Ricardo Mendes via FreeIPA-users wrote: > Hi, > > I was out for a couple of weeks and this stood on standby. Checking the > dnarange: > > # ipa-replica-manage dnarange-show > Directory Manager password: > idm.dom0.io: 1562200006-1562399999 > ns1.dom0.io: No range set > ns2.dom0.io: No range set > # ipa idrange-find > --------------- > 1 range matched > --------------- > Range name: DOM0.IO_id_range > First Posix ID of the range: 1562200000 > Number of IDs in the range: 200000 > First RID of the corresponding RID range: 1000 > First RID of the secondary RID range: 100000000 > Range type: local domain range > ---------------------------- > Number of entries returned 1 > ---------------------------- > > It seems like I have enough space in the range to accommodate new servers, no? > The master that has the range assigned is only accessible from private > network, the ns1 and ns2 are accessible from the public network. From what I > read, it would be supposed for the replica ns1 to get a range from the master > idm, or is that not so? > Should the ns3 server have a direct access to the server with the dna range > configured? > Is the solution adding a range to the ns1 master replica?
A server should only need a range if it actually creates users or groups. In this case the installer is trying to create a fallback group so that users are members of at least one posix group for a PAC. It's been a while so the logs may no longer be available but when the allocation failed something should have logged in 389-ds error log. I'd check that on all servers. You're looking for a similar Failed to allocate message. What version of IPA is running on ns1 and ns2? rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
