On Wed, Feb 24, 2021 at 03:32:54PM +1100, Lachlan Simpson via FreeIPA-users
wrote:
> On Tue, Feb 23, 2021, at 15:36, Lachlan Simpson via FreeIPA-users wrote:
> > I am seeing the following in the samba logs:
> >
> > [2021/02/23 14:57:23.259648, 0] ../../source3/smbd/server.c:1782(main)
> > smbd version 4.12.3 started.
> > Copyright Andrew Tridgell and the Samba Team 1992-2020
> > [2021/02/23 14:57:23.312207, 1]
> > ../../source3/profile/profile.c:55(set_profile_level)
> > INFO: Profiling turned OFF from pid 2360
> > [2021/02/23 14:57:23.345139, 0] ipa_sam.c:3980(get_fallback_group_sid)
> > Missing mandatory attribute ipaNTSecurityIdentifier.
> > [2021/02/23 14:57:23.345184, 0] ipa_sam.c:4950(pdb_init_ipasam)
> > Cannot find SID of fallback group.
> > [2021/02/23 14:57:23.345194, 0]
> > ../../source3/passdb/pdb_interface.c:180(make_pdb_method_name)
> > pdb backend
> > ipasam:ldapi://%2fvar%2frun%2fslapd-TEST-IDM-COMPANY-COM.socket did not
> > correctly init (error was NT_STATUS_INVALID_PARAMETER)
> > [2021/02/23 15:05:11.201577, 0] ../../source3/smbd/server.c:1782(main)
> > smbd version 4.12.3 started.
> > Copyright Andrew Tridgell and the Samba Team 1992-2020
> > [2021/02/23 15:05:11.212856, 1]
> > ../../source3/profile/profile.c:55(set_profile_level)
> > INFO: Profiling turned OFF from pid 3146
> > [2021/02/23 15:05:11.234448, 0] ipa_sam.c:3980(get_fallback_group_sid)
> > Missing mandatory attribute ipaNTSecurityIdentifier.
Hi,
thanks for you patience. It looks like there is an issue with the
fallback group. Please check with
ipa trustconfig-show
what is you fallback group and with
ipa group-show --all 'Group Name'
if it has a SID assigned. If there is no SID, please check if the group
has a GID from the id-range assigned to the IPA domain.
bye,
Sumit
> >
> > A quick search suggests that potentially my change of the RID has affected
> > SMB but I'm not 100% sure what to do next.
> >
> > I guess I need to add an ipaNTSecurityIdentifier variable - but I'm not
> > sure where.
> >
> > This page
> > https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/trust-ipa-subdomain.html
> > suggests that I need to add a sidgen to the FreeIPA users that exist, but
> > those users were created via the GUI - shouldn't the SID have been created
> > then?
>
> I have run ``ipa-adtrust-install --add-sids` - it finished without error but
> also without success` - `ipactl restart` again fails on smb.
>
> When I run an `ldapsearch` there is only one user entry without an
> ipaNTSecurityIdentifier and that's the IPA admin user created on
> installation? Should I just add an ipaNTSecurityIdentifier to the admin
> account?
>
>
> Cheers
> L.
> _______________________________________________
> FreeIPA-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/[email protected]
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
