Are you using the correct principal for the ldapsearch? Did you grant it permissions to view those attributes? --Joshua D Doll On Thu, Oct 29, 2015 at 9:14 AM Troels Hansen <[email protected]> wrote:
> Hmm, weird. > I ran ipa-adtrust-install and it says it said it had user without SID's, > and I told it to generete SID's. > However, I still can't see them on the user. > a IPA-db doesn't reveal them being generated and I can't look them up via > LDAP. > > ldapsearch -Y GSSAPI uid=th ipaNTHash > ....... > # th, users, compat, casalogic.lan > dn: uid=th,cn=users,cn=compat,dc=casalogic,dc=lan > > # th, users, accounts, casalogic.lan > dn: uid=th,cn=users,cn=accounts,dc=casalogic,dc=lan > > ..... > > Samba however starts fine now, but unable to find any users: > pdbedit -Lv > pdb_init_ipasam: support for pdb_enum_upn_suffixes enabled for domain > casalogic.lan > > > > ----- On Oct 27, 2015, at 3:46 PM, Joshua Doll <[email protected]> > wrote: > > > > To get the ipaNTHash and ipaNTSecurityIdentifier attributes, I had to run > the ipa-adtrust-install --add-sids, even though I was not setting up a > trust. It would be nice if there was a way to generate these values another > way, maybe there is but I missed it. > > --Joshua D Doll > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
