On Thu, Mar 4, 2021, at 09:17, Lachlan Simpson via FreeIPA-users wrote:
> The IPA domain has Primary RID base of 1000 but the Base ID is 709600000?
>
> I presumed the AD provided POSIX GID would come across per a regular Linux
> system gid and that would be fine within IPA. IIRC until I edited the range
> of the trust it was working after I had created the User Group in IPA with
> the GID 5000.
>
Sorry, to be clearer. When I first created the trust, I couldn't get id or
getent to work. I discovered that was because the IPA didn't know about the
POSIX GID coming from AD. So I created a group in IPA called company_name with
GID 5000 - the same as was coming from AD.
id and getent started working for users in that trust.
When I increased the idrange for the second trust, that's when smb started
giving errors instead of starting.
cheers
L.
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
