400936,  3] smbd/process.c:1414(switch_message)
  switch message SMBntcreateX (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.402235,  3] smbd/process.c:1609(process_smb)
  Transaction 3 of length 140 (0 toread)
[2013/10/06 18:22:29.402355,  3] smbd/process.c:1414(switch_message)
  switch message SMBwriteX (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.402527,  3] rpc_server/srv_pipe.c:889(api_pipe_bind_req)
  api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc
[2013/10/06 18:22:29.402626,  3] rpc_server/srv_pipe.c:339(check_bind_req)
  check_bind_req for \lsarpc
[2013/10/06 18:22:29.402717,  3] rpc_server/srv_pipe.c:346(check_bind_req)
  check_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc
[2013/10/06 18:22:29.402848,  3] smbd/pipes.c:361(pipe_write_andx_done)
  writeX-IPC nwritten=72
[2013/10/06 18:22:29.403806,  3] smbd/process.c:1609(process_smb)
  Transaction 4 of length 63 (0 toread)
[2013/10/06 18:22:29.403922,  3] smbd/process.c:1414(switch_message)
  switch message SMBreadX (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.404046,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 24
[2013/10/06 18:22:29.404153,  3] smbd/pipes.c:485(pipe_read_andx_done)
  readX-IPC min=1024 max=1024 nread=68
[2013/10/06 18:22:29.405086,  3] smbd/process.c:1609(process_smb)
  Transaction 5 of length 180 (0 toread)
[2013/10/06 18:22:29.405201,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.405407,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=92 params=0 setup=2
[2013/10/06 18:22:29.405519,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.405639,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "lsarpc" (pnum 1988)
[2013/10/06 18:22:29.405975,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: LSA_OPENPOLICY2
[2013/10/06 18:22:29.406193,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 1076
[2013/10/06 18:22:29.407225,  3] smbd/process.c:1609(process_smb)
  Transaction 6 of length 134 (0 toread)
[2013/10/06 18:22:29.407341,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.407440,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=46 params=0 setup=2
[2013/10/06 18:22:29.407535,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.407618,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "lsarpc" (pnum 1988)
[2013/10/06 18:22:29.407718,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY2
[2013/10/06 18:22:29.407884,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 28
[2013/10/06 18:22:29.409024,  3] smbd/process.c:1609(process_smb)
  Transaction 7 of length 134 (0 toread)
[2013/10/06 18:22:29.409140,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.409254,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=46 params=0 setup=2
[2013/10/06 18:22:29.409353,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.409437,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "lsarpc" (pnum 1988)
[2013/10/06 18:22:29.409536,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY
[2013/10/06 18:22:29.409683,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 136
[2013/10/06 18:22:29.411575,  3] smbd/process.c:1609(process_smb)
  Transaction 8 of length 104 (0 toread)
[2013/10/06 18:22:29.411696,  3] smbd/process.c:1414(switch_message)
  switch message SMBntcreateX (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.412840,  3] smbd/process.c:1609(process_smb)
  Transaction 9 of length 140 (0 toread)
[2013/10/06 18:22:29.412958,  3] smbd/process.c:1414(switch_message)
  switch message SMBwriteX (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.413104,  3] rpc_server/srv_pipe.c:889(api_pipe_bind_req)
  api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg
[2013/10/06 18:22:29.413198,  3] rpc_server/srv_pipe.c:339(check_bind_req)
  check_bind_req for \winreg
[2013/10/06 18:22:29.413282,  3] rpc_server/srv_pipe.c:346(check_bind_req)
  check_bind_req: \PIPE\winreg -> \PIPE\winreg
[2013/10/06 18:22:29.413395,  3] smbd/pipes.c:361(pipe_write_andx_done)
  writeX-IPC nwritten=72
[2013/10/06 18:22:29.414306,  3] smbd/process.c:1609(process_smb)
  Transaction 10 of length 63 (0 toread)
[2013/10/06 18:22:29.414425,  3] smbd/process.c:1414(switch_message)
  switch message SMBreadX (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.414572,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 24
[2013/10/06 18:22:29.414703,  3] smbd/pipes.c:485(pipe_read_andx_done)
  readX-IPC min=1024 max=1024 nread=68
[2013/10/06 18:22:29.415628,  3] smbd/process.c:1609(process_smb)
  Transaction 11 of length 124 (0 toread)
[2013/10/06 18:22:29.415743,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.415886,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=36 params=0 setup=2
[2013/10/06 18:22:29.415995,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.416080,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "winreg" (pnum 1989)
[2013/10/06 18:22:29.416182,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: WINREG_OPENHKLM
[2013/10/06 18:22:29.416582,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 24
[2013/10/06 18:22:29.417588,  3] smbd/process.c:1609(process_smb)
  Transaction 12 of length 272 (0 toread)
[2013/10/06 18:22:29.417703,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.417870,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=184 params=0 setup=2
[2013/10/06 18:22:29.418034,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.418120,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "winreg" (pnum 1989)
[2013/10/06 18:22:29.418226,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: WINREG_OPENKEY
[2013/10/06 18:22:29.418984,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 24
[2013/10/06 18:22:29.419975,  3] smbd/process.c:1609(process_smb)
  Transaction 13 of length 236 (0 toread)
[2013/10/06 18:22:29.420091,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.420194,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=148 params=0 setup=2
[2013/10/06 18:22:29.420286,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.420399,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "winreg" (pnum 1989)
[2013/10/06 18:22:29.420531,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: WINREG_QUERYVALUE
[2013/10/06 18:22:29.420722,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 40
[2013/10/06 18:22:29.421700,  3] smbd/process.c:1609(process_smb)
  Transaction 14 of length 132 (0 toread)
[2013/10/06 18:22:29.421817,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.421911,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=44 params=0 setup=2
[2013/10/06 18:22:29.422001,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.422028,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "winreg" (pnum 1989)
[2013/10/06 18:22:29.422192,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: WINREG_CLOSEKEY
[2013/10/06 18:22:29.422329,  3] rpc_server/rpc_handles.c:281(close_policy_hnd)
  Closed policy
[2013/10/06 18:22:29.422460,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 24
[2013/10/06 18:22:29.423503,  3] smbd/process.c:1609(process_smb)
  Transaction 15 of length 132 (0 toread)
[2013/10/06 18:22:29.423619,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.423713,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=44 params=0 setup=2
[2013/10/06 18:22:29.423809,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.423892,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "winreg" (pnum 1989)
[2013/10/06 18:22:29.424047,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: WINREG_CLOSEKEY
[2013/10/06 18:22:29.424139,  3] rpc_server/rpc_handles.c:281(close_policy_hnd)
  Closed policy
[2013/10/06 18:22:29.424278,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 24
[2013/10/06 18:22:29.425249,  3] smbd/process.c:1609(process_smb)
  Transaction 16 of length 45 (0 toread)
[2013/10/06 18:22:29.425366,  3] smbd/process.c:1414(switch_message)
  switch message SMBclose (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.425493,  3] smbd/reply.c:4860(reply_close)
  close fd=-1 fnum=6537 (numopen=2)
[2013/10/06 18:22:29.449737,  3] smbd/process.c:1609(process_smb)
  Transaction 17 of length 108 (0 toread)
[2013/10/06 18:22:29.449852,  3] smbd/process.c:1414(switch_message)
  switch message SMBntcreateX (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.450396,  3] smbd/process.c:1609(process_smb)
  Transaction 18 of length 140 (0 toread)
[2013/10/06 18:22:29.450449,  3] smbd/process.c:1414(switch_message)
  switch message SMBwriteX (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.450506,  3] rpc_server/srv_pipe.c:889(api_pipe_bind_req)
  api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon
[2013/10/06 18:22:29.450545,  3] rpc_server/srv_pipe.c:339(check_bind_req)
  check_bind_req for \netlogon
[2013/10/06 18:22:29.450579,  3] rpc_server/srv_pipe.c:346(check_bind_req)
  check_bind_req: \PIPE\netlogon -> \PIPE\netlogon
[2013/10/06 18:22:29.450632,  3] smbd/pipes.c:361(pipe_write_andx_done)
  writeX-IPC nwritten=72
[2013/10/06 18:22:29.451005,  3] smbd/process.c:1609(process_smb)
  Transaction 19 of length 63 (0 toread)
[2013/10/06 18:22:29.451057,  3] smbd/process.c:1414(switch_message)
  switch message SMBreadX (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.451101,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 26
[2013/10/06 18:22:29.451146,  3] smbd/pipes.c:485(pipe_read_andx_done)
  readX-IPC min=1024 max=1024 nread=72
[2013/10/06 18:22:29.451556,  3] smbd/process.c:1609(process_smb)
  Transaction 20 of length 184 (0 toread)
[2013/10/06 18:22:29.451608,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.451651,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=96 params=0 setup=2
[2013/10/06 18:22:29.451704,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.451739,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "NETLOGON" (pnum 198a)
[2013/10/06 18:22:29.451782,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: NETR_SERVERREQCHALLENGE
[2013/10/06 18:22:29.451855,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 26
[2013/10/06 18:22:29.452334,  3] smbd/process.c:1609(process_smb)
  Transaction 21 of length 45 (0 toread)
[2013/10/06 18:22:29.452480,  3] smbd/process.c:1414(switch_message)
  switch message SMBclose (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.452574,  3] smbd/reply.c:4860(reply_close)
  close fd=-1 fnum=6538 (numopen=2)
[2013/10/06 18:22:29.453349,  3] smbd/process.c:1609(process_smb)
  Transaction 22 of length 108 (0 toread)
[2013/10/06 18:22:29.453465,  3] smbd/process.c:1414(switch_message)
  switch message SMBntcreateX (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.454318,  3] smbd/process.c:1609(process_smb)
  Transaction 23 of length 140 (0 toread)
[2013/10/06 18:22:29.454439,  3] smbd/process.c:1414(switch_message)
  switch message SMBwriteX (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.454555,  3] rpc_server/srv_pipe.c:889(api_pipe_bind_req)
  api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon
[2013/10/06 18:22:29.454647,  3] rpc_server/srv_pipe.c:339(check_bind_req)
  check_bind_req for \netlogon
[2013/10/06 18:22:29.454730,  3] rpc_server/srv_pipe.c:346(check_bind_req)
  check_bind_req: \PIPE\netlogon -> \PIPE\netlogon
[2013/10/06 18:22:29.454888,  3] smbd/pipes.c:361(pipe_write_andx_done)
  writeX-IPC nwritten=72
[2013/10/06 18:22:29.455590,  3] smbd/process.c:1609(process_smb)
  Transaction 24 of length 63 (0 toread)
[2013/10/06 18:22:29.455706,  3] smbd/process.c:1414(switch_message)
  switch message SMBreadX (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.455810,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 26
[2013/10/06 18:22:29.455943,  3] smbd/pipes.c:485(pipe_read_andx_done)
  readX-IPC min=1024 max=1024 nread=72
[2013/10/06 18:22:29.456678,  3] smbd/process.c:1609(process_smb)
  Transaction 25 of length 212 (0 toread)
[2013/10/06 18:22:29.456826,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.456892,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=124 params=0 setup=2
[2013/10/06 18:22:29.456942,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.456997,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "NETLOGON" (pnum 198b)
[2013/10/06 18:22:29.457233,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE
[2013/10/06 18:22:29.457401,  0] rpc_server/netlogon/srv_netlog_nt.c:931(_netr_ServerAuthenticate3)
  _netr_ServerAuthenticate: no challenge sent to client MX8PC
[2013/10/06 18:22:29.458770,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 26
[2013/10/06 18:22:29.459258,  3] smbd/process.c:1609(process_smb)
  Transaction 26 of length 45 (0 toread)
[2013/10/06 18:22:29.459369,  3] smbd/process.c:1414(switch_message)
  switch message SMBclose (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.459459,  3] smbd/reply.c:4860(reply_close)
  close fd=-1 fnum=6539 (numopen=2)
[2013/10/06 18:22:29.478140,  3] smbd/process.c:1609(process_smb)
  Transaction 27 of length 132 (0 toread)
[2013/10/06 18:22:29.478348,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.478457,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=44 params=0 setup=2
[2013/10/06 18:22:29.478702,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.478741,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "lsarpc" (pnum 1988)
[2013/10/06 18:22:29.478798,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: LSA_CLOSE
[2013/10/06 18:22:29.478878,  3] rpc_server/rpc_handles.c:281(close_policy_hnd)
  Closed policy
[2013/10/06 18:22:29.479010,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 24
[2013/10/06 18:22:29.480055,  3] smbd/process.c:1609(process_smb)
  Transaction 28 of length 45 (0 toread)
[2013/10/06 18:22:29.480174,  3] smbd/process.c:1414(switch_message)
  switch message SMBclose (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.480265,  3] smbd/reply.c:4860(reply_close)
  close fd=-1 fnum=6536 (numopen=1)
[2013/10/06 18:22:29.481597,  3] smbd/process.c:1609(process_smb)
  Transaction 29 of length 43 (0 toread)
[2013/10/06 18:22:29.481718,  3] smbd/process.c:1414(switch_message)
  switch message SMBulogoffX (pid 1997) conn 0x0
[2013/10/06 18:22:29.481867,  3] smbd/reply.c:2098(reply_ulogoffX)
  ulogoffX vuid=100
[2013/10/06 18:22:29.482802,  3] smbd/process.c:1609(process_smb)
  Transaction 30 of length 39 (0 toread)
[2013/10/06 18:22:29.482917,  3] smbd/process.c:1414(switch_message)
  switch message SMBtdis (pid 1997) conn 0xb84cc2a0
[2013/10/06 18:22:29.483018,  3] smbd/service.c:1378(close_cnum)
  mx8pc (192.168.1.15) closed connection to service IPC$
[2013/10/06 18:22:29.483126,  3] smbd/connection.c:35(yield_connection)
  Yielding connection to IPC$
[2013/10/06 18:22:29.485165,  3] smbd/server_exit.c:181(exit_server_common)
  Server exit (failed to receive smb request)
[2013/10/06 18:22:29.793075,  3] lib/access.c:338(allow_access)
  Allowed connection from 192.168.1.15 (192.168.1.15)
[2013/10/06 18:22:29.793300,  3] smbd/oplock.c:922(init_oplocks)
  init_oplocks: initializing messages.
[2013/10/06 18:22:29.793469,  3] smbd/oplock_linux.c:246(linux_init_kernel_oplocks)
  Linux kernel oplocks enabled
[2013/10/06 18:22:29.793677,  3] smbd/process.c:1609(process_smb)
  Transaction 0 of length 72 (0 toread)
[2013/10/06 18:22:29.793789,  2] smbd/reply.c:553(reply_special)
  netbios connect: name1=CRUSADER       0x20 name2=MX8PC          0x0
[2013/10/06 18:22:29.793907,  2] smbd/reply.c:573(reply_special)
  netbios connect: local=crusader remote=mx8pc, name type = 0
[2013/10/06 18:22:29.794559,  3] smbd/process.c:1609(process_smb)
  Transaction 0 of length 137 (0 toread)
[2013/10/06 18:22:29.794685,  3] smbd/process.c:1414(switch_message)
  switch message SMBnegprot (pid 1998) conn 0x0
[2013/10/06 18:22:29.795366,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2013/10/06 18:22:29.795476,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [LANMAN1.0]
[2013/10/06 18:22:29.795573,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [Windows for Workgroups 3.1a]
[2013/10/06 18:22:29.795661,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [LM1.2X002]
[2013/10/06 18:22:29.795749,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [LANMAN2.1]
[2013/10/06 18:22:29.795835,  3] smbd/negprot.c:598(reply_negprot)
  Requested protocol [NT LM 0.12]
[2013/10/06 18:22:29.796045,  3] smbd/negprot.c:401(reply_nt1)
  not using SPNEGO
[2013/10/06 18:22:29.796134,  3] smbd/negprot.c:704(reply_negprot)
  Selected protocol NT LM 0.12
[2013/10/06 18:22:29.797739,  3] smbd/process.c:1609(process_smb)
  Transaction 1 of length 274 (0 toread)
[2013/10/06 18:22:29.797867,  3] smbd/process.c:1414(switch_message)
  switch message SMBsesssetupX (pid 1998) conn 0x0
[2013/10/06 18:22:29.797974,  3] smbd/sesssetup.c:1345(reply_sesssetup_and_X)
  wct=13 flg2=0xc807
[2013/10/06 18:22:29.798342,  3] smbd/sesssetup.c:1548(reply_sesssetup_and_X)
  Domain=[home]  NativeOS=[Windows 2002 Dodatek Service Pack 3 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[]
[2013/10/06 18:22:29.798456,  2] smbd/sesssetup.c:1291(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2013/10/06 18:22:29.798540,  3] smbd/sesssetup.c:1564(reply_sesssetup_and_X)
  sesssetupX:name=[home]\[fervi]@[mx8pc]
[2013/10/06 18:22:29.798921,  0] auth/user_util.c:357(map_username)
  can't open username map /etc/samba/smbusers. Error Nie ma takiego pliku ani katalogu
[2013/10/06 18:22:29.799813,  3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [home]\[fervi]@[mx8pc] with the new password interface
[2013/10/06 18:22:29.799912,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  mapped user is: [home]\[fervi]@[mx8pc]
[2013/10/06 18:22:29.800758,  3] passdb/lookup_sid.c:1754(get_primary_group_sid)
  Forcing Primary Group to 'Domain Users' for fervi
[2013/10/06 18:22:29.801369,  3] auth/auth.c:268(check_ntlm_password)
  check_ntlm_password: sam authentication for user [fervi] succeeded
[2013/10/06 18:22:29.801486,  2] auth/auth.c:309(check_ntlm_password)
  check_ntlm_password:  authentication for user [fervi] -> [fervi] -> [fervi] succeeded
[2013/10/06 18:22:29.804545,  3] smbd/password.c:298(register_existing_vuid)
  register_existing_vuid: User name: fervi	Real name: 
[2013/10/06 18:22:29.804661,  3] smbd/password.c:308(register_existing_vuid)
  register_existing_vuid: UNIX uid 1003 is UNIX user fervi, and will be vuid 100
[2013/10/06 18:22:29.804855,  3] smbd/password.c:224(register_homes_share)
  Using static (or previously created) service for user 'fervi'; path = '/home/samba/users/fervi'
[2013/10/06 18:22:29.804989,  3] smbd/process.c:1414(switch_message)
  switch message SMBtconX (pid 1998) conn 0x0
[2013/10/06 18:22:29.805135,  3] lib/access.c:338(allow_access)
  Allowed connection from 192.168.1.15 (192.168.1.15)
[2013/10/06 18:22:29.805270,  3] smbd/service.c:872(make_connection_snum)
  Connect path is '/tmp' for service [IPC$]
[2013/10/06 18:22:29.805403,  3] smbd/vfs.c:102(vfs_init_default)
  Initialising default vfs hooks
[2013/10/06 18:22:29.805502,  3] smbd/vfs.c:128(vfs_init_custom)
  Initialising custom vfs hooks from [/[Default VFS]/]
[2013/10/06 18:22:29.805706,  3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp)
  string_to_sid: SID root is not in a valid format
[2013/10/06 18:22:29.805998,  3] passdb/lookup_sid.c:1754(get_primary_group_sid)
  Forcing Primary Group to 'Domain Users' for root
[2013/10/06 18:22:29.806278,  3] smbd/service.c:1114(make_connection_snum)
  mx8pc (192.168.1.15) connect to service IPC$ initially as user fervi (uid=1003, gid=1003) (pid 1998)
[2013/10/06 18:22:29.806392,  3] smbd/reply.c:871(reply_tcon_and_X)
  tconX service=IPC$ 
[2013/10/06 18:22:29.807841,  3] smbd/process.c:1609(process_smb)
  Transaction 2 of length 104 (0 toread)
[2013/10/06 18:22:29.807968,  3] smbd/process.c:1414(switch_message)
  switch message SMBntcreateX (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.809149,  3] smbd/process.c:1609(process_smb)
  Transaction 3 of length 140 (0 toread)
[2013/10/06 18:22:29.809267,  3] smbd/process.c:1414(switch_message)
  switch message SMBwriteX (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.809439,  3] rpc_server/srv_pipe.c:889(api_pipe_bind_req)
  api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc
[2013/10/06 18:22:29.809539,  3] rpc_server/srv_pipe.c:339(check_bind_req)
  check_bind_req for \lsarpc
[2013/10/06 18:22:29.809630,  3] rpc_server/srv_pipe.c:346(check_bind_req)
  check_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc
[2013/10/06 18:22:29.809761,  3] smbd/pipes.c:361(pipe_write_andx_done)
  writeX-IPC nwritten=72
[2013/10/06 18:22:29.810414,  3] smbd/process.c:1609(process_smb)
  Transaction 4 of length 63 (0 toread)
[2013/10/06 18:22:29.810535,  3] smbd/process.c:1414(switch_message)
  switch message SMBreadX (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.810657,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 24
[2013/10/06 18:22:29.810763,  3] smbd/pipes.c:485(pipe_read_andx_done)
  readX-IPC min=1024 max=1024 nread=68
[2013/10/06 18:22:29.811693,  3] smbd/process.c:1609(process_smb)
  Transaction 5 of length 180 (0 toread)
[2013/10/06 18:22:29.811810,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.811932,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=92 params=0 setup=2
[2013/10/06 18:22:29.812052,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.812141,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "lsarpc" (pnum 198b)
[2013/10/06 18:22:29.812250,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: LSA_OPENPOLICY2
[2013/10/06 18:22:29.812419,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 1076
[2013/10/06 18:22:29.813438,  3] smbd/process.c:1609(process_smb)
  Transaction 6 of length 134 (0 toread)
[2013/10/06 18:22:29.813556,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.813656,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=46 params=0 setup=2
[2013/10/06 18:22:29.813810,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.813914,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "lsarpc" (pnum 198b)
[2013/10/06 18:22:29.814017,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY2
[2013/10/06 18:22:29.814373,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 28
[2013/10/06 18:22:29.815465,  3] smbd/process.c:1609(process_smb)
  Transaction 7 of length 134 (0 toread)
[2013/10/06 18:22:29.815582,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.815676,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=46 params=0 setup=2
[2013/10/06 18:22:29.815786,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.815872,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "lsarpc" (pnum 198b)
[2013/10/06 18:22:29.815973,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY
[2013/10/06 18:22:29.816118,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 136
[2013/10/06 18:22:29.817267,  3] smbd/process.c:1609(process_smb)
  Transaction 8 of length 104 (0 toread)
[2013/10/06 18:22:29.817384,  3] smbd/process.c:1414(switch_message)
  switch message SMBntcreateX (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.818403,  3] smbd/process.c:1609(process_smb)
  Transaction 9 of length 140 (0 toread)
[2013/10/06 18:22:29.818523,  3] smbd/process.c:1414(switch_message)
  switch message SMBwriteX (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.818638,  3] rpc_server/srv_pipe.c:889(api_pipe_bind_req)
  api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg
[2013/10/06 18:22:29.818729,  3] rpc_server/srv_pipe.c:339(check_bind_req)
  check_bind_req for \winreg
[2013/10/06 18:22:29.818814,  3] rpc_server/srv_pipe.c:346(check_bind_req)
  check_bind_req: \PIPE\winreg -> \PIPE\winreg
[2013/10/06 18:22:29.818927,  3] smbd/pipes.c:361(pipe_write_andx_done)
  writeX-IPC nwritten=72
[2013/10/06 18:22:29.819884,  3] smbd/process.c:1609(process_smb)
  Transaction 10 of length 63 (0 toread)
[2013/10/06 18:22:29.820000,  3] smbd/process.c:1414(switch_message)
  switch message SMBreadX (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.820104,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 24
[2013/10/06 18:22:29.820209,  3] smbd/pipes.c:485(pipe_read_andx_done)
  readX-IPC min=1024 max=1024 nread=68
[2013/10/06 18:22:29.821164,  3] smbd/process.c:1609(process_smb)
  Transaction 11 of length 124 (0 toread)
[2013/10/06 18:22:29.821281,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.821376,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=36 params=0 setup=2
[2013/10/06 18:22:29.821472,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.821557,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "winreg" (pnum 198c)
[2013/10/06 18:22:29.821658,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: WINREG_OPENHKLM
[2013/10/06 18:22:29.822037,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 24
[2013/10/06 18:22:29.823674,  3] smbd/process.c:1609(process_smb)
  Transaction 12 of length 272 (0 toread)
[2013/10/06 18:22:29.823794,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.823897,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=184 params=0 setup=2
[2013/10/06 18:22:29.823991,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.824071,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "winreg" (pnum 198c)
[2013/10/06 18:22:29.824178,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: WINREG_OPENKEY
[2013/10/06 18:22:29.824681,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 24
[2013/10/06 18:22:29.825644,  3] smbd/process.c:1609(process_smb)
  Transaction 13 of length 236 (0 toread)
[2013/10/06 18:22:29.825761,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.825857,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=148 params=0 setup=2
[2013/10/06 18:22:29.825983,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.826066,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "winreg" (pnum 198c)
[2013/10/06 18:22:29.826169,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: WINREG_QUERYVALUE
[2013/10/06 18:22:29.826589,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 40
[2013/10/06 18:22:29.827557,  3] smbd/process.c:1609(process_smb)
  Transaction 14 of length 132 (0 toread)
[2013/10/06 18:22:29.827675,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.827770,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=44 params=0 setup=2
[2013/10/06 18:22:29.827866,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.827951,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "winreg" (pnum 198c)
[2013/10/06 18:22:29.828054,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: WINREG_CLOSEKEY
[2013/10/06 18:22:29.828149,  3] rpc_server/rpc_handles.c:281(close_policy_hnd)
  Closed policy
[2013/10/06 18:22:29.828276,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 24
[2013/10/06 18:22:29.829359,  3] smbd/process.c:1609(process_smb)
  Transaction 15 of length 132 (0 toread)
[2013/10/06 18:22:29.829482,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.829578,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=44 params=0 setup=2
[2013/10/06 18:22:29.829675,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.829761,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "winreg" (pnum 198c)
[2013/10/06 18:22:29.829864,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: WINREG_CLOSEKEY
[2013/10/06 18:22:29.829955,  3] rpc_server/rpc_handles.c:281(close_policy_hnd)
  Closed policy
[2013/10/06 18:22:29.830098,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 24
[2013/10/06 18:22:29.831370,  3] smbd/process.c:1609(process_smb)
  Transaction 16 of length 45 (0 toread)
[2013/10/06 18:22:29.831520,  3] smbd/process.c:1414(switch_message)
  switch message SMBclose (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.831646,  3] smbd/reply.c:4860(reply_close)
  close fd=-1 fnum=6540 (numopen=2)
[2013/10/06 18:22:29.868988,  3] smbd/process.c:1609(process_smb)
  Transaction 17 of length 100 (0 toread)
[2013/10/06 18:22:29.869191,  3] smbd/process.c:1414(switch_message)
  switch message SMBntcreateX (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.870395,  3] smbd/process.c:1609(process_smb)
  Transaction 18 of length 140 (0 toread)
[2013/10/06 18:22:29.870580,  3] smbd/process.c:1414(switch_message)
  switch message SMBwriteX (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.870717,  3] rpc_server/srv_pipe.c:889(api_pipe_bind_req)
  api_pipe_bind_req: \PIPE\samr -> \PIPE\samr
[2013/10/06 18:22:29.870811,  3] rpc_server/srv_pipe.c:339(check_bind_req)
  check_bind_req for \samr
[2013/10/06 18:22:29.870897,  3] rpc_server/srv_pipe.c:346(check_bind_req)
  check_bind_req: \PIPE\samr -> \PIPE\samr
[2013/10/06 18:22:29.871019,  3] smbd/pipes.c:361(pipe_write_andx_done)
  writeX-IPC nwritten=72
[2013/10/06 18:22:29.872085,  3] smbd/process.c:1609(process_smb)
  Transaction 19 of length 63 (0 toread)
[2013/10/06 18:22:29.872203,  3] smbd/process.c:1414(switch_message)
  switch message SMBreadX (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.872309,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 22
[2013/10/06 18:22:29.872415,  3] smbd/pipes.c:485(pipe_read_andx_done)
  readX-IPC min=1024 max=1024 nread=68
[2013/10/06 18:22:29.873320,  3] smbd/process.c:1609(process_smb)
  Transaction 20 of length 172 (0 toread)
[2013/10/06 18:22:29.873437,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.873543,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=84 params=0 setup=2
[2013/10/06 18:22:29.873637,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.873719,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "samr" (pnum 198d)
[2013/10/06 18:22:29.873822,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: SAMR_CONNECT5
[2013/10/06 18:22:29.873993,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 1006
[2013/10/06 18:22:29.874889,  3] smbd/process.c:1609(process_smb)
  Transaction 21 of length 140 (0 toread)
[2013/10/06 18:22:29.875011,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.875115,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=52 params=0 setup=2
[2013/10/06 18:22:29.875209,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.875290,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "samr" (pnum 198d)
[2013/10/06 18:22:29.875392,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: SAMR_ENUMDOMAINS
[2013/10/06 18:22:29.875563,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 54
[2013/10/06 18:22:29.876613,  3] smbd/process.c:1609(process_smb)
  Transaction 22 of length 160 (0 toread)
[2013/10/06 18:22:29.876775,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.876926,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=72 params=0 setup=2
[2013/10/06 18:22:29.877068,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.877181,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "samr" (pnum 198d)
[2013/10/06 18:22:29.877287,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: SAMR_LOOKUPDOMAIN
[2013/10/06 18:22:29.877441,  2] rpc_server/samr/srv_samr_nt.c:4071(_samr_LookupDomain)
  Returning domain sid for domain HOME -> S-1-5-21-3442586189-2044471866-1293905478
[2013/10/06 18:22:29.877576,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 90
[2013/10/06 18:22:29.878592,  3] smbd/process.c:1609(process_smb)
  Transaction 23 of length 164 (0 toread)
[2013/10/06 18:22:29.878721,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.878825,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=76 params=0 setup=2
[2013/10/06 18:22:29.878919,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.879058,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "samr" (pnum 198d)
[2013/10/06 18:22:29.879176,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: SAMR_OPENDOMAIN
[2013/10/06 18:22:29.879328,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 1006
[2013/10/06 18:22:29.880301,  3] smbd/process.c:1609(process_smb)
  Transaction 24 of length 140 (0 toread)
[2013/10/06 18:22:29.880418,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.880521,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=52 params=0 setup=2
[2013/10/06 18:22:29.880691,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.880778,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "samr" (pnum 198d)
[2013/10/06 18:22:29.880880,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: SAMR_ENUMDOMAINS
[2013/10/06 18:22:29.881027,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 54
[2013/10/06 18:22:29.882031,  3] smbd/process.c:1609(process_smb)
  Transaction 25 of length 160 (0 toread)
[2013/10/06 18:22:29.882150,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.882252,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=72 params=0 setup=2
[2013/10/06 18:22:29.882346,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.882427,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "samr" (pnum 198d)
[2013/10/06 18:22:29.882527,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: SAMR_LOOKUPDOMAIN
[2013/10/06 18:22:29.882642,  2] rpc_server/samr/srv_samr_nt.c:4071(_samr_LookupDomain)
  Returning domain sid for domain HOME -> S-1-5-21-3442586189-2044471866-1293905478
[2013/10/06 18:22:29.882779,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 90
[2013/10/06 18:22:29.883726,  3] smbd/process.c:1609(process_smb)
  Transaction 26 of length 164 (0 toread)
[2013/10/06 18:22:29.883843,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.883945,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=76 params=0 setup=2
[2013/10/06 18:22:29.884039,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.884120,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "samr" (pnum 198d)
[2013/10/06 18:22:29.884233,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: SAMR_OPENDOMAIN
[2013/10/06 18:22:29.884375,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 1006
[2013/10/06 18:22:29.885348,  3] smbd/process.c:1609(process_smb)
  Transaction 27 of length 172 (0 toread)
[2013/10/06 18:22:29.885465,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.885567,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=84 params=0 setup=2
[2013/10/06 18:22:29.885664,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.885753,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "samr" (pnum 198d)
[2013/10/06 18:22:29.885855,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: SAMR_CREATEUSER2
[2013/10/06 18:22:29.886789,  2] rpc_server/rpc_handles.c:404(_policy_handle_find)
  rpc_server/samr/srv_samr_nt.c:3721: ACCESS DENIED (granted: 0x00000201; required: 0x00000010)
[2013/10/06 18:22:29.886935,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 22
[2013/10/06 18:22:29.887904,  3] smbd/process.c:1609(process_smb)
  Transaction 28 of length 132 (0 toread)
[2013/10/06 18:22:29.888021,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.888134,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=44 params=0 setup=2
[2013/10/06 18:22:29.888231,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.888315,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "samr" (pnum 198d)
[2013/10/06 18:22:29.888415,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: SAMR_CLOSE
[2013/10/06 18:22:29.888514,  3] rpc_server/rpc_handles.c:281(close_policy_hnd)
  Closed policy
[2013/10/06 18:22:29.888630,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 22
[2013/10/06 18:22:29.889644,  3] smbd/process.c:1609(process_smb)
  Transaction 29 of length 132 (0 toread)
[2013/10/06 18:22:29.889760,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.889854,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=44 params=0 setup=2
[2013/10/06 18:22:29.889945,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.889945,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "samr" (pnum 198d)
[2013/10/06 18:22:29.890034,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: SAMR_CLOSE
[2013/10/06 18:22:29.890124,  3] rpc_server/rpc_handles.c:281(close_policy_hnd)
  Closed policy
[2013/10/06 18:22:29.890237,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 22
[2013/10/06 18:22:29.891277,  3] smbd/process.c:1609(process_smb)
  Transaction 30 of length 45 (0 toread)
[2013/10/06 18:22:29.891399,  3] smbd/process.c:1414(switch_message)
  switch message SMBclose (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.891489,  3] smbd/reply.c:4860(reply_close)
  close fd=-1 fnum=6541 (numopen=2)
[2013/10/06 18:22:29.908393,  3] smbd/process.c:1609(process_smb)
  Transaction 31 of length 132 (0 toread)
[2013/10/06 18:22:29.908570,  3] smbd/process.c:1414(switch_message)
  switch message SMBtrans (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.908699,  3] smbd/ipc.c:560(handle_trans)
  trans <\PIPE\> data=44 params=0 setup=2
[2013/10/06 18:22:29.908806,  3] smbd/ipc.c:511(named_pipe)
  named pipe command on <> name
[2013/10/06 18:22:29.908893,  3] smbd/ipc.c:475(api_fd_reply)
  Got API command 0x26 on pipe "lsarpc" (pnum 198b)
[2013/10/06 18:22:29.909003,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
  api_rpcTNP: rpc command: LSA_CLOSE
[2013/10/06 18:22:29.909106,  3] rpc_server/rpc_handles.c:281(close_policy_hnd)
  Closed policy
[2013/10/06 18:22:29.909232,  3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context)
  free_pipe_context: destroying talloc pool of size 24
[2013/10/06 18:22:29.910424,  3] smbd/process.c:1609(process_smb)
  Transaction 32 of length 45 (0 toread)
[2013/10/06 18:22:29.910542,  3] smbd/process.c:1414(switch_message)
  switch message SMBclose (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.910631,  3] smbd/reply.c:4860(reply_close)
  close fd=-1 fnum=6539 (numopen=1)
[2013/10/06 18:22:29.911893,  3] smbd/process.c:1609(process_smb)
  Transaction 33 of length 43 (0 toread)
[2013/10/06 18:22:29.912011,  3] smbd/process.c:1414(switch_message)
  switch message SMBulogoffX (pid 1998) conn 0x0
[2013/10/06 18:22:29.912184,  3] smbd/reply.c:2098(reply_ulogoffX)
  ulogoffX vuid=100
[2013/10/06 18:22:29.913165,  3] smbd/process.c:1609(process_smb)
  Transaction 34 of length 39 (0 toread)
[2013/10/06 18:22:29.913281,  3] smbd/process.c:1414(switch_message)
  switch message SMBtdis (pid 1998) conn 0xb84cc2a0
[2013/10/06 18:22:29.913383,  3] smbd/service.c:1378(close_cnum)
  mx8pc (192.168.1.15) closed connection to service IPC$
[2013/10/06 18:22:29.913492,  3] smbd/connection.c:35(yield_connection)
  Yielding connection to IPC$
[2013/10/06 18:22:29.915325,  3] smbd/server_exit.c:181(exit_server_common)
  Server exit (failed to receive smb request)