I had a typo with the one of the UIDs which is fixed with this patch. The difference is that Fedora/SSSD treats UIDs of 1000 and below as local system accounts whereas RHEL treats local system accounts at 500 and SSSD local system accounts at 1000. That's why there are conditional paragraphs based on if it is Fedora or RHEL.
On Tue, May 13, 2014 at 7:55 AM, Petr Viktorin <pvikt...@redhat.com> wrote: > On 05/09/2014 04:14 AM, Gabe Alford wrote: > >> Hello, >> >> Just wondering if there are any takers in reviewing this patch. >> > > Sorry, looks like it fell through the cracks :( > > AFAIK the &OS; entity should work for both Fedora and RHEL, so it should > be possible to only have one copy of the paragraph. Or is there something I > missed? > > >> Gabe >> >> >> >> On Mon, Apr 21, 2014 at 5:48 PM, Gabe Alford <redhatri...@gmail.com >> <mailto:redhatri...@gmail.com>> wrote: >> >> Hello, >> >> Patch for the following ticket to add note in documentation about >> bad uid ranges: >> https://fedorahosted.org/freeipa/ticket/2090 >> >> Thanks, >> >> Gabe >> >> > > -- > Petr³ > > _______________________________________________ > Freeipa-devel mailing list > Freeipaemail@example.com > https://www.redhat.com/mailman/listinfo/freeipa-devel >
From a6509eaa5df76e630c1ecadb32d20f26ac506395 Mon Sep 17 00:00:00 2001 From: Gabe <redhatri...@gmail.com> Date: Tue, 13 May 2014 16:43:55 -0600 Subject: [PATCH] [DOC] Sometimes users set bad uid ranges https://fedorahosted.org/freeipa/ticket/2090 --- src/user_guide/en-US/Users.xml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/user_guide/en-US/Users.xml b/src/user_guide/en-US/Users.xml index a260855b8742b5738c4660beaa400c7e73666c6e..17bad604cb1cd914acfe6e1abdd634d020db1766 100644 --- a/src/user_guide/en-US/Users.xml +++ b/src/user_guide/en-US/Users.xml @@ -1053,7 +1053,18 @@ Disabling Plugin</screen> range is depleted so that less than 100 IDs are available, it can contact one of the available servers for a new range allotment. A special extended operation splits the range in two, so that the original server and the replica each have half of the available range. </para> - + <note> + <title>NOTE</title> + <para> + It is possible for an administrator to define an ID number range — which means that it is possible for an administrator to define a <emphasis>bad</emphasis> range. + </para> + <para condition="fedora"> + &OS; reserves all UID/GID numbers below 1000 for system use, and SSSD treats all UID/GID numbers below 1000 as local system accounts. If an administrator sets the ID range to start at 500 to interact with a legacy application (for example), then user accounts assigned an ID number below 1000 will be unable to log in, because their user account is not recognized by SSSD. + </para> + <para condition="redhat"> + &OS; reserves all UID/GID numbers below 500 for system use. SSSD treats all UID/GID numbers below 1000 as local system accounts. If an administrator sets the ID range to start at 500 to interact with a legacy application (for example), then user accounts assigned an ID number below 1000 will be unable to log in, because their user account is not recognized by SSSD. + </para> + </note> </section> <section id="Assigning_UIDs_and_GIDs-Adding_New_Ranges"> -- 1.9.0
_______________________________________________ Freeipa-devel mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-devel