Bug 3622 - Problem adding Domain Object to Local Object in XP Pro
Summary: Problem adding Domain Object to Local Object in XP Pro
Status: RESOLVED WORKSFORME
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.0.10
Hardware: All Mac OS X
: P3 major
Target Milestone: none
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-03-21 20:47 UTC by Atanas Banov
Modified: 2006-04-08 11:35 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Atanas Banov 2006-03-21 20:47:22 UTC
Bug #324 was closed in for samba 2.2 w/o being looked at.
today i stepped into it in the following config:

PDC: Mac OS X Server v10.4.5
smbd --version 
   Version 3.0.10

client: XP Pro v.2002 SP2

the error is very much the same 
"Information returned from the object picker for object "<group-name>" was
incomplete.  The object will not be processed."

the setup is simple: i am trying to add Domain group to the local group Users. no go. if i try the same with a Domain user, it works. the problem is with the domain groups.

google the error message, people had asked the question but nobody can answer it.

+++ This bug was initially created as a clone of Bug #324 +++

## Problem:
Cannot add a Domain Object to a Local Object in Windows XP Professional SP1.
Specifically (although not exclusively) a Domain User/Group from the Samba PDC
to the  Local Administrators Group.

## Windows Error Message:
"Information returend from the object picker for object "username" was
incomplete.  The object will not be processed."

## Steps took to discovery:
1. Logged on to the workstation as either a Local Admin or a (Samba) Domain Admin.  
2. I clicked on the Local Group Object "Administrators".  
3. Clicked "Add to Group" to add a User Object to this Local Group Object. 
4. Clicked "Advanced" and "Find Now" to browse Domain Objects
5. Selected desiered Domain Object (<username>) then clicked "OK"
6. Updated field now shows Object as "DOMAINNAME\username"
7. Clicked "OK"
8. Received error message stated above.

## Changes made to WindowsXP Pro workstation:
1. These Registry keys: 
(HKEY_LOCAL_MACHINE\SYSTEM\ControlSetXXX\Services\Netlogon\Parameters\re
quiresignorseal = 0)
(HKEY_LOCAL_MACHINE\SYSTEM\ControlSetXXX\Services\Netlogon\Parameters\re
quirestrongkey = 0)

2. The following Group policy changed to "enabled":
Computer Configuration\Administrative Templates\System\User Profiles\Do
not check for user ownership of Roaming Profile Folders

## Additional Information:
1. The Samba2.2.8a Server is the only PDC on the network and is a WINS server
2. I am using OpenLDAP 2.0.27-r4 for authentication
2. The machine has a working trust account on the Samba Server.
3. The DOMAINNAME\Domain Admins Object was added to the Local Administrators
Group Object when the workstation joined the domain
4. The DOMAINNAME\Domain Users Object was added to the Local Users Group Object
when the workstation joined the domain
6. This is not and issue with Windows 2K or NT.

## Samba debug log output (log level 4):
[2003/08/19 12:30:48, 3] smbd/process.c:process_smb(846)
  Transaction 1648 of length 156
[2003/08/19 12:30:48, 3] smbd/process.c:switch_message(685)
  switch message SMBtrans (pid 12053)
[2003/08/19 12:30:48, 3] smbd/sec_ctx.c:set_sec_ctx(329)
  setting sec ctx (5000, 100) - sec_ctx_stack_ndx = 0 
[2003/08/19 12:30:48, 3] smbd/sec_ctx.c:set_sec_ctx(334)
  1 user groups: 
  100 
[2003/08/19 12:30:48, 3] smbd/ipc.c:reply_trans(520)
  trans <\PIPE\> data=76 params=0 setup=2
[2003/08/19 12:30:48, 3] smbd/ipc.c:named_pipe(334)
  named pipe command on <> name
[2003/08/19 12:30:48, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(990)
  search for pipe pnum=730d
[2003/08/19 12:30:48, 3] smbd/ipc.c:api_fd_reply(296)
  Got API command 0x26 on pipe "samr" (pnum 730d)free_pipe_context: destroying
talloc pool of size 0
[2003/08/19 12:30:48, 3] rpc_server/srv_pipe.c:api_pipe_request(1165)
  Doing \PIPE\samr
[2003/08/19 12:30:48, 4] rpc_server/srv_pipe.c:api_rpcTNP(1190)
  api_rpcTNP: api_samr_rpc op 0x7 - api_rpcTNP: pipe 29453 rpc command:
SAMR_OPEN_DOMAIN
[2003/08/19 12:30:48, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(160)
  Found policy hnd[0] [000] 00 00 00 00 18 00 00 00  00 00 00 00 C8 5E 42 3F 
........ .....^B?
[2003/08/19 12:30:48, 4] lib/util.c:dump_data(1549)
  [010] 15 2F 00 00                                       ./.. 
[2003/08/19 12:30:48, 4] rpc_server/srv_lsa_hnd.c:create_policy_hnd(140)
  Opened policy hnd[2] [000] 00 00 00 00 1A 00 00 00  00 00 00 00 C8 5E 42 3F 
........ .....^B?
[2003/08/19 12:30:48, 4] lib/util.c:dump_data(1549)
  [010] 15 2F 00 00                                       ./.. 
[2003/08/19 12:30:48, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(444)
  free_pipe_context: destroying talloc pool of size 0
[2003/08/19 12:30:48, 3] smbd/process.c:process_smb(846)
  Transaction 1649 of length 174
[2003/08/19 12:30:48, 3] smbd/process.c:switch_message(685)
  switch message SMBtrans (pid 12053)
[2003/08/19 12:30:48, 4] smbd/uid.c:change_to_user(119)
  change_to_user: Skipping user change - already user
[2003/08/19 12:30:48, 3] smbd/ipc.c:reply_trans(520)
  trans <\PIPE\> data=94 params=0 setup=2
[2003/08/19 12:30:48, 3] smbd/ipc.c:named_pipe(334)
  named pipe command on <> name
[2003/08/19 12:30:48, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(990)
  search for pipe pnum=730d
[2003/08/19 12:30:48, 3] smbd/ipc.c:api_fd_reply(296)
  Got API command 0x26 on pipe "samr" (pnum 730d)free_pipe_context: destroying
talloc pool of size 0
[2003/08/19 12:30:48, 3] rpc_server/srv_pipe.c:api_pipe_request(1165)
[2003/08/19 12:30:48, 4] rpc_server/srv_pipe.c:api_rpcTNP(1190)
  api_rpcTNP: api_samr_rpc op 0x11 - api_rpcTNP: pipe 29453 rpc command:
SAMR_LOOKUP_NAMES
[2003/08/19 12:30:48, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(160)
  Found policy hnd[0] [000] 00 00 00 00 1A 00 00 00  00 00 00 00 C8 5E 42 3F 
........ .....^B?
[2003/08/19 12:30:48, 4] lib/util.c:dump_data(1549)
  [010] 15 2F 00 00                                       ./..
[2003/08/19 12:30:48, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(444)
  free_pipe_context: destroying talloc pool of size 48
[2003/08/19 12:30:48, 3] smbd/process.c:process_smb(846)
  Transaction 1650 of length 124
[2003/08/19 12:30:48, 3] smbd/process.c:switch_message(685)
  switch message SMBtrans (pid 12053)
[2003/08/19 12:30:48, 4] smbd/uid.c:change_to_user(119)
  change_to_user: Skipping user change - already user
[2003/08/19 12:30:48, 3] smbd/ipc.c:reply_trans(520)
  trans <\PIPE\> data=44 params=0 setup=2
[2003/08/19 12:30:48, 3] smbd/ipc.c:named_pipe(334)
  named pipe command on <> name
[2003/08/19 12:30:48, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(990)
  search for pipe pnum=730d
[2003/08/19 12:30:48, 3] smbd/ipc.c:api_fd_reply(296)
  Got API command 0x26 on pipe "samr" (pnum 730d)free_pipe_context: destroying
talloc pool of size 0
[2003/08/19 12:30:48, 3] rpc_server/srv_pipe.c:api_pipe_request(1165)
  Doing \PIPE\samr
[2003/08/19 12:30:48, 4] rpc_server/srv_pipe.c:api_rpcTNP(1190)
  api_rpcTNP: api_samr_rpc op 0x1 - api_rpcTNP: pipe 29453 rpc command:
SAMR_CLOSE_HND
[2003/08/19 12:30:48, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(160)
  Found policy hnd[0] [000] 00 00 00 00 1A 00 00 00  00 00 00 00 C8 5E 42 3F 
........ .....^B?
[2003/08/19 12:30:48, 4] lib/util.c:dump_data(1549)
  [010] 15 2F 00 00                                       ./..
[2003/08/19 12:30:48, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(197)
  Closed policy
[2003/08/19 12:30:48, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(444)
  free_pipe_context: destroying talloc pool of size 0
[2003/08/19 12:30:48, 3] smbd/process.c:process_smb(846)
  Transaction 1651 of length 124
[2003/08/19 12:30:48, 3] smbd/process.c:switch_message(685)
  switch message SMBtrans (pid 12053)
[2003/08/19 12:30:48, 4] smbd/uid.c:change_to_user(119)
  change_to_user: Skipping user change - already user
[2003/08/19 12:30:48, 3] smbd/ipc.c:reply_trans(520)
  trans <\PIPE\> data=44 params=0 setup=2
[2003/08/19 12:30:48, 3] smbd/ipc.c:named_pipe(334)
  named pipe command on <> name
[2003/08/19 12:30:48, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(990)
  search for pipe pnum=730d
[2003/08/19 12:30:48, 3] smbd/ipc.c:api_fd_reply(296)
  Got API command 0x26 on pipe "samr" (pnum 730d)free_pipe_context: destroying
talloc pool of size 0
[2003/08/19 12:30:48, 3] rpc_server/srv_pipe.c:api_pipe_request(1165)
  Doing \PIPE\samr
[2003/08/19 12:30:48, 4] rpc_server/srv_pipe.c:api_rpcTNP(1190)
  api_rpcTNP: api_samr_rpc op 0x1 - api_rpcTNP: pipe 29453 rpc command:
SAMR_CLOSE_HND
[2003/08/19 12:30:48, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(160)
  Found policy hnd[0] [000] 00 00 00 00 18 00 00 00  00 00 00 00 C8 5E 42 3F 
........ .....^B?
[2003/08/19 12:30:48, 4] lib/util.c:dump_data(1549)
  [010] 15 2F 00 00                                       ./..
[2003/08/19 12:30:48, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(197)
  Closed policy
[2003/08/19 12:30:48, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(444)
  free_pipe_context: destroying talloc pool of size 0
[2003/08/19 12:30:48, 3] smbd/process.c:process_smb(846)
  Transaction 1652 of length 45
[2003/08/19 12:30:48, 3] smbd/process.c:switch_message(685)
  switch message SMBclose (pid 12053)
[2003/08/19 12:30:48, 4] smbd/uid.c:change_to_user(119)
  change_to_user: Skipping user change - already user
[2003/08/19 12:30:48, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(990)
  search for pipe pnum=730d
[2003/08/19 12:30:48, 4] rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(954)
  closed pipe name samr pnum=730d (pipes_open=0)

Thank you!
Comment 1 Gerald (Jerry) Carter (dead mail address) 2006-03-29 11:08:29 UTC
A log file from 2003 is not helpful.  Please retest using Samba 3.0.21c.
Comment 2 Gerald (Jerry) Carter (dead mail address) 2006-04-08 11:35:07 UTC
Cannot reproduce against current code.