Khurrum Maqb via FreeIPA-users wrote: > Thank you! That worked: > > Running `kdestroy -A` allowed me to set the dnaNextRange on ServerA to 0-0. > Then I set ServerC to 104608142-104799999. The replica did NOT install after > that and failed in the same way, but running the `ldapmodify` command to > manually set the default-smb-group allowed the replica, serverRL, to > successfully install. > > The range is VERY strange. Due to the strangeness, would it make sense to > create a new range and assign it to the newly created replica as a DNARange? > ie, `ipa idrange-add IDM.EXAMPLE.COM_new_range --base-id=100000000 > --range-size=200000` > and then `ipa-replica-manage dnarange-set serverRL.sub.example.com > 100000000-100010000` >
IPA ranges are a strange beast. There is no real connection between a local IDM range and DNA other than they happen to cover the same number space. Adding a new range won't affect the DNA configuration. I wonder if the range on the other two servers are way too small to split. It may be worth it to dig through your entries to determine a more even split between them and then manually fix things. You should be able to get away with some overlap with already provisioned ids, the DNA plugin should handle that, but I'm not one to press my luck so if you can pick new ranges w/o overlapping existing values I'd go that route. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue