ipa config-mod --enable-sid --add-sids Maximum username length: 32 Maximum hostname length: 64 Home directory base: /home Default shell: /bin/sh Default users group: ipausers Default e-mail domain: example.com Search time limit: 2 Search size limit: 100 User search fields: uid,givenname,sn,telephonenumber,ou,title Group search fields: cn,description Enable migration mode: FALSE Certificate Subject base: O=example.com Password Expiration Notification (days): 4 Password plugin features: AllowNThash, KDC:Disable Last Success SELinux user map order: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$sysadm_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 Default SELinux user: unconfined_u:s0-s0:c0.c1023 Default PAC types: MS-PAC, nfs:NONE IPA masters: id1.example.com, id2.example.com IPA master capable of PKINIT: id1.example.com, id2.example.com IPA CA servers: id1.example.com, id2.example.com IPA CA renewal master: id1.example.com IPA DNS servers: id1.example.com, id2.example.com Am I missing something ? From: Alexander Bokovoy On to, 03 helmi 2022, code bugs wrote: > I tried changing the password but that did not work. > > > > When I ran > > #ipa -e in_server=true user-mod mtest --addattr=ipanthash=MagicRegen > > I am getting > > ipa: ERROR: attribute "ipanthas" not allowed > > > > same Error when > > > > dn: uid=foo,cn=users,cn=accounts,dc=ipa,dc=test > > changetype: modify > > add: ipaNTHash > > ipaNTHash: MagicRegen You need to have objectclass ipaNTUserAttrs. The object class cannot be added alone because it requires (MUST) presence of ipaNTSecurityIdentifier attribute. So you need to generate SIDs for these users and then cause adding ipaNTHash attribute. ipa config-mod --enable-sid --add-sids would trigger adding SIDs to users and groups that miss them. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland |
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
