[2013/10/06 18:22:29.384591, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.1.15 (192.168.1.15) [2013/10/06 18:22:29.384809, 3] smbd/oplock.c:922(init_oplocks) init_oplocks: initializing messages. [2013/10/06 18:22:29.384987, 3] smbd/oplock_linux.c:246(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2013/10/06 18:22:29.385211, 3] smbd/process.c:1609(process_smb) Transaction 0 of length 72 (0 toread) [2013/10/06 18:22:29.385430, 2] smbd/reply.c:553(reply_special) netbios connect: name1=CRUSADER 0x20 name2=MX8PC 0x0 [2013/10/06 18:22:29.385565, 2] smbd/reply.c:573(reply_special) netbios connect: local=crusader remote=mx8pc, name type = 0 [2013/10/06 18:22:29.387453, 3] smbd/process.c:1609(process_smb) Transaction 0 of length 137 (0 toread) [2013/10/06 18:22:29.387580, 3] smbd/process.c:1414(switch_message) switch message SMBnegprot (pid 1997) conn 0x0 [2013/10/06 18:22:29.388311, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2013/10/06 18:22:29.388422, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN1.0] [2013/10/06 18:22:29.388518, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [Windows for Workgroups 3.1a] [2013/10/06 18:22:29.388757, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LM1.2X002] [2013/10/06 18:22:29.388849, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN2.1] [2013/10/06 18:22:29.388935, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [NT LM 0.12] [2013/10/06 18:22:29.389152, 3] smbd/negprot.c:401(reply_nt1) not using SPNEGO [2013/10/06 18:22:29.389268, 3] smbd/negprot.c:704(reply_negprot) Selected protocol NT LM 0.12 [2013/10/06 18:22:29.391219, 3] smbd/process.c:1609(process_smb) Transaction 1 of length 274 (0 toread) [2013/10/06 18:22:29.391352, 3] smbd/process.c:1414(switch_message) switch message SMBsesssetupX (pid 1997) conn 0x0 [2013/10/06 18:22:29.391497, 3] smbd/sesssetup.c:1345(reply_sesssetup_and_X) wct=13 flg2=0xc807 [2013/10/06 18:22:29.391653, 3] smbd/sesssetup.c:1548(reply_sesssetup_and_X) Domain=[home] NativeOS=[Windows 2002 Dodatek Service Pack 3 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2013/10/06 18:22:29.391749, 2] smbd/sesssetup.c:1291(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2013/10/06 18:22:29.391832, 3] smbd/sesssetup.c:1564(reply_sesssetup_and_X) sesssetupX:name=[home]\[fervi]@[mx8pc] [2013/10/06 18:22:29.392211, 0] auth/user_util.c:357(map_username) can't open username map /etc/samba/smbusers. Error Nie ma takiego pliku ani katalogu [2013/10/06 18:22:29.392849, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [home]\[fervi]@[mx8pc] with the new password interface [2013/10/06 18:22:29.392947, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: [home]\[fervi]@[mx8pc] [2013/10/06 18:22:29.395524, 3] passdb/lookup_sid.c:1754(get_primary_group_sid) Forcing Primary Group to 'Domain Users' for fervi [2013/10/06 18:22:29.396171, 3] auth/auth.c:268(check_ntlm_password) check_ntlm_password: sam authentication for user [fervi] succeeded [2013/10/06 18:22:29.396293, 2] auth/auth.c:309(check_ntlm_password) check_ntlm_password: authentication for user [fervi] -> [fervi] -> [fervi] succeeded [2013/10/06 18:22:29.397691, 3] smbd/password.c:298(register_existing_vuid) register_existing_vuid: User name: fervi Real name: [2013/10/06 18:22:29.397802, 3] smbd/password.c:308(register_existing_vuid) register_existing_vuid: UNIX uid 1003 is UNIX user fervi, and will be vuid 100 [2013/10/06 18:22:29.397995, 3] smbd/password.c:224(register_homes_share) Using static (or previously created) service for user 'fervi'; path = '/home/samba/users/fervi' [2013/10/06 18:22:29.398127, 3] smbd/process.c:1414(switch_message) switch message SMBtconX (pid 1997) conn 0x0 [2013/10/06 18:22:29.398273, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.1.15 (192.168.1.15) [2013/10/06 18:22:29.398299, 3] smbd/service.c:872(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2013/10/06 18:22:29.398299, 3] smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2013/10/06 18:22:29.398342, 3] smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2013/10/06 18:22:29.398555, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID root is not in a valid format [2013/10/06 18:22:29.398882, 3] passdb/lookup_sid.c:1754(get_primary_group_sid) Forcing Primary Group to 'Domain Users' for root [2013/10/06 18:22:29.399169, 3] smbd/service.c:1114(make_connection_snum) mx8pc (192.168.1.15) connect to service IPC$ initially as user fervi (uid=1003, gid=1003) (pid 1997) [2013/10/06 18:22:29.399283, 3] smbd/reply.c:871(reply_tcon_and_X) tconX service=IPC$ [2013/10/06 18:22:29.400790, 3] smbd/process.c:1609(process_smb) Transaction 2 of length 104 (0 toread) [2013/10/06 18:22:29.400936, 3] smbd/process.c:1414(switch_message) switch message SMBntcreateX (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.402235, 3] smbd/process.c:1609(process_smb) Transaction 3 of length 140 (0 toread) [2013/10/06 18:22:29.402355, 3] smbd/process.c:1414(switch_message) switch message SMBwriteX (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.402527, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2013/10/06 18:22:29.402626, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \lsarpc [2013/10/06 18:22:29.402717, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2013/10/06 18:22:29.402848, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=72 [2013/10/06 18:22:29.403806, 3] smbd/process.c:1609(process_smb) Transaction 4 of length 63 (0 toread) [2013/10/06 18:22:29.403922, 3] smbd/process.c:1414(switch_message) switch message SMBreadX (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.404046, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2013/10/06 18:22:29.404153, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2013/10/06 18:22:29.405086, 3] smbd/process.c:1609(process_smb) Transaction 5 of length 180 (0 toread) [2013/10/06 18:22:29.405201, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.405407, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=92 params=0 setup=2 [2013/10/06 18:22:29.405519, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.405639, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 1988) [2013/10/06 18:22:29.405975, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2013/10/06 18:22:29.406193, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1076 [2013/10/06 18:22:29.407225, 3] smbd/process.c:1609(process_smb) Transaction 6 of length 134 (0 toread) [2013/10/06 18:22:29.407341, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.407440, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=46 params=0 setup=2 [2013/10/06 18:22:29.407535, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.407618, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 1988) [2013/10/06 18:22:29.407718, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY2 [2013/10/06 18:22:29.407884, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 28 [2013/10/06 18:22:29.409024, 3] smbd/process.c:1609(process_smb) Transaction 7 of length 134 (0 toread) [2013/10/06 18:22:29.409140, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.409254, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=46 params=0 setup=2 [2013/10/06 18:22:29.409353, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.409437, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 1988) [2013/10/06 18:22:29.409536, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2013/10/06 18:22:29.409683, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 136 [2013/10/06 18:22:29.411575, 3] smbd/process.c:1609(process_smb) Transaction 8 of length 104 (0 toread) [2013/10/06 18:22:29.411696, 3] smbd/process.c:1414(switch_message) switch message SMBntcreateX (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.412840, 3] smbd/process.c:1609(process_smb) Transaction 9 of length 140 (0 toread) [2013/10/06 18:22:29.412958, 3] smbd/process.c:1414(switch_message) switch message SMBwriteX (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.413104, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg [2013/10/06 18:22:29.413198, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \winreg [2013/10/06 18:22:29.413282, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\winreg -> \PIPE\winreg [2013/10/06 18:22:29.413395, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=72 [2013/10/06 18:22:29.414306, 3] smbd/process.c:1609(process_smb) Transaction 10 of length 63 (0 toread) [2013/10/06 18:22:29.414425, 3] smbd/process.c:1414(switch_message) switch message SMBreadX (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.414572, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2013/10/06 18:22:29.414703, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2013/10/06 18:22:29.415628, 3] smbd/process.c:1609(process_smb) Transaction 11 of length 124 (0 toread) [2013/10/06 18:22:29.415743, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.415886, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=36 params=0 setup=2 [2013/10/06 18:22:29.415995, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.416080, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "winreg" (pnum 1989) [2013/10/06 18:22:29.416182, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: WINREG_OPENHKLM [2013/10/06 18:22:29.416582, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2013/10/06 18:22:29.417588, 3] smbd/process.c:1609(process_smb) Transaction 12 of length 272 (0 toread) [2013/10/06 18:22:29.417703, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.417870, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=184 params=0 setup=2 [2013/10/06 18:22:29.418034, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.418120, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "winreg" (pnum 1989) [2013/10/06 18:22:29.418226, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: WINREG_OPENKEY [2013/10/06 18:22:29.418984, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2013/10/06 18:22:29.419975, 3] smbd/process.c:1609(process_smb) Transaction 13 of length 236 (0 toread) [2013/10/06 18:22:29.420091, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.420194, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=148 params=0 setup=2 [2013/10/06 18:22:29.420286, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.420399, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "winreg" (pnum 1989) [2013/10/06 18:22:29.420531, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: WINREG_QUERYVALUE [2013/10/06 18:22:29.420722, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 40 [2013/10/06 18:22:29.421700, 3] smbd/process.c:1609(process_smb) Transaction 14 of length 132 (0 toread) [2013/10/06 18:22:29.421817, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.421911, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2013/10/06 18:22:29.422001, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.422028, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "winreg" (pnum 1989) [2013/10/06 18:22:29.422192, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: WINREG_CLOSEKEY [2013/10/06 18:22:29.422329, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/10/06 18:22:29.422460, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2013/10/06 18:22:29.423503, 3] smbd/process.c:1609(process_smb) Transaction 15 of length 132 (0 toread) [2013/10/06 18:22:29.423619, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.423713, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2013/10/06 18:22:29.423809, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.423892, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "winreg" (pnum 1989) [2013/10/06 18:22:29.424047, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: WINREG_CLOSEKEY [2013/10/06 18:22:29.424139, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/10/06 18:22:29.424278, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2013/10/06 18:22:29.425249, 3] smbd/process.c:1609(process_smb) Transaction 16 of length 45 (0 toread) [2013/10/06 18:22:29.425366, 3] smbd/process.c:1414(switch_message) switch message SMBclose (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.425493, 3] smbd/reply.c:4860(reply_close) close fd=-1 fnum=6537 (numopen=2) [2013/10/06 18:22:29.449737, 3] smbd/process.c:1609(process_smb) Transaction 17 of length 108 (0 toread) [2013/10/06 18:22:29.449852, 3] smbd/process.c:1414(switch_message) switch message SMBntcreateX (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.450396, 3] smbd/process.c:1609(process_smb) Transaction 18 of length 140 (0 toread) [2013/10/06 18:22:29.450449, 3] smbd/process.c:1414(switch_message) switch message SMBwriteX (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.450506, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2013/10/06 18:22:29.450545, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \netlogon [2013/10/06 18:22:29.450579, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2013/10/06 18:22:29.450632, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=72 [2013/10/06 18:22:29.451005, 3] smbd/process.c:1609(process_smb) Transaction 19 of length 63 (0 toread) [2013/10/06 18:22:29.451057, 3] smbd/process.c:1414(switch_message) switch message SMBreadX (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.451101, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 26 [2013/10/06 18:22:29.451146, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=72 [2013/10/06 18:22:29.451556, 3] smbd/process.c:1609(process_smb) Transaction 20 of length 184 (0 toread) [2013/10/06 18:22:29.451608, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.451651, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=96 params=0 setup=2 [2013/10/06 18:22:29.451704, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.451739, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "NETLOGON" (pnum 198a) [2013/10/06 18:22:29.451782, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: NETR_SERVERREQCHALLENGE [2013/10/06 18:22:29.451855, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 26 [2013/10/06 18:22:29.452334, 3] smbd/process.c:1609(process_smb) Transaction 21 of length 45 (0 toread) [2013/10/06 18:22:29.452480, 3] smbd/process.c:1414(switch_message) switch message SMBclose (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.452574, 3] smbd/reply.c:4860(reply_close) close fd=-1 fnum=6538 (numopen=2) [2013/10/06 18:22:29.453349, 3] smbd/process.c:1609(process_smb) Transaction 22 of length 108 (0 toread) [2013/10/06 18:22:29.453465, 3] smbd/process.c:1414(switch_message) switch message SMBntcreateX (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.454318, 3] smbd/process.c:1609(process_smb) Transaction 23 of length 140 (0 toread) [2013/10/06 18:22:29.454439, 3] smbd/process.c:1414(switch_message) switch message SMBwriteX (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.454555, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2013/10/06 18:22:29.454647, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \netlogon [2013/10/06 18:22:29.454730, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\netlogon -> \PIPE\netlogon [2013/10/06 18:22:29.454888, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=72 [2013/10/06 18:22:29.455590, 3] smbd/process.c:1609(process_smb) Transaction 24 of length 63 (0 toread) [2013/10/06 18:22:29.455706, 3] smbd/process.c:1414(switch_message) switch message SMBreadX (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.455810, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 26 [2013/10/06 18:22:29.455943, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=72 [2013/10/06 18:22:29.456678, 3] smbd/process.c:1609(process_smb) Transaction 25 of length 212 (0 toread) [2013/10/06 18:22:29.456826, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.456892, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=124 params=0 setup=2 [2013/10/06 18:22:29.456942, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.456997, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "NETLOGON" (pnum 198b) [2013/10/06 18:22:29.457233, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: NETR_SERVERAUTHENTICATE [2013/10/06 18:22:29.457401, 0] rpc_server/netlogon/srv_netlog_nt.c:931(_netr_ServerAuthenticate3) _netr_ServerAuthenticate: no challenge sent to client MX8PC [2013/10/06 18:22:29.458770, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 26 [2013/10/06 18:22:29.459258, 3] smbd/process.c:1609(process_smb) Transaction 26 of length 45 (0 toread) [2013/10/06 18:22:29.459369, 3] smbd/process.c:1414(switch_message) switch message SMBclose (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.459459, 3] smbd/reply.c:4860(reply_close) close fd=-1 fnum=6539 (numopen=2) [2013/10/06 18:22:29.478140, 3] smbd/process.c:1609(process_smb) Transaction 27 of length 132 (0 toread) [2013/10/06 18:22:29.478348, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.478457, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2013/10/06 18:22:29.478702, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.478741, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 1988) [2013/10/06 18:22:29.478798, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: LSA_CLOSE [2013/10/06 18:22:29.478878, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/10/06 18:22:29.479010, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2013/10/06 18:22:29.480055, 3] smbd/process.c:1609(process_smb) Transaction 28 of length 45 (0 toread) [2013/10/06 18:22:29.480174, 3] smbd/process.c:1414(switch_message) switch message SMBclose (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.480265, 3] smbd/reply.c:4860(reply_close) close fd=-1 fnum=6536 (numopen=1) [2013/10/06 18:22:29.481597, 3] smbd/process.c:1609(process_smb) Transaction 29 of length 43 (0 toread) [2013/10/06 18:22:29.481718, 3] smbd/process.c:1414(switch_message) switch message SMBulogoffX (pid 1997) conn 0x0 [2013/10/06 18:22:29.481867, 3] smbd/reply.c:2098(reply_ulogoffX) ulogoffX vuid=100 [2013/10/06 18:22:29.482802, 3] smbd/process.c:1609(process_smb) Transaction 30 of length 39 (0 toread) [2013/10/06 18:22:29.482917, 3] smbd/process.c:1414(switch_message) switch message SMBtdis (pid 1997) conn 0xb84cc2a0 [2013/10/06 18:22:29.483018, 3] smbd/service.c:1378(close_cnum) mx8pc (192.168.1.15) closed connection to service IPC$ [2013/10/06 18:22:29.483126, 3] smbd/connection.c:35(yield_connection) Yielding connection to IPC$ [2013/10/06 18:22:29.485165, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request) [2013/10/06 18:22:29.793075, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.1.15 (192.168.1.15) [2013/10/06 18:22:29.793300, 3] smbd/oplock.c:922(init_oplocks) init_oplocks: initializing messages. [2013/10/06 18:22:29.793469, 3] smbd/oplock_linux.c:246(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2013/10/06 18:22:29.793677, 3] smbd/process.c:1609(process_smb) Transaction 0 of length 72 (0 toread) [2013/10/06 18:22:29.793789, 2] smbd/reply.c:553(reply_special) netbios connect: name1=CRUSADER 0x20 name2=MX8PC 0x0 [2013/10/06 18:22:29.793907, 2] smbd/reply.c:573(reply_special) netbios connect: local=crusader remote=mx8pc, name type = 0 [2013/10/06 18:22:29.794559, 3] smbd/process.c:1609(process_smb) Transaction 0 of length 137 (0 toread) [2013/10/06 18:22:29.794685, 3] smbd/process.c:1414(switch_message) switch message SMBnegprot (pid 1998) conn 0x0 [2013/10/06 18:22:29.795366, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2013/10/06 18:22:29.795476, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN1.0] [2013/10/06 18:22:29.795573, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [Windows for Workgroups 3.1a] [2013/10/06 18:22:29.795661, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LM1.2X002] [2013/10/06 18:22:29.795749, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN2.1] [2013/10/06 18:22:29.795835, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [NT LM 0.12] [2013/10/06 18:22:29.796045, 3] smbd/negprot.c:401(reply_nt1) not using SPNEGO [2013/10/06 18:22:29.796134, 3] smbd/negprot.c:704(reply_negprot) Selected protocol NT LM 0.12 [2013/10/06 18:22:29.797739, 3] smbd/process.c:1609(process_smb) Transaction 1 of length 274 (0 toread) [2013/10/06 18:22:29.797867, 3] smbd/process.c:1414(switch_message) switch message SMBsesssetupX (pid 1998) conn 0x0 [2013/10/06 18:22:29.797974, 3] smbd/sesssetup.c:1345(reply_sesssetup_and_X) wct=13 flg2=0xc807 [2013/10/06 18:22:29.798342, 3] smbd/sesssetup.c:1548(reply_sesssetup_and_X) Domain=[home] NativeOS=[Windows 2002 Dodatek Service Pack 3 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2013/10/06 18:22:29.798456, 2] smbd/sesssetup.c:1291(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2013/10/06 18:22:29.798540, 3] smbd/sesssetup.c:1564(reply_sesssetup_and_X) sesssetupX:name=[home]\[fervi]@[mx8pc] [2013/10/06 18:22:29.798921, 0] auth/user_util.c:357(map_username) can't open username map /etc/samba/smbusers. Error Nie ma takiego pliku ani katalogu [2013/10/06 18:22:29.799813, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [home]\[fervi]@[mx8pc] with the new password interface [2013/10/06 18:22:29.799912, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: [home]\[fervi]@[mx8pc] [2013/10/06 18:22:29.800758, 3] passdb/lookup_sid.c:1754(get_primary_group_sid) Forcing Primary Group to 'Domain Users' for fervi [2013/10/06 18:22:29.801369, 3] auth/auth.c:268(check_ntlm_password) check_ntlm_password: sam authentication for user [fervi] succeeded [2013/10/06 18:22:29.801486, 2] auth/auth.c:309(check_ntlm_password) check_ntlm_password: authentication for user [fervi] -> [fervi] -> [fervi] succeeded [2013/10/06 18:22:29.804545, 3] smbd/password.c:298(register_existing_vuid) register_existing_vuid: User name: fervi Real name: [2013/10/06 18:22:29.804661, 3] smbd/password.c:308(register_existing_vuid) register_existing_vuid: UNIX uid 1003 is UNIX user fervi, and will be vuid 100 [2013/10/06 18:22:29.804855, 3] smbd/password.c:224(register_homes_share) Using static (or previously created) service for user 'fervi'; path = '/home/samba/users/fervi' [2013/10/06 18:22:29.804989, 3] smbd/process.c:1414(switch_message) switch message SMBtconX (pid 1998) conn 0x0 [2013/10/06 18:22:29.805135, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.1.15 (192.168.1.15) [2013/10/06 18:22:29.805270, 3] smbd/service.c:872(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2013/10/06 18:22:29.805403, 3] smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2013/10/06 18:22:29.805502, 3] smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2013/10/06 18:22:29.805706, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID root is not in a valid format [2013/10/06 18:22:29.805998, 3] passdb/lookup_sid.c:1754(get_primary_group_sid) Forcing Primary Group to 'Domain Users' for root [2013/10/06 18:22:29.806278, 3] smbd/service.c:1114(make_connection_snum) mx8pc (192.168.1.15) connect to service IPC$ initially as user fervi (uid=1003, gid=1003) (pid 1998) [2013/10/06 18:22:29.806392, 3] smbd/reply.c:871(reply_tcon_and_X) tconX service=IPC$ [2013/10/06 18:22:29.807841, 3] smbd/process.c:1609(process_smb) Transaction 2 of length 104 (0 toread) [2013/10/06 18:22:29.807968, 3] smbd/process.c:1414(switch_message) switch message SMBntcreateX (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.809149, 3] smbd/process.c:1609(process_smb) Transaction 3 of length 140 (0 toread) [2013/10/06 18:22:29.809267, 3] smbd/process.c:1414(switch_message) switch message SMBwriteX (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.809439, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2013/10/06 18:22:29.809539, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \lsarpc [2013/10/06 18:22:29.809630, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\lsarpc -> \PIPE\lsarpc [2013/10/06 18:22:29.809761, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=72 [2013/10/06 18:22:29.810414, 3] smbd/process.c:1609(process_smb) Transaction 4 of length 63 (0 toread) [2013/10/06 18:22:29.810535, 3] smbd/process.c:1414(switch_message) switch message SMBreadX (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.810657, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2013/10/06 18:22:29.810763, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2013/10/06 18:22:29.811693, 3] smbd/process.c:1609(process_smb) Transaction 5 of length 180 (0 toread) [2013/10/06 18:22:29.811810, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.811932, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=92 params=0 setup=2 [2013/10/06 18:22:29.812052, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.812141, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 198b) [2013/10/06 18:22:29.812250, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: LSA_OPENPOLICY2 [2013/10/06 18:22:29.812419, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1076 [2013/10/06 18:22:29.813438, 3] smbd/process.c:1609(process_smb) Transaction 6 of length 134 (0 toread) [2013/10/06 18:22:29.813556, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.813656, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=46 params=0 setup=2 [2013/10/06 18:22:29.813810, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.813914, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 198b) [2013/10/06 18:22:29.814017, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY2 [2013/10/06 18:22:29.814373, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 28 [2013/10/06 18:22:29.815465, 3] smbd/process.c:1609(process_smb) Transaction 7 of length 134 (0 toread) [2013/10/06 18:22:29.815582, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.815676, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=46 params=0 setup=2 [2013/10/06 18:22:29.815786, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.815872, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 198b) [2013/10/06 18:22:29.815973, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: LSA_QUERYINFOPOLICY [2013/10/06 18:22:29.816118, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 136 [2013/10/06 18:22:29.817267, 3] smbd/process.c:1609(process_smb) Transaction 8 of length 104 (0 toread) [2013/10/06 18:22:29.817384, 3] smbd/process.c:1414(switch_message) switch message SMBntcreateX (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.818403, 3] smbd/process.c:1609(process_smb) Transaction 9 of length 140 (0 toread) [2013/10/06 18:22:29.818523, 3] smbd/process.c:1414(switch_message) switch message SMBwriteX (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.818638, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\winreg -> \PIPE\winreg [2013/10/06 18:22:29.818729, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \winreg [2013/10/06 18:22:29.818814, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\winreg -> \PIPE\winreg [2013/10/06 18:22:29.818927, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=72 [2013/10/06 18:22:29.819884, 3] smbd/process.c:1609(process_smb) Transaction 10 of length 63 (0 toread) [2013/10/06 18:22:29.820000, 3] smbd/process.c:1414(switch_message) switch message SMBreadX (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.820104, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2013/10/06 18:22:29.820209, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2013/10/06 18:22:29.821164, 3] smbd/process.c:1609(process_smb) Transaction 11 of length 124 (0 toread) [2013/10/06 18:22:29.821281, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.821376, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=36 params=0 setup=2 [2013/10/06 18:22:29.821472, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.821557, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "winreg" (pnum 198c) [2013/10/06 18:22:29.821658, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: WINREG_OPENHKLM [2013/10/06 18:22:29.822037, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2013/10/06 18:22:29.823674, 3] smbd/process.c:1609(process_smb) Transaction 12 of length 272 (0 toread) [2013/10/06 18:22:29.823794, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.823897, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=184 params=0 setup=2 [2013/10/06 18:22:29.823991, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.824071, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "winreg" (pnum 198c) [2013/10/06 18:22:29.824178, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: WINREG_OPENKEY [2013/10/06 18:22:29.824681, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2013/10/06 18:22:29.825644, 3] smbd/process.c:1609(process_smb) Transaction 13 of length 236 (0 toread) [2013/10/06 18:22:29.825761, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.825857, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=148 params=0 setup=2 [2013/10/06 18:22:29.825983, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.826066, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "winreg" (pnum 198c) [2013/10/06 18:22:29.826169, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: WINREG_QUERYVALUE [2013/10/06 18:22:29.826589, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 40 [2013/10/06 18:22:29.827557, 3] smbd/process.c:1609(process_smb) Transaction 14 of length 132 (0 toread) [2013/10/06 18:22:29.827675, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.827770, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2013/10/06 18:22:29.827866, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.827951, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "winreg" (pnum 198c) [2013/10/06 18:22:29.828054, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: WINREG_CLOSEKEY [2013/10/06 18:22:29.828149, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/10/06 18:22:29.828276, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2013/10/06 18:22:29.829359, 3] smbd/process.c:1609(process_smb) Transaction 15 of length 132 (0 toread) [2013/10/06 18:22:29.829482, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.829578, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2013/10/06 18:22:29.829675, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.829761, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "winreg" (pnum 198c) [2013/10/06 18:22:29.829864, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: WINREG_CLOSEKEY [2013/10/06 18:22:29.829955, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/10/06 18:22:29.830098, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2013/10/06 18:22:29.831370, 3] smbd/process.c:1609(process_smb) Transaction 16 of length 45 (0 toread) [2013/10/06 18:22:29.831520, 3] smbd/process.c:1414(switch_message) switch message SMBclose (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.831646, 3] smbd/reply.c:4860(reply_close) close fd=-1 fnum=6540 (numopen=2) [2013/10/06 18:22:29.868988, 3] smbd/process.c:1609(process_smb) Transaction 17 of length 100 (0 toread) [2013/10/06 18:22:29.869191, 3] smbd/process.c:1414(switch_message) switch message SMBntcreateX (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.870395, 3] smbd/process.c:1609(process_smb) Transaction 18 of length 140 (0 toread) [2013/10/06 18:22:29.870580, 3] smbd/process.c:1414(switch_message) switch message SMBwriteX (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.870717, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\samr -> \PIPE\samr [2013/10/06 18:22:29.870811, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \samr [2013/10/06 18:22:29.870897, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\samr -> \PIPE\samr [2013/10/06 18:22:29.871019, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=72 [2013/10/06 18:22:29.872085, 3] smbd/process.c:1609(process_smb) Transaction 19 of length 63 (0 toread) [2013/10/06 18:22:29.872203, 3] smbd/process.c:1414(switch_message) switch message SMBreadX (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.872309, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 22 [2013/10/06 18:22:29.872415, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2013/10/06 18:22:29.873320, 3] smbd/process.c:1609(process_smb) Transaction 20 of length 172 (0 toread) [2013/10/06 18:22:29.873437, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.873543, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=84 params=0 setup=2 [2013/10/06 18:22:29.873637, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.873719, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 198d) [2013/10/06 18:22:29.873822, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: SAMR_CONNECT5 [2013/10/06 18:22:29.873993, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1006 [2013/10/06 18:22:29.874889, 3] smbd/process.c:1609(process_smb) Transaction 21 of length 140 (0 toread) [2013/10/06 18:22:29.875011, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.875115, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=52 params=0 setup=2 [2013/10/06 18:22:29.875209, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.875290, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 198d) [2013/10/06 18:22:29.875392, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: SAMR_ENUMDOMAINS [2013/10/06 18:22:29.875563, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 54 [2013/10/06 18:22:29.876613, 3] smbd/process.c:1609(process_smb) Transaction 22 of length 160 (0 toread) [2013/10/06 18:22:29.876775, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.876926, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=72 params=0 setup=2 [2013/10/06 18:22:29.877068, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.877181, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 198d) [2013/10/06 18:22:29.877287, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: SAMR_LOOKUPDOMAIN [2013/10/06 18:22:29.877441, 2] rpc_server/samr/srv_samr_nt.c:4071(_samr_LookupDomain) Returning domain sid for domain HOME -> S-1-5-21-3442586189-2044471866-1293905478 [2013/10/06 18:22:29.877576, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 90 [2013/10/06 18:22:29.878592, 3] smbd/process.c:1609(process_smb) Transaction 23 of length 164 (0 toread) [2013/10/06 18:22:29.878721, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.878825, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=76 params=0 setup=2 [2013/10/06 18:22:29.878919, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.879058, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 198d) [2013/10/06 18:22:29.879176, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: SAMR_OPENDOMAIN [2013/10/06 18:22:29.879328, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1006 [2013/10/06 18:22:29.880301, 3] smbd/process.c:1609(process_smb) Transaction 24 of length 140 (0 toread) [2013/10/06 18:22:29.880418, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.880521, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=52 params=0 setup=2 [2013/10/06 18:22:29.880691, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.880778, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 198d) [2013/10/06 18:22:29.880880, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: SAMR_ENUMDOMAINS [2013/10/06 18:22:29.881027, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 54 [2013/10/06 18:22:29.882031, 3] smbd/process.c:1609(process_smb) Transaction 25 of length 160 (0 toread) [2013/10/06 18:22:29.882150, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.882252, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=72 params=0 setup=2 [2013/10/06 18:22:29.882346, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.882427, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 198d) [2013/10/06 18:22:29.882527, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: SAMR_LOOKUPDOMAIN [2013/10/06 18:22:29.882642, 2] rpc_server/samr/srv_samr_nt.c:4071(_samr_LookupDomain) Returning domain sid for domain HOME -> S-1-5-21-3442586189-2044471866-1293905478 [2013/10/06 18:22:29.882779, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 90 [2013/10/06 18:22:29.883726, 3] smbd/process.c:1609(process_smb) Transaction 26 of length 164 (0 toread) [2013/10/06 18:22:29.883843, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.883945, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=76 params=0 setup=2 [2013/10/06 18:22:29.884039, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.884120, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 198d) [2013/10/06 18:22:29.884233, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: SAMR_OPENDOMAIN [2013/10/06 18:22:29.884375, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1006 [2013/10/06 18:22:29.885348, 3] smbd/process.c:1609(process_smb) Transaction 27 of length 172 (0 toread) [2013/10/06 18:22:29.885465, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.885567, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=84 params=0 setup=2 [2013/10/06 18:22:29.885664, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.885753, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 198d) [2013/10/06 18:22:29.885855, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: SAMR_CREATEUSER2 [2013/10/06 18:22:29.886789, 2] rpc_server/rpc_handles.c:404(_policy_handle_find) rpc_server/samr/srv_samr_nt.c:3721: ACCESS DENIED (granted: 0x00000201; required: 0x00000010) [2013/10/06 18:22:29.886935, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 22 [2013/10/06 18:22:29.887904, 3] smbd/process.c:1609(process_smb) Transaction 28 of length 132 (0 toread) [2013/10/06 18:22:29.888021, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.888134, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2013/10/06 18:22:29.888231, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.888315, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 198d) [2013/10/06 18:22:29.888415, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: SAMR_CLOSE [2013/10/06 18:22:29.888514, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/10/06 18:22:29.888630, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 22 [2013/10/06 18:22:29.889644, 3] smbd/process.c:1609(process_smb) Transaction 29 of length 132 (0 toread) [2013/10/06 18:22:29.889760, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.889854, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2013/10/06 18:22:29.889945, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.889945, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "samr" (pnum 198d) [2013/10/06 18:22:29.890034, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: SAMR_CLOSE [2013/10/06 18:22:29.890124, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/10/06 18:22:29.890237, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 22 [2013/10/06 18:22:29.891277, 3] smbd/process.c:1609(process_smb) Transaction 30 of length 45 (0 toread) [2013/10/06 18:22:29.891399, 3] smbd/process.c:1414(switch_message) switch message SMBclose (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.891489, 3] smbd/reply.c:4860(reply_close) close fd=-1 fnum=6541 (numopen=2) [2013/10/06 18:22:29.908393, 3] smbd/process.c:1609(process_smb) Transaction 31 of length 132 (0 toread) [2013/10/06 18:22:29.908570, 3] smbd/process.c:1414(switch_message) switch message SMBtrans (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.908699, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2013/10/06 18:22:29.908806, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2013/10/06 18:22:29.908893, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "lsarpc" (pnum 198b) [2013/10/06 18:22:29.909003, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: LSA_CLOSE [2013/10/06 18:22:29.909106, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2013/10/06 18:22:29.909232, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 24 [2013/10/06 18:22:29.910424, 3] smbd/process.c:1609(process_smb) Transaction 32 of length 45 (0 toread) [2013/10/06 18:22:29.910542, 3] smbd/process.c:1414(switch_message) switch message SMBclose (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.910631, 3] smbd/reply.c:4860(reply_close) close fd=-1 fnum=6539 (numopen=1) [2013/10/06 18:22:29.911893, 3] smbd/process.c:1609(process_smb) Transaction 33 of length 43 (0 toread) [2013/10/06 18:22:29.912011, 3] smbd/process.c:1414(switch_message) switch message SMBulogoffX (pid 1998) conn 0x0 [2013/10/06 18:22:29.912184, 3] smbd/reply.c:2098(reply_ulogoffX) ulogoffX vuid=100 [2013/10/06 18:22:29.913165, 3] smbd/process.c:1609(process_smb) Transaction 34 of length 39 (0 toread) [2013/10/06 18:22:29.913281, 3] smbd/process.c:1414(switch_message) switch message SMBtdis (pid 1998) conn 0xb84cc2a0 [2013/10/06 18:22:29.913383, 3] smbd/service.c:1378(close_cnum) mx8pc (192.168.1.15) closed connection to service IPC$ [2013/10/06 18:22:29.913492, 3] smbd/connection.c:35(yield_connection) Yielding connection to IPC$ [2013/10/06 18:22:29.915325, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request)