On 03/17/2015 08:30 PM, Gould, Joshua wrote:
It looks like the range for your AD domain defined in ³ipa idrange-find
‹all² needs to match whats in for your domain in /etc/sssd/sssd.conf.

For your example. Under the [domain/CSNS.MIDDLEBURY.EDU] should have

ldap_idmap_range_min = 1824600000
ldap_idmap_range_size = 2000000

Setting these two identically let me resolve AD ID¹s with the id command.
Hopefully this works for you too.
Bingo! Thank you! That was indeed the solution. I needed to set the ID range in both places, and now users can log in.

David Guertin

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to