Platform: CentOS 7 (which comes with ipa 4.2.0), with ipa-server-trust-ad installed.
Problem: If you create an account like this:
ipa user-add --password foo.bar
then no ipaNTHash attribute is set. This can be confirmed using:
ldapsearch -D 'cn=Directory Manager' -W -b 'uid=foo.bar,cn=users,cn=accounts,dc=ipa,dc=example,dc=com' -s base '(objectClass=*)' uid ipaNTHash
Workaround is to do it in two steps:
ipa user-add foo.bar ipa user-mod --password foo.bar
Per triage on Dec 06, fixing this bug requires substanial work. Additional tickets will follow.
Metadata Update from @candlerb: - Issue assigned to someone - Issue set to the milestone: Future Releases
Login to comment on this ticket.