[Samba] Re: Samba PDC Server Local SID, Domain SID, and GROUP RID Question

Bryan K. Walton zxcvbnm at decentralized.org
Fri Dec 17 17:34:52 GMT 2004

On Mon, Dec 13, 2004 at 09:32:27AM -0600, bryanw wrote:

> 	My samba PDC is using the tdbsam backend and, for the most part
> is working flawlessly.  However, when using smbpasswd to add samba accounts,
> I always get the following error:
> tdb_update_sam: Failing to store a SAM_ACCOUNT for [userid] without a primary
> group RID
> Now, I've googled a lot on this and have read through the mailing list
> archives and know that this often has to do with people not having
> group mapping setup.  But I do:
> jerry:~# net groupmap list | grep users
> Users (S-1-5-32-545) -> users
> Domain Users (S-1-5-21-1590455367-7305976-751859383-513) -> users

As it turns out, I had group mapping set up, but "too" thoroughly. 
Found this in the archives:

-- snip --

The problem can be also caused if you already have 'Domain Users ->
users' and add 'Users -> users' since Samba mapps gid -> SID by finding
the first SID -> gid mapping with the right gid and will fail if 'Users
-> users' is the first map it encounters.

-- end snip --

Bryan Walton

More information about the samba mailing list