On Tue, Feb 23, 2021, at 15:36, Lachlan Simpson via FreeIPA-users wrote: > I am seeing the following in the samba logs: > > [2021/02/23 14:57:23.259648, 0] ../../source3/smbd/server.c:1782(main) > smbd version 4.12.3 started. > Copyright Andrew Tridgell and the Samba Team 1992-2020 > [2021/02/23 14:57:23.312207, 1] > ../../source3/profile/profile.c:55(set_profile_level) > INFO: Profiling turned OFF from pid 2360 > [2021/02/23 14:57:23.345139, 0] ipa_sam.c:3980(get_fallback_group_sid) > Missing mandatory attribute ipaNTSecurityIdentifier. > [2021/02/23 14:57:23.345184, 0] ipa_sam.c:4950(pdb_init_ipasam) > Cannot find SID of fallback group. > [2021/02/23 14:57:23.345194, 0] > ../../source3/passdb/pdb_interface.c:180(make_pdb_method_name) > pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-TEST-IDM-COMPANY-COM.socket > did not correctly init (error was NT_STATUS_INVALID_PARAMETER) > [2021/02/23 15:05:11.201577, 0] ../../source3/smbd/server.c:1782(main) > smbd version 4.12.3 started. > Copyright Andrew Tridgell and the Samba Team 1992-2020 > [2021/02/23 15:05:11.212856, 1] > ../../source3/profile/profile.c:55(set_profile_level) > INFO: Profiling turned OFF from pid 3146 > [2021/02/23 15:05:11.234448, 0] ipa_sam.c:3980(get_fallback_group_sid) > Missing mandatory attribute ipaNTSecurityIdentifier. > > A quick search suggests that potentially my change of the RID has affected > SMB but I'm not 100% sure what to do next. > > I guess I need to add an ipaNTSecurityIdentifier variable - but I'm not sure > where. > > This page > https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/trust-ipa-subdomain.html > suggests that I need to add a sidgen to the FreeIPA users that exist, but > those users were created via the GUI - shouldn't the SID have been created > then?
I have run ``ipa-adtrust-install --add-sids` - it finished without error but also without success` - `ipactl restart` again fails on smb. When I run an `ldapsearch` there is only one user entry without an ipaNTSecurityIdentifier and that's the IPA admin user created on installation? Should I just add an ipaNTSecurityIdentifier to the admin account? Cheers L.
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
