# ipa config-mod --enable-sid --add-sids Executes without error. But User still has no objectclass ipaNTUserAttrs and ipaNTSecurityIdentifier attribute. From: Alexander Bokovoy On to, 03 helmi 2022, code bugs wrote: > I tried changing the password but that did not work. > > > > When I ran > > #ipa -e in_server=true user-mod mtest --addattr=ipanthash=MagicRegen > > I am getting > > ipa: ERROR: attribute "ipanthas" not allowed > > > > same Error when > > > > dn: uid=foo,cn=users,cn=accounts,dc=ipa,dc=test > > changetype: modify > > add: ipaNTHash > > ipaNTHash: MagicRegen You need to have objectclass ipaNTUserAttrs. The object class cannot be added alone because it requires (MUST) presence of ipaNTSecurityIdentifier attribute. So you need to generate SIDs for these users and then cause adding ipaNTHash attribute. ipa config-mod --enable-sid --add-sids would trigger adding SIDs to users and groups that miss them. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland |
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
