[Freeipa-users] missing attribute "ipaNTSecurityIdentifier"
Bendl, Kurt
Kurt.Bendl at nrel.gov
Mon Dec 28 19:43:52 UTC 2015
Hi folks,
I'm testing getting a samba server working against IPA.
Now, when adding a user via the interface, I get
============================================================
IPA Error 4205: ObjectclassViolation
missing attribute "ipaNTSecurityIdentifier" required by object class
"ipaNTUserAttrs"
###
To get here, I did the following on the IPA server::
ipa service-add cifs/obscon4.hpctest.nrel.gov
ipa privilege-add 'CIFS server privilege'
ipa privilege-add-permission 'CIFS server privilege' --permission='CIFS
server can read user passwords'
ipa permission-add "CIFS server can read user passwords"
--attrs={ipaNTHash,ipaNTSecurityIdentifier} --type=user
--right={read,search,compare} --bindtype=permission
ipa role-add 'CIFS server'
ipa role-add-privilege 'CIFS server' --privilege='CIFS server privilege'
ipa role-add-member 'CIFS server' --services=cifs/obscon4.hpctest.nrel.gov
Then, I ran `ipa-adtrust-install`, and realized later that I need to
append the `--add-sids` mojo. So, I re-ran that wiht the switch.
I then added the 'ipantuserattrs' objectClass.
I'm messing around with this in a test environment, so I can blow the IPA
server away if I really have to.
So, if there are tips on what you might see that I missed in the set up,
or how I I might get IPA set up correctly, I'd appreciate it.
Versions:
RHEL: 7.2
IPA: VERSION: 4.2.0, API_VERSION: 2.156
Thanks,
Kurt
More information about the Freeipa-users
mailing list