Hi folks,
I'm testing getting a samba server working against IPA.
Now, when adding a user via the interface, I get
============================================================
IPA Error 4205: ObjectclassViolation
missing attribute "ipaNTSecurityIdentifier" required by object class
"ipaNTUserAttrs"
###
To get here, I did the following on the IPA server::
ipa service-add cifs/obscon4.hpctest.nrel.gov
ipa privilege-add 'CIFS server privilege'
ipa privilege-add-permission 'CIFS server privilege' --permission='CIFS
server can read user passwords'
ipa permission-add "CIFS server can read user passwords"
--attrs={ipaNTHash,ipaNTSecurityIdentifier} --type=user
--right={read,search,compare} --bindtype=permission
ipa role-add 'CIFS server'
ipa role-add-privilege 'CIFS server' --privilege='CIFS server privilege'
ipa role-add-member 'CIFS server' --services=cifs/obscon4.hpctest.nrel.gov
Then, I ran `ipa-adtrust-install`, and realized later that I need to
append the `--add-sids` mojo. So, I re-ran that wiht the switch.
I then added the 'ipantuserattrs' objectClass.
I'm messing around with this in a test environment, so I can blow the IPA
server away if I really have to.
So, if there are tips on what you might see that I missed in the set up,
or how I I might get IPA set up correctly, I'd appreciate it.
Versions:
RHEL: 7.2
IPA: VERSION: 4.2.0, API_VERSION: 2.156
Thanks,
Kurt
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
