Please answer to the list.

On Fri, 30 Oct 2015, Troels Hansen wrote:
Not sure what you expect.

Modifying attributes for existing users takes time so we don't do it
automatically. When you run ipa-adtrust-install, it does ask you to run
a task that does the work of generating SIDs and adding needed
attributes/object classes.

However, ipaNTHash will not be there until either of two events happens:
- user changes password;
- user authenticates with Kerberos against Samba running on IPA master.

No, I'm aware that the NTHash won't be there untill the user changes password.
I would however suppose that objectClass ipaNTUserAttrs being added and a 
ipaNTSecurityIdentifier being added to all of my users.
Its added to most objects, but I still need 85 users/objects where its not 
added, out of a total of ~500 (told by adtrust install script yesterday).
Its been 14 hours since I ran it, but still need the remaining, and I have no 
idear why its not added.
You can check the task status.

See https://vda.li/en/posts/2015/01/02/playing-with-freeipa-ipa-ldap-updater/ 
how you can organize a task yourself or check the output from existing task.

The task that is run by the installer has DN 
cn=sidgen,cn=ipa-sidgen-task,cn=tasks,cn=config
You can use /usr/share/ipa/ipa-sidgen-task-run.ldif as a basis to add a
task file.
--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to