[Freeipa-users] Problem with FreeIPA and Samba 3...
Stjepan Gros
sgros at zemris.fer.hr
Wed Jun 16 19:41:08 UTC 2010
Hi all,
I'm trying to integrate Samba 3 into FreeIPA domain. After following the
instructions given in this mailing list
(http://www.mail-archive.com/freeipa-users@redhat.com/msg00111.html) I'm
unable to add new users. The ipa-adduser command complains with the
following error message:
A database error occurred: Object class violation: missing attribute
"sambaSID" required by object class "sambaSamAccount"
It seems as if ipa-dna plugin isn't working, i.e. isn't adding sambaSID
attribute.
Here are the relevant entries from LDAP (with mangled domains):
dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
objectClass: nsContainer
cn: Distributed Numeric Assignment Plugin
nsslapd-pluginInitfunc: dna_init
nsslapd-pluginType: preoperation
nsslapd-pluginEnabled: on
nsslapd-pluginPath: libdna-plugin
nsslapd-plugin-depends-on-type: database
nsslapd-pluginId: Distributed Numeric Assignment
nsslapd-pluginVersion: 1.2.5
nsslapd-pluginVendor: 389 Project
nsslapd-pluginDescription: Distributed Numeric Assignment plugin
# sambaGroupType, Distributed Numeric Assignment Plugin, plugins, config
dn: cn=sambaGroupType,cn=Distributed Numeric Assignment
Plugin,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
cn: sambaGroupType
dnatype: sambaGroupType
dnainterval: 0
dnamagicregen: ASSIGN
dnafilter: (objectClass=sambaGroupMapping)
dnanextvalue: 2
# SambaSid, Distributed Numeric Assignment Plugin, plugins, config
dn: cn=SambaSid,cn=Distributed Numeric Assignment
Plugin,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
dnatype: sambaSID
dnaprefix: S-1-5-21-2932961863-1130097162-856551529
dnainterval: 1
dnamagicregen: assign
dnafilter:
(|(objectclass=sambaSamAccount)(objectclass=sambaGroupMapping))
dnascope: dc=example,dc=com
cn: SambaSid
dnanextvalue: 15277
Can someone sched ligth on what's going on, or how to debug these
problems? In the log files (/var/log/dirsrv/dirsrv-EXAMPLE-COM) there is
nothing useful.
SG
P.S. dnaprefix has to end with hyphen, but I don't believe it's the
problem.
More information about the Freeipa-users
mailing list