[Freeipa-users] Where is SID stored after ipa-adtrust-install?
Alexander Bokovoy
abokovoy at redhat.com
Wed Feb 8 16:10:54 UTC 2017
On ke, 08 helmi 2017, Armaan Esfahani wrote:
>I’ve been having issues with some of my IPA seemingly not getting SID’s
>after the install, even after running with the –add-sids modifier. I
>was wondering where the SID values are located so that I can take a
>look at what’s happening/
In the user object itself, ipaNTSecurityIdentifier attribute.
If you have SIDs not generated, there are two potential issues that
cause it:
- sidgen plugin configuration looking at wrong basedn
- ID ranges you have do not allow to map UID/GID to SID
If you ran ipa-adtrust-install --add-sids and it generated nothing, look
at /var/log/dirsrv/slapd-INSTANCE/errors log file. There should be at
least two lines:
[01/Feb/2017:14:28:24.189906631 +0100] sidgen_task_thread - [file ipa_sidgen_task.c, line 194]: Sidgen task starts ...
[01/Feb/2017:14:28:24.192039515 +0100] sidgen_task_thread - [file ipa_sidgen_task.c, line 199]: Sidgen task finished [0].
If there are any errors causing issues with SID generation, they will be
in between these two lines.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list