Brian J. Murrell via FreeIPA-users wrote: > On Wed, 2024-11-06 at 10:23 -0500, Rob Crittenden via FreeIPA-users > wrote: >> >> It's in the blog. ipa iprange-find. That along with the range of >> already >> issued ids will give you an idea of what the available ranges are. > > I see. Mine reports: > > # ipa idrange-find > ---------------- > 2 ranges matched > ---------------- > Range name: INTERLINX.BC.CA_id_range > First Posix ID of the range: 396000000 > Number of IDs in the range: 200000 > First RID of the corresponding RID range: 1000 > First RID of the secondary RID range: 100000000 > Range type: local domain range > > Range name: INTERLINX.BC.CA_subid_range > First Posix ID of the range: 2147483648 > Number of IDs in the range: 2147352576 > First RID of the corresponding RID range: 2147283648 > Domain SID of the trusted domain: S-1-5-21-738065-838566-2194680828 > Range type: Active Directory domain range > ---------------------------- > Number of entries returned 2 > ---------------------------- > > So I just need to use any range other than 396000000-396199999? Even > though no IPA server exists (any more) with that range?
No. The DNA range should match the realm id_range with the starting point being the last value handed out + 1. >> Take your pick. dnarange-show/set make it easier to change the >> settings >> and is what I'd use. > > So given the above: > > # ipa-replica-manage dnanextrange-set server.interlinx.bc.ca > 396200000-396399999 > > should be what I want? > > And I can't/don't want to just reassign the existing 396000000- > 396199999 range given that there is no other IPA server in this network > at this point? No you want to retain that range. Not all servers need to have a range assigned. If they don't have one and need an id they will request part of the range from one of the other servers so you shouldn't need or want to manually tweak the others in this case. rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
