[Freeipa-users] Where is SID stored after ipa-adtrust-install?
Armaan Esfahani
armaan.esfahani at advancedopen.com
Wed Feb 8 16:19:37 UTC 2017
I have found the following.
[08/Feb/2017:11:14:38 -0500] sidgen_task_thread - [file ipa_sidgen_task.c, line 194]: Sidgen task starts ...
[08/Feb/2017:11:14:38 -0500] find_sid_for_ldap_entry - [file ipa_sidgen_common.c, line 522]: Cannot convert Posix ID [755400050] into an unused SID.
[08/Feb/2017:11:14:38 -0500] do_work - [file ipa_sidgen_task.c, line 154]: Cannot add SID to existing entry.
[08/Feb/2017:11:14:38 -0500] sidgen_task_thread - [file ipa_sidgen_task.c, line 199]: Sidgen task finished [32].
I assume this is the second possibility you brought up, the ID ranges I have setup do not allow mapping of UID/GID to SID
On 2/8/17, 11:10 AM, "Alexander Bokovoy" <abokovoy at redhat.com> wrote:
On ke, 08 helmi 2017, Armaan Esfahani wrote:
>I’ve been having issues with some of my IPA seemingly not getting SID’s
>after the install, even after running with the –add-sids modifier. I
>was wondering where the SID values are located so that I can take a
>look at what’s happening/
In the user object itself, ipaNTSecurityIdentifier attribute.
If you have SIDs not generated, there are two potential issues that
cause it:
- sidgen plugin configuration looking at wrong basedn
- ID ranges you have do not allow to map UID/GID to SID
If you ran ipa-adtrust-install --add-sids and it generated nothing, look
at /var/log/dirsrv/slapd-INSTANCE/errors log file. There should be at
least two lines:
[01/Feb/2017:14:28:24.189906631 +0100] sidgen_task_thread - [file ipa_sidgen_task.c, line 194]: Sidgen task starts ...
[01/Feb/2017:14:28:24.192039515 +0100] sidgen_task_thread - [file ipa_sidgen_task.c, line 199]: Sidgen task finished [0].
If there are any errors causing issues with SID generation, they will be
in between these two lines.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list