[Freeipa-users] FreeIPA and Samba4
Joshua Doll
joshua.doll at gmail.com
Thu Oct 29 14:27:53 UTC 2015
Are you using the correct principal for the ldapsearch? Did you grant it
permissions to view those attributes?
--Joshua D Doll
On Thu, Oct 29, 2015 at 9:14 AM Troels Hansen <th at casalogic.dk> wrote:
> Hmm, weird.
> I ran ipa-adtrust-install and it says it said it had user without SID's,
> and I told it to generete SID's.
> However, I still can't see them on the user.
> a IPA-db doesn't reveal them being generated and I can't look them up via
> LDAP.
>
> ldapsearch -Y GSSAPI uid=th ipaNTHash
> .......
> # th, users, compat, casalogic.lan
> dn: uid=th,cn=users,cn=compat,dc=casalogic,dc=lan
>
> # th, users, accounts, casalogic.lan
> dn: uid=th,cn=users,cn=accounts,dc=casalogic,dc=lan
>
> .....
>
> Samba however starts fine now, but unable to find any users:
> pdbedit -Lv
> pdb_init_ipasam: support for pdb_enum_upn_suffixes enabled for domain
> casalogic.lan
>
>
>
> ----- On Oct 27, 2015, at 3:46 PM, Joshua Doll <joshua.doll at gmail.com>
> wrote:
>
>
>
> To get the ipaNTHash and ipaNTSecurityIdentifier attributes, I had to run
> the ipa-adtrust-install --add-sids, even though I was not setting up a
> trust. It would be nice if there was a way to generate these values another
> way, maybe there is but I missed it.
>
> --Joshua D Doll
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151029/127c38c4/attachment.htm>
More information about the Freeipa-users
mailing list