samba - Nov 2010 - After host name change: Failed to add user ... with error: The account's primary group is invalid

Hi,

I've got Samba 3.5.6 (SerNet packages) running on Debian Lenny. User
information is stored in LDAP via ldapsam:editposix. I changed both the host
name and the workgroup name as I had to move the host to a new internal subnet.

I noticed that a new sambaDomainName entry was created (containing a new
sambaSID). Unfortunately, the Administrator user still contains both the old
sambaSID and the old sambaPrimaryGroupSID and thus does not have any rights. I
tried to perform the following steps:

net -U Administrator%myadminpass -I localhost rpc user add myuser

and got the error message mentioned in the subject line. Consequently, the other
steps failed:

net -U Administrator%myadminpass -I localhost sam createdomaingroup grmyuser
net -U Administrator%myadminpass -I localhost sam addmem grmyuser myuser

What's the correct procedure to get the Administrator account working again
after a host name/workgroup name change so that I can continue to add more
users?

Thanks in advance for any hints & kind regards,

   Holger

THE standard software for Aviation Authorities

**********************************************************************************************
IMPORTANT NOTICE / WICHTIGER HINWEIS
This communication contains information which is confidential and may also be
privileged. It is for the
exclusive use of the intended recipient(s). If you are not the intended
recipient(s) please note that any
distribution, copying or use of this communication or the information in it is
strictly prohibited. If you have
received this communication in error please notify us immediately by email or by
telephone and then delete
this email and any copies of it.
Diese E-Mail koennte vertrauliche und/oder rechtlich geschuetzte Informationen
enthalten. Wenn Sie nicht
der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben,
informieren Sie bitte sofort den
Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die
unbefugte Weitergabe dieser
Mail sind nicht gestattet.
**********************************************************************************************

Hi,

I've got Samba 3.5.6 (SerNet .deb packages) running as a standalone
file server on Debian Lenny. User information is stored in LDAP via
ldapsam:editposix. I had to change both the host name and the workgroup
name as I had to move the host to a new internal subnet.

I noticed that a new sambaDomainName entry was created (containing a new
sambaSID). Unfortunately, the Administrator user still contains both the old
sambaSID and the old sambaPrimaryGroupSID and thus does not have any rights.
I tried to perform the following steps:

net -U Administrator%myadminpass -I localhost rpc user add myuser

and got the error message mentioned in the subject line. Consequently, the
other steps failed:

net -U Administrator%myadminpass -I localhost sam createdomaingroup grmyuser
net -U Administrator%myadminpass -I localhost sam addmem grmyuser myuser

Even after I changed the relevant part of both the sambaSID and the
sambaPrimaryGroupSID in my LDAP DIT and restarting the Samba daemons smbd
and nmbd, I still get the error message mentioned error.

What else do I have to in addition to that (I want to avoid having to
recreate all my Samba accounts (starting from scratch) by running "net sam
provision"? Is there any way to get around this and reuse the already
existing configuration by making a few adjustments? 

What's the correct procedure to get the Administrator account working again
after a host name/workgroup name change so that I can continue to add more
users?

Thanks in advance for any hints & kind regards,

   Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20101202/4989da7c/attachment.pgp>