[Freeipa-users] Adding RID base to existing range
Darren Poulson
darren.poulson at genesys.com
Wed Mar 9 14:21:31 UTC 2016
Hi,
Here’s what I get. The initial default range as created by freeipa and
contains all our users, and a second one that I created for system
accounts.
[root at freeipa1-01 ~]# ipa idrange-find
----------------
2 ranges matched
----------------
Range name: BUR.US.GENOPS_id_range
First Posix ID of the range: 50000
Number of IDs in the range: 10000
Range type: local domain range
Range name: System Users
First Posix ID of the range: 500
Number of IDs in the range: 1000
Range type: local domain range
----------------------------
Number of entries returned 2
——————————————
If it makes any difference, this install was initially (I believe) freeipa
3.3.
Darren.
On 3/9/16, 1:31 PM, "freeipa-users-bounces at redhat.com on behalf of Darren
Poulson" <freeipa-users-bounces at redhat.com on behalf of
darren.poulson at genesys.com> wrote:
>Hi,
>
>I’d tried that, but get this:
>
>[root at freeipa1-01 ~]# ipa idrange-mod <domain>_id_range --rid-base=1000
>ipa: ERROR: This command can not be used to change ID allocation for local
>IPA domain. Run `ipa help idrange` for more information
>
>
>Thanks,
>
>Darren.
>
>
>On 3/9/16, 9:45 AM, "freeipa-users-bounces at redhat.com on behalf of Sumit
>Bose" <freeipa-users-bounces at redhat.com on behalf of sbose at redhat.com>
>wrote:
>
>>On Wed, Mar 09, 2016 at 01:29:14AM +0000, Darren Poulson wrote:
>>> Hi,
>>>
>>> We¹re currently trying to set up an AD domain (great fun for a bunch of
>>> linux adminsŠ not) so that we can get authentication working with
>>>various
>>> bits of hardware that only support AD. We want this domain to trust our
>>> existing FreeIPA setup.
>>>
>>> When trying to ipa-adtrust-install I¹m getting:
>>>
>>> [10/22]: adding RID bases
>>> ipa : CRITICAL Found more than one local domain ID range with
>>>no RID
>>> base set.
>>>
>>> >From reading up, I need to have the id ranges configured with primary
>>>and
>>> secondary RIDs. Is there any way to do this, or do I have to delete and
>>
>>You can use 'ipa idrange-mod ...' to add the RID bases to existing
>>ranges.
>>
>>HTH
>>
>>bye,
>>Sumit
>>
>>> recreate the ranges? And if I do that, what are the implications?
>>>
>>> IPA 4.2.0 (CentOS 7)
>>> AD 2012R2
>>>
>>> Cheers,
>>>
>>> Darren.
>>>
>>>
>>>
>>
>>
>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>>
>>--
>>Manage your subscription for the Freeipa-users mailing list:
>>https://www.redhat.com/mailman/listinfo/freeipa-users
>>Go to http://freeipa.org for more info on the project
>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2414 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160309/d2c1ff53/attachment.p7s>
More information about the Freeipa-users
mailing list