[Freeipa-users] FreeIPA and Samba4

Troels Hansen th at casalogic.dk
Fri Oct 30 11:28:34 UTC 2015 

Hi Alexander, sorry for the last update directly to you, this was not intended.

Anyway, shouldn't I be able to check the status of task added by ipa-adtrust-install directly by just issuing a:

ldapsearch -D "cn=Directory Manager" -W -b 'cn=sidgen,cn=ipa-sidgen-task,cn=tasks,cn=config'

All I get is:

Enter LDAP Password: 
# extended LDIF
#
# LDAPv3
# base <cn=sidgen,cn=ipa-sidgen-task,cn=tasks,cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1


----- On Oct 30, 2015, at 11:28 AM, Alexander Bokovoy abokovoy at redhat.com wrote:

> Please answer to the list.
> 
> On Fri, 30 Oct 2015, Troels Hansen wrote:
>>> Not sure what you expect.
>>>
>>> Modifying attributes for existing users takes time so we don't do it
>>> automatically. When you run ipa-adtrust-install, it does ask you to run
>>> a task that does the work of generating SIDs and adding needed
>>> attributes/object classes.
>>>
>>> However, ipaNTHash will not be there until either of two events happens:
>>> - user changes password;
>>> - user authenticates with Kerberos against Samba running on IPA master.
>>
>>No, I'm aware that the NTHash won't be there untill the user changes password.
>>I would however suppose that objectClass ipaNTUserAttrs being added and a
>>ipaNTSecurityIdentifier being added to all of my users.
>>Its added to most objects, but I still need 85 users/objects where its not
>>added, out of a total of ~500 (told by adtrust install script yesterday).
>>Its been 14 hours since I ran it, but still need the remaining, and I have no
>>idear why its not added.
> You can check the task status.
> 
> See https://vda.li/en/posts/2015/01/02/playing-with-freeipa-ipa-ldap-updater/
> how you can organize a task yourself or check the output from existing task.
> 
> The task that is run by the installer has DN
> cn=sidgen,cn=ipa-sidgen-task,cn=tasks,cn=config
> You can use /usr/share/ipa/ipa-sidgen-task-run.ldif as a basis to add a
> task file.
> --
> / Alexander Bokovoy

-- 
Med venlig hilsen 

Troels Hansen 

Systemkonsulent 

Casalogic A/S 


T (+45) 70 20 10 63 

M (+45) 22 43 71 57 

Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og meget mere.

More information about the Freeipa-users mailing list