Hi all, I'm trying to integrate Samba 3 into FreeIPA domain. After following the instructions given in this mailing list (http://www.mail-archive.com/freeipa-users@redhat.com/msg00111.html) I'm unable to add new users. The ipa-adduser command complains with the following error message:
A database error occurred: Object class violation: missing attribute "sambaSID" required by object class "sambaSamAccount" It seems as if ipa-dna plugin isn't working, i.e. isn't adding sambaSID attribute. Here are the relevant entries from LDAP (with mangled domains): dn: cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject objectClass: nsContainer cn: Distributed Numeric Assignment Plugin nsslapd-pluginInitfunc: dna_init nsslapd-pluginType: preoperation nsslapd-pluginEnabled: on nsslapd-pluginPath: libdna-plugin nsslapd-plugin-depends-on-type: database nsslapd-pluginId: Distributed Numeric Assignment nsslapd-pluginVersion: 1.2.5 nsslapd-pluginVendor: 389 Project nsslapd-pluginDescription: Distributed Numeric Assignment plugin # sambaGroupType, Distributed Numeric Assignment Plugin, plugins, config dn: cn=sambaGroupType,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config objectClass: top objectClass: extensibleObject cn: sambaGroupType dnatype: sambaGroupType dnainterval: 0 dnamagicregen: ASSIGN dnafilter: (objectClass=sambaGroupMapping) dnanextvalue: 2 # SambaSid, Distributed Numeric Assignment Plugin, plugins, config dn: cn=SambaSid,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config objectClass: top objectClass: extensibleObject dnatype: sambaSID dnaprefix: S-1-5-21-2932961863-1130097162-856551529 dnainterval: 1 dnamagicregen: assign dnafilter: (|(objectclass=sambaSamAccount)(objectclass=sambaGroupMapping)) dnascope: dc=example,dc=com cn: SambaSid dnanextvalue: 15277 Can someone sched ligth on what's going on, or how to debug these problems? In the log files (/var/log/dirsrv/dirsrv-EXAMPLE-COM) there is nothing useful. SG P.S. dnaprefix has to end with hyphen, but I don't believe it's the problem. _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users