On Thu, 21 Jan 2016, Simpson Lachlan wrote:
-----Original Message-----
From: Simpson Lachlan


I would like to test a few things, but I'm finding it hard to find good 
examples.

 How can I test that the one way trust relationship between the FreeIPA server
   and the AD DC is still in effect? (FreeIPA trusts AD, AD does not trust
FreeIIPA).
   I presume there is an ldapsearch or sssd command that should connect directly
to
   the AD server?

I should have asked for what I wanted, because of course I found the solution 
to what
I *did* ask almost immediately.

Real question: If I get the SID for the "SMB Default Group", is it just a 
matter of editing
the ldap directory via ldapmodify?
The SID is generated by sidgen plugin but you can edit it with
ldapmodify yes.


No, because that's again not the issue.
No, it *is* the issue for Samba to start.

The samba error I get is

pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-CO-ORG-AU.socket did not 
correctly init (error was NT_STATUS_INVALID_PARAMETER)

pbdedit fails on the same problem.
Sure, because it cannot initialize its ipasam LDAP driver which requires
properly set up LDAP data which is supposed to be set up by
ipa-adtrust-install.

I would appreciate you concentrating on the right issue instead of
jumping around to pretend Samba can start without fixing the real issue
at hand.


How can I set the SID of the default group manually - by which I mean,
using a command line tool to manipulate text (rather than a shell
script or ipa-adtrust).
At this point let us do a different look. Can you provide
/var/log/ipaserver-install.log and /var/log/ipaupgrade.log somehow off
the mailing list to see what exactly had happened to your environment
when it was installed and when ipa-adtrust-install was run?

I'm pretty busy with other stuff so analyzing these files might take
several days.
--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to