[Freeipa-users] Trouble creating userobjectlass sambaSAMAccount

Jeff Goddard jgoddard at emerlyn.com
Fri Mar 18 16:08:04 UTC 2016 

Found the syntax error. Apparently the DN is:
dn:cn=ipaconfig,cn=etc,dc=internal,dc=emerlyn,dc=com rather than
dn:cn=etc,cn=ipaconfig,dc=internal,dc=emerlyn,dc=com



On Fri, Mar 18, 2016 at 11:35 AM, Christopher Lamb <
christopher.lamb at ch.ibm.com> wrote:

> Hi Jeff
>
> When I last integrated FreeIPA and Samba I used ldapmodify to successfully
> add sambaSAMAccount and sambaGroupMapping.
>
>
> ldapmodify -Y GSSAPI <<EOF
> dn: cn=etc,cn=ipaconfig,dc=my,dc=silly,dc=example,dc=com
> changetype: modify
> add: ipaUserObjectClasses
> ipaUserObjectClasses: sambaSAMAccount
> -
> add: ipaGroupObjectClasses
> ipaGroupObjectClasses: sambaGroupMapping
> EOF
>
> Note, also there is a notorious spelling mistake under Point 5 of the
> Fedora instructions you are following
>
> cosAttribute: sambaGrouptType
>
> should be:
>
> cosAttribute: sambaGroupType
>
> i.e. sambaGroupType has only one "T".
>
> Chris
>
> [image: Inactive hide details for Jeff Goddard ---18.03.2016
> 16:11:10---Hello all, I'm following this guide:]Jeff Goddard
> ---18.03.2016 16:11:10---Hello all, I'm following this guide:
>
> From: Jeff Goddard <jgoddard at emerlyn.com>
> To: freeipa-users at redhat.com
> Date: 18.03.2016 16:11
> Subject: [Freeipa-users] Trouble creating userobjectlass sambaSAMAccount
> Sent by: freeipa-users-bounces at redhat.com
> ------------------------------
>
>
>
>
> Hello all,
>
> I'm following this guide:
> *https://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/cifs.html*
> <https://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/cifs.html>
> in attempts to have a SAMBA server with freeipa as the back-end
> authentication method. My problem is that the command: ipa config-mod
> --userobjectclasses=top,person,organizationalperson,inetorgperson,inetuser,posixaccount,krbprincipalaux,krbticketpolicyaux,ipaobject,sambaSAMAccount
> fails with the message: ipa: ERROR: objectclass
> top,person,organizationalperson,inetorgperson,inetuser,posixaccount,krbprincipalaux,krbticketpolicyaux,ipaobject,sambaSAMAccount
> not found.
>
> Using the web GUI I was able to add this field but it doesn't dynamically
> add it to my existing users and so I get errors such as:
>
> [2016/03/18 10:20:21.052605,  3]
> ../source3/lib/smbldap.c:579(smbldap_start_tls)
>   StartTLS issued: using a TLS connection
> [2016/03/18 10:20:21.052661,  2]
> ../source3/lib/smbldap.c:794(smbldap_open_connection)
>   smbldap_open_connection: connection opened
> [2016/03/18 10:20:21.055250,  3]
> ../source3/lib/smbldap.c:1013(smbldap_connect_system)
>   ldap_connect_system: successful connection to the LDAP server
> [2016/03/18 10:20:21.056774,  4]
> ../source3/passdb/pdb_ldap.c:1496(ldapsam_getsampwnam)
>   ldapsam_getsampwnam: Unable to locate user [jgoddard] count=0
> [2016/03/18 10:20:21.056856,  3, pid=9121, effective(0, 0), real(0, 0),
> class=auth] ../source3/auth/check_samsec.c:400(check_sam_security)
>   check_sam_security: Couldn't find user 'jgoddard' in passdb.
> [2016/03/18 10:20:21.056890,  5, pid=9121, effective(0, 0), real(0, 0),
> class=auth] ../source3/auth/auth.c:252(auth_check_ntlm_password)
>   check_ntlm_password: sam authentication for user [jgoddard] FAILED with
> error NT_STATUS_NO_SUCH_USER
> [2016/03/18 10:20:21.056944,  2, pid=9121, effective(0, 0), real(0, 0),
> class=auth] ../source3/auth/auth.c:315(auth_check_ntlm_password)
>   check_ntlm_password:  Authentication for user [jgoddard] -> [jgoddard]
> FAILED with error NT_STATUS_NO_SUCH_USER
> [2016/03/18 10:20:21.056972,  2]
> ../auth/gensec/spnego.c:746(gensec_spnego_server_negTokenTarg)
>   SPNEGO login failed: NT_STATUS_NO_SUCH_USER
> [2016/03/18 10:20:21.057837,  3]
> ../source3/smbd/server_exit.c:249(exit_server_common)
>   Server exit (NT_STATUS_CONNECTION_RESET)
>
> When trying to authenticate to my share.
>
> The search from the samba server: ldapsearch -LLL -x -h
> *id-management-1.internal.emerlyn.com*
> <http://id-management-1.internal.emerlyn.com/> uid=jgoddard
>  does not return a value for sambaSAMAccount either. Can anyone provide me
> a pointer or documentation on where I'm going wrong?
>
> Thanks,
>
> Jeff--
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160318/b39aced0/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160318/b39aced0/attachment.gif>

More information about the Freeipa-users mailing list