[Freeipa-users] Adding RID base to existing range

Sumit Bose sbose at redhat.com
Wed Mar 9 14:15:42 UTC 2016 

On Wed, Mar 09, 2016 at 01:31:00PM +0000, Darren Poulson wrote:
> Hi,
> 
> I’d tried that, but get this:
> 
> [root at freeipa1-01 ~]# ipa idrange-mod <domain>_id_range --rid-base=1000
> ipa: ERROR: This command can not be used to change ID allocation for local
> IPA domain. Run `ipa help idrange` for more information

'ipa idrange-find' should show a second idrange with 'Range type: local
domain range'. Can you try if you can add the RID bases there?

bye,
Sumit

> 
> 
> Thanks,
> 
> Darren.
> 
> 
> On 3/9/16, 9:45 AM, "freeipa-users-bounces at redhat.com on behalf of Sumit
> Bose" <freeipa-users-bounces at redhat.com on behalf of sbose at redhat.com>
> wrote:
> 
> >On Wed, Mar 09, 2016 at 01:29:14AM +0000, Darren Poulson wrote:
> >> Hi,
> >> 
> >> We¹re currently trying to set up an AD domain (great fun for a bunch of
> >> linux adminsŠ not) so that we can get authentication working with
> >>various
> >> bits of hardware that only support AD. We want this domain to trust our
> >> existing FreeIPA setup.
> >> 
> >> When trying to ipa-adtrust-install I¹m getting:
> >> 
> >>   [10/22]: adding RID bases
> >> ipa         : CRITICAL Found more than one local domain ID range with
> >>no RID
> >> base set.
> >> 
> >> >From reading up, I need to have the id ranges configured with primary
> >>and
> >> secondary RIDs. Is there any way to do this, or do I have to delete and
> >
> >You can use 'ipa idrange-mod ...' to add the RID bases to existing
> >ranges.
> >
> >HTH
> >
> >bye,
> >Sumit
> >
> >> recreate the ranges? And if I do that, what are the implications?
> >> 
> >> IPA 4.2.0 (CentOS 7)
> >> AD 2012R2
> >> 
> >> Cheers,
> >> 
> >> Darren.
> >> 
> >> 
> >> 
> >
> >
> >
> >> -- 
> >> Manage your subscription for the Freeipa-users mailing list:
> >> https://www.redhat.com/mailman/listinfo/freeipa-users
> >> Go to http://freeipa.org for more info on the project
> >
> >-- 
> >Manage your subscription for the Freeipa-users mailing list:
> >https://www.redhat.com/mailman/listinfo/freeipa-users
> >Go to http://freeipa.org for more info on the project
> >

More information about the Freeipa-users mailing list