On 24/11/16 17:14, lejeczek wrote:

I see this:

2 ranges matched
  Range name: xx.id_range
  First Posix ID of the range: 1952400000
  Number of IDs in the range: 200000
  First RID of the corresponding RID range: 0
Domain SID of the trusted domain: S-1-5-21-1144915091-2252175215-702530032
  Range type: Active Directory domain range

  Range name: xx.xx.xx.xx.x_id_range
  First Posix ID of the range: 1875000000
  Number of IDs in the range: 200000
  First RID of the corresponding RID range: 1000
  First RID of the secondary RID range: 100000000
  Range type: local domain range
Number of entries returned 2

some time ago when I first set up IPA I migrated users from samba3's ldap backend. Since then until today there was no new users I needed to add but now I do. First on the list range I think it is a remnant of AD trust which does not exists any more (should it be removed?). I'm not sure how to read those ranges info, one thing I notice is that UIDs from migration are probably between 500 & 2000 and now if I supply uid manually to user-add and gid (which is old Samba's domain users group) then creation of new user succeeds.
Is this normal, expected?


ok, solution(ldapmodify) to the problem: https://www.redhat.com/archives/freeipa-users/2014-February/msg00246.html but could some experts shed more light on it - I see that some time ago(after migration/import) I actually created manually a user:
$ id netdevadmin
uid=1875000006(netdevadmin) gid=1875000006(netdevadmin) groups=1875000006(netdevadmin)

today, after ldapmodify I create a new user but uids seem to come from (what?) a different range??
$ id appmgr
uid=3501(appmgr) gid=3501(appmgr) groups=3501(appmgr)

what's is happening?

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to