On Thu, 21 Jan 2016, Simpson Lachlan wrote:
From: Simpson Lachlan
I would like to test a few things, but I'm finding it hard to find good
How can I test that the one way trust relationship between the FreeIPA server
and the AD DC is still in effect? (FreeIPA trusts AD, AD does not trust
I presume there is an ldapsearch or sssd command that should connect directly
the AD server?
I should have asked for what I wanted, because of course I found the solution
I *did* ask almost immediately.
Real question: If I get the SID for the "SMB Default Group", is it just a
matter of editing
the ldap directory via ldapmodify?
The SID is generated by sidgen plugin but you can edit it with
No, because that's again not the issue.
No, it *is* the issue for Samba to start.
The samba error I get is
pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-CO-ORG-AU.socket did not
correctly init (error was NT_STATUS_INVALID_PARAMETER)
pbdedit fails on the same problem.
Sure, because it cannot initialize its ipasam LDAP driver which requires
properly set up LDAP data which is supposed to be set up by
I would appreciate you concentrating on the right issue instead of
jumping around to pretend Samba can start without fixing the real issue
How can I set the SID of the default group manually - by which I mean,
using a command line tool to manipulate text (rather than a shell
script or ipa-adtrust).
At this point let us do a different look. Can you provide
/var/log/ipaserver-install.log and /var/log/ipaupgrade.log somehow off
the mailing list to see what exactly had happened to your environment
when it was installed and when ipa-adtrust-install was run?
I'm pretty busy with other stuff so analyzing these files might take
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project