Hmm, weird. 
I ran ipa-adtrust-install and it says it said it had user without SID's, and I 
told it to generete SID's. 
However, I still can't see them on the user. 
a IPA-db doesn't reveal them being generated and I can't look them up via LDAP. 

ldapsearch -Y GSSAPI uid=th ipaNTHash 
....... 
# th, users, compat, casalogic.lan 
dn: uid=th,cn=users,cn=compat,dc=casalogic,dc=lan 

# th, users, accounts, casalogic.lan 
dn: uid=th,cn=users,cn=accounts,dc=casalogic,dc=lan 

..... 

Samba however starts fine now, but unable to find any users: 
pdbedit -Lv 
pdb_init_ipasam: support for pdb_enum_upn_suffixes enabled for domain 
casalogic.lan 

----- On Oct 27, 2015, at 3:46 PM, Joshua Doll <joshua.d...@gmail.com> wrote: 

> To get the ipaNTHash and ipaNTSecurityIdentifier attributes, I had to run the
> ipa-adtrust-install --add-sids, even though I was not setting up a trust. It
> would be nice if there was a way to generate these values another way, maybe
> there is but I missed it.

> --Joshua D Doll

> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to