Hi, ipa-adtrust-install populates the ipaNTHash in LDAP for each user/group, but you still need a samba backend to read these new attributes. Do you use ipasam.so ? If you don't, you should recompile your version of FreeIPA, move ipasam.so to your password backend directory containing other .so files, and put this in your smb.conf :
passdb backend = ldapsam:ldap//ipaserver Procedure / best practices may have change now, if anyone from redhat is around to confirm... I just can tell it's working with any Centos 7 and FreeIPA > 4.1.4 server. -- Youenn Piolet [email protected] 2017-01-13 19:33 GMT+01:00 Armaan Esfahani <[email protected] >: > Upon running the ldapmodify command, I receive an “ldap_bind: No such > object (32)” error, any suggesions? > > > > On 1/13/17, 8:37 AM, "Sumit Bose" <[email protected] on > behalf of [email protected]> wrote: > > > > On Wed, Jan 11, 2017 at 04:00:57PM -0500, Armaan Esfahani wrote: > > > Hi, I have setup a Samba server to use FreeIPA as a password > backend, however whenever I try to use existing users to login I get > “NT_STATUS_LOGON_FAILURE”. > > > > > > Looking at the sssd_nss log on my ipa server, I get the following > error “(Wed Jan 11 15:56:11 2017) [sssd[nss]] [fill_sid] (0x0020): Missing > SID.” On all existing accounts, whereas all new accounts function properly > (after resetting their passwords). > > > > > > > > > > > > Anyone have any ideas? > > > > Maybe the sidgen task was run during ipa-adtrust-install, please see > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterp > rise_Linux/7/html/Windows_Integration_Guide/creating- > trusts.html#create-trust-existing-idm > > how to run it. > > > > HTH > > > > bye, > > Sumit > > > > > > > > > > -- > > > Manage your subscription for the Freeipa-users mailing list: > > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > Go to http://freeipa.org for more info on the project > > > > -- > > Manage your subscription for the Freeipa-users mailing list: > > https://www.redhat.com/mailman/listinfo/freeipa-users > > Go to http://freeipa.org for more info on the project > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
