Hi folks,

I'm testing getting a samba server working against IPA.

Now, when adding a user via the interface, I get

IPA Error 4205: ObjectclassViolation

missing attribute "ipaNTSecurityIdentifier" required by object class

To get here, I did the following on the IPA server::

 ipa service-add cifs/obscon4.hpctest.nrel.gov
 ipa privilege-add 'CIFS server privilege'

 ipa privilege-add-permission 'CIFS server privilege' --permission='CIFS
server can read user passwords'

 ipa permission-add "CIFS server can read user passwords"
--attrs={ipaNTHash,ipaNTSecurityIdentifier} --type=user
--right={read,search,compare} --bindtype=permission

 ipa role-add 'CIFS server'

 ipa role-add-privilege 'CIFS server' --privilege='CIFS server privilege'
 ipa role-add-member 'CIFS server' --services=cifs/obscon4.hpctest.nrel.gov

Then, I ran `ipa-adtrust-install`, and realized later that I need to
append the `--add-sids` mojo. So, I re-ran that wiht the switch.

I then added the 'ipantuserattrs' objectClass.

I'm messing around with this in a test environment, so I can blow the IPA
server away if I really have to.

So, if there are tips on what you might see that I missed in the set up,
or how I I might get IPA set up correctly, I'd appreciate it.

RHEL:  7.2
IPA:   VERSION: 4.2.0, API_VERSION: 2.156


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to