Hi Jeff When I last integrated FreeIPA and Samba I used ldapmodify to successfully add sambaSAMAccount and sambaGroupMapping.
ldapmodify -Y GSSAPI <<EOF dn: cn=etc,cn=ipaconfig,dc=my,dc=silly,dc=example,dc=com changetype: modify add: ipaUserObjectClasses ipaUserObjectClasses: sambaSAMAccount - add: ipaGroupObjectClasses ipaGroupObjectClasses: sambaGroupMapping EOF Note, also there is a notorious spelling mistake under Point 5 of the Fedora instructions you are following cosAttribute: sambaGrouptType should be: cosAttribute: sambaGroupType i.e. sambaGroupType has only one "T". Chris From: Jeff Goddard <jgodd...@emerlyn.com> To: freeipa-users@redhat.com Date: 18.03.2016 16:11 Subject: [Freeipa-users] Trouble creating userobjectlass sambaSAMAccount Sent by: freeipa-users-boun...@redhat.com Hello all, I'm following this guide: https://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/cifs.html in attempts to have a SAMBA server with freeipa as the back-end authentication method. My problem is that the command: ipa config-mod --userobjectclasses=top,person,organizationalperson,inetorgperson,inetuser,posixaccount,krbprincipalaux,krbticketpolicyaux,ipaobject,sambaSAMAccount fails with the message: ipa: ERROR: objectclass top,person,organizationalperson,inetorgperson,inetuser,posixaccount,krbprincipalaux,krbticketpolicyaux,ipaobject,sambaSAMAccount not found. Using the web GUI I was able to add this field but it doesn't dynamically add it to my existing users and so I get errors such as: [2016/03/18 10:20:21.052605, 3] ../source3/lib/smbldap.c:579 (smbldap_start_tls) StartTLS issued: using a TLS connection [2016/03/18 10:20:21.052661, 2] ../source3/lib/smbldap.c:794 (smbldap_open_connection) smbldap_open_connection: connection opened [2016/03/18 10:20:21.055250, 3] ../source3/lib/smbldap.c:1013 (smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server [2016/03/18 10:20:21.056774, 4] ../source3/passdb/pdb_ldap.c:1496 (ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [jgoddard] count=0 [2016/03/18 10:20:21.056856, 3, pid=9121, effective(0, 0), real(0, 0), class=auth] ../source3/auth/check_samsec.c:400(check_sam_security) check_sam_security: Couldn't find user 'jgoddard' in passdb. [2016/03/18 10:20:21.056890, 5, pid=9121, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:252(auth_check_ntlm_password) check_ntlm_password: sam authentication for user [jgoddard] FAILED with error NT_STATUS_NO_SUCH_USER [2016/03/18 10:20:21.056944, 2, pid=9121, effective(0, 0), real(0, 0), class=auth] ../source3/auth/auth.c:315(auth_check_ntlm_password) check_ntlm_password: Authentication for user [jgoddard] -> [jgoddard] FAILED with error NT_STATUS_NO_SUCH_USER [2016/03/18 10:20:21.056972, 2] ../auth/gensec/spnego.c:746 (gensec_spnego_server_negTokenTarg) SPNEGO login failed: NT_STATUS_NO_SUCH_USER [2016/03/18 10:20:21.057837, 3] ../source3/smbd/server_exit.c:249 (exit_server_common) Server exit (NT_STATUS_CONNECTION_RESET) When trying to authenticate to my share. The search from the samba server: ldapsearch -LLL -x -h id-management-1.internal.emerlyn.com uid=jgoddard does not return a value for sambaSAMAccount either. Can anyone provide me a pointer or documentation on where I'm going wrong? Thanks, Jeff-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project