On Fri, Apr 17, 2015 at 06:36:24AM -0400, Bryan Pearson wrote: > Should I add the same range to this machine or give each one it's own id > range?
The ranges are global for the whole IPA domain. The idranges manages with the ipa tool have their data in the replicated tree hence changes are available on all replicas. The DNA plugin has its own scheme to distribute the data, see e.g. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/Managing-Unique_UID_and_GID_Attributes.html for details. bye, Sumit > On Apr 17, 2015 3:53 AM, "Sumit Bose" <sb...@redhat.com> wrote: > > > On Thu, Apr 16, 2015 at 07:46:55PM -0400, Bryan Pearson wrote: > > > I ran this comand on each of my IPA servers and one returned usable > > > response: ipa idrange-find > > > > > > --------------- > > > 1 range matched > > > --------------- > > > Range name: HOSTNAME.LAN_id_range > > > First Posix ID of the range: 1920200000 > > > Number of IDs in the range: 300000 > > > Range type: local domain range > > > ---------------------------- > > > Number of entries returned 1 > > > ---------------------------- > > > > > > While trying to add a new user on one of the other severs I recieve: > > > *** > > > Operations error: Allocation of a new value for range cn=posix > > > ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config > > > failed! Unable to proceed. > > > *** > > > > This is expected, unfortunately the idranges used to manage different > > idranges in environments with trust and the range used by the DNA plugin > > to assign IDs to local users and groups are currently not connected. > > There is ticket https://fedorahosted.org/freeipa/ticket/3609 to fix > > this. > > > > bye, > > Sumit > > > > > > > > Should I go forward on other masters and do: > > > > > > *** > > > ldapmodify -x -D 'cn=Directory Manager' -W > > > Enter LDAP Password: > > > dn: cn=Posix IDs,cn=Distributed Numeric Assignment > > Plugin,cn=plugins,cn=config > > > changetype: modify > > > replace: dnaNextValue > > > dnaNextValue: 1689700000 > > > - > > > replace: dnaMaxValue > > > dnaMaxValue: 1689799999 > > > ^D > > > > > > modifying entry "cn=Posix IDs,cn=Distributed Numeric Assignment > > > Plugin,cn=plugins,cn=config" > > > *** > > > > > > -- > > > Manage your subscription for the Freeipa-users mailing list: > > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > Go to http://freeipa.org for more info on the project > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project