[Samba] After host name change: Failed to add user ... with error: The account's primary group is invalid

Holger Rauch rauch.holger at googlemail.com
Wed Dec 1 19:15:15 MST 2010


I've got Samba 3.5.6 (SerNet .deb packages) running as a standalone
file server on Debian Lenny. User information is stored in LDAP via
ldapsam:editposix. I had to change both the host name and the workgroup
name as I had to move the host to a new internal subnet.

I noticed that a new sambaDomainName entry was created (containing a new
sambaSID). Unfortunately, the Administrator user still contains both the old
sambaSID and the old sambaPrimaryGroupSID and thus does not have any rights.
I tried to perform the following steps:

net -U Administrator%myadminpass -I localhost rpc user add myuser

and got the error message mentioned in the subject line. Consequently, the
other steps failed:

net -U Administrator%myadminpass -I localhost sam createdomaingroup grmyuser
net -U Administrator%myadminpass -I localhost sam addmem grmyuser myuser

Even after I changed the relevant part of both the sambaSID and the
sambaPrimaryGroupSID in my LDAP DIT and restarting the Samba daemons smbd
and nmbd, I still get the error message mentioned error.

What else do I have to in addition to that (I want to avoid having to
recreate all my Samba accounts (starting from scratch) by running "net sam
provision"? Is there any way to get around this and reuse the already
existing configuration by making a few adjustments? 

What's the correct procedure to get the Administrator account working again
after a host name/workgroup name change so that I can continue to add more

Thanks in advance for any hints & kind regards,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20101202/4989da7c/attachment.pgp>

More information about the samba mailing list