diff --git a/freeipa-service-ntlm.sh b/freeipa-service-ntlm.sh
index df2e136..b721baa 100755
--- a/freeipa-service-ntlm.sh
+++ b/freeipa-service-ntlm.sh
@@ -51,7 +51,7 @@ if ipa role-add "$ROLE_NAME" --desc="$ROLE_DESCRIPTION" > /dev/null 2>&1; then
    echo created role $ROLE_NAME
     if ipa privilege-add "$PRIV_NAME" --desc="$PRIV_DESCRIPTION" > /dev/null 2>&1; then
         echo created privilege $PRIV_NAME
-        if ipa permission-add "$PERM_NAME" --attrs=sambaNTPassword --attrs=sambaPwdLastSet --attrs=sambaSID --attrs=sambaAcctFlags --attrs=sambaDomainName --type=user --right=read --right=compare > /dev/null 2>&1; then
+        if ipa permission-add "$PERM_NAME" --attrs=ipaNTHash --attrs=sambaNTPassword --attrs=sambaPwdLastSet --attrs=sambaSID --attrs=sambaAcctFlags --attrs=sambaDomainName --type=user --right=read --right=compare > /dev/null 2>&1; then
             echo created permission $PERM_NAME
         else
             echo permission $PERM_NAME exists