On Thu, 2009-12-03 at 10:14 -0600, Michael Wisniewski wrote: > Hi, > > I've discovered that back in September, a user was attempting to use > FreeIPA as a password backend to Samba. I've followed the > instructions from Loris, but ran into a problem. Whenever I create a > new group, I get the following error through the web interface... > > > Group add failed: A database error occurred > Object class violation. missing attribute "sambaGroupType" required by > object class "sambaGroupMapping" > > If I use the command line 'ipa-addgroup', I get a similar error.
It looks like sambaGroupType is a required attribute for the sambaGroupMapping objectclass and it is not being added. You need to make sure to add a custom sambaGroupType attribute when you create the group. > However, if I use a ldif and set everything, it works... > > # ldif2ldap "cn=Directory manager" <password> /tmp/s1.ldif > # cat /tmp/s1.ldif > dn: cn=Cyber,cn=groups,cn=accounts,dc=test,dc=org > objectClass: top > objectClass: groupofnames > objectClass: posixGroup > cn: Cyber > description: Cyber Security Group > gidNumber: 1005 > > Now the strange thing. While I did add the "sambaGroupMapping", I > don't see it when I do a ldapsearch and view the group. Also, if I > add my user to the newly created group and run "id", it doesn't show > up that I belong to that group. That may be due to nscd caching, make sure to reload/restart nscd when you change group memberships if you need to see the result immediately. The default group cache timeout can even be 1h on some system. > If anybody can help me with this, that would be great. Since I'm just > starting, if somebody says FreeIPA v2 has this already, I don't mind > switching to it. v2 is a bit experimental at the moment. It is great if you want to see what's going on and help testing but it is not production ready. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users