Hi List, Here is what happened in a timely order.
the group "it" was created a long time ago without "groupOfUniqueNames" objectclass. I did following to add "groupOfUniqueNames" objectclass: [root@ipa0 ~]# ipa group-show it --all | grep object objectclass: top, groupofnames, nestedgroup, ipausergroup, ipaobject, posixgroup, ipantgroupattrs [root@ipa0 ~]# [root@ipa0 ~]# ipa group-mod it --addattr=objectclass=groupOfUniqueNames ------------------- Modified group "it" ------------------- Group name: it Description: IT Team GID: 1889600264 Member users: john, rosy, ben, dan, rob, Member of groups: observium Member of Sudo rule: itsysadmins Member of HBAC rule: allow_it_systems, itadmin_systems, allow_it_sre_systems [root@ipa0 ~]# [root@ipa0 ~]# ipa group-show it --all | grep object objectclass: top, groupofnames, nestedgroup, ipausergroup, ipaobject, posixgroup, ipantgroupattrs, groupOfUniqueNames [root@ipa0 ~]# After this, I could not create a group (both GUI and cli) with same error message: [root@ipa0 ~]# ipa group-add testgroup ipa: ERROR: missing attribute "ipaNTSecurityIdentifier" required by object class "ipaNTGroupAttrs" [root@ipa0 ~]# In the log: [31/Mar/2022:10:18:57.626480360 -0700] - ERR - oc_check_required - Entry "cn=testgroup,cn=groups,cn=accounts,dc=example,dc=com" missing attribute "ipaNTSecurityIdentifier" required by object class "ipaNTGroupAttrs" When checked via GUI - IPA Servers / Configuration, the group attribute ipaNTGroupAttrs is there. Any idea what went wrong and how to fix it? Many thanks. Kathy.
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure