[Freeipa-users] Problem adding group after update IPA from CentOS 6.6 to 7.0

Martin Kosek mkosek at redhat.com
Tue Dec 9 09:09:15 UTC 2014 

On 12/08/2014 04:17 PM, Gianluca Cecchi wrote:
> On Mon, Dec 8, 2014 at 3:47 PM, Gianluca Cecchi <gianluca.cecchi at gmail.com>
> wrote:
> 
>> Hello,
>> I followed the guide here to migrate IPA from CentOS 6.6 to CentOS 7.0:
>>
>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/upgrading.html
>>
>> Now, adding a group from console with command
>> ipa group-add
>> I get this kind of error:
>> ipa: ERROR: Operations error: Allocation of a new value for range cn=posix
>> ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed!
>> Unable to proceed.
>>
>>
>>
> Based on info on og of CentOS 6.5 system, at the moment I solved the
> probelm this way and it seems it works.
> Let me know if you think I misunderstood anything.
> 
> created /root/dna_addrange.ldif
> dn: cn=POSIX IDs,cn=Distributed Numeric Assignment
> Plugin,cn=plugins,cn=config
> changetype: modify
> add: dnaNextRange
> dnaNextRange: 1639600001-1639799999
> -
> 
> [root at c7server slapd-LOCALDOMAIN-LOCAL]# ldapmodify -x -D "cn=Directory
> Manager" -f /root/dna_addrange.ldif -W
> Enter LDAP Password:
> modifying entry "cn=POSIX IDs,cn=Distributed Numeric Assignment
> Plugin,cn=plugins,cn=config"
> 
> Now the group create command automatically insert an unallocated GID
> 1639600005:
> [root at c7server slapd-LOCALDOMAIN-LOCAL]# ipa group-add
> Group name: testgroup
> Description: test group per generazione gid
> -----------------------
> Added group "testgroup"
> -----------------------
>   Group name: testgroup
>   Description: test group per generazione gid
>   GID: 1639600005
> 
> Gianluca

Normally, the replica should be able to request a DNA range from the other
replica it connects with, CentOS 6.6 in your case.

Given that it was unable to do it (thus the "Operations error: Allocation of a
new value" error), it seems the call was not successful. I would recommend
checking that replication between 6.6 and 7.0 indeed works and you are not for
example hitting the infamous SASL problem
(https://bugzilla.redhat.com/show_bug.cgi?id=1136882) preventing from
replication & DNA allocation.

Martin

More information about the Freeipa-users mailing list