hi all,
thanks to all for this thread. this is not for the faint of heart. i had
similar issue with upgrade on el88
(ipa-server-4.9.11-7.module+el8.8.0+19639+24a8b95c.x86_64 ->
ipa-server-4.9.11-9.module+el8.8.0+20825+52dd1628.x86_64; yes not even a
subminor version change)
my experience:
Complete oversight by me sorry...
There was a GID of a group set to 200. After changing that and running sidgen
again all the users now have SIDs
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
On Mon, Feb 12, 2024 at 10:53:33AM -, Oliver Nixon via FreeIPA-users wrote:
> Hi Rob,
>
> Thanks for confirming.
>
> The strange thing is there aren't any users outside of the range that I can
> find and there is definitely nothing with an ID of 200.
It may be a GID of some group.
--
Just to chime in on this.
I'm not 100% this isn't a bug, as I've also hit the same issue after an update.
In the end, I've had to re-create the effected accounts with the same UID and
GID after deletion, which is resolving the issue for me as I wasn't able to
find a solution using the
Hi Rob,
Thanks for confirming.
The strange thing is there aren't any users outside of the range that I can
find and there is definitely nothing with an ID of 200.
--
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To
Oliver Nixon via FreeIPA-users wrote:
> Hi Rob,
>
> Thanks for your reply.
>
> All I can find in the log is the following:
> [08/Feb/2024:17:31:01.478681171 +] - ERR - sidgen_task_thread - [file
> ipa_sidgen_task.c, line 194]: Sidgen task starts ...
> [08/Feb/2024:17:31:01.667472180 +]
Hi Rob,
Thanks for your reply.
All I can find in the log is the following:
[08/Feb/2024:17:31:01.478681171 +] - ERR - sidgen_task_thread - [file
ipa_sidgen_task.c, line 194]: Sidgen task starts ...
[08/Feb/2024:17:31:01.667472180 +] - ERR - find_sid_for_ldap_entry - [file
Hi,
I'm encountering the same issue after upgrading to 4.9.12.
I had previously imported users from another FreeIPA deployment and their UIDs
were outside of the defined ID ranges.
I've created a new ID range to encompass these and run the following but the
SIDs still don't get generated:
]#
Oliver Nixon via FreeIPA-users wrote:
> Hi,
>
> I'm encountering the same issue after upgrading to 4.9.12.
> I had previously imported users from another FreeIPA deployment and their
> UIDs were outside of the defined ID ranges.
> I've created a new ID range to encompass these and run the
Hi,
I'm encountering the same issue after upgrading to 4.9.12.
I had previously imported users from another FreeIPA deployment and their UIDs
were outside of the defined ID ranges.
I've created a new ID range to encompass these and run the following but the
SIDs still don't get generated:
]#
On Аўт, 23 сту 2024, Dungan, Scott A. via FreeIPA-users wrote:
I found the answer in this thread:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/5BUG3EVCRQKNF6BC74LA2CL3H2I2EV3P/
Following that, we used ldapmodify to apply the correct values for the
I found the answer in this thread:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/5BUG3EVCRQKNF6BC74LA2CL3H2I2EV3P/
Following that, we used ldapmodify to apply the correct values for the rid-base
and secondary-rid-base in the new range. Afterwards,
Thanks, Flo.
I believe we now know what the correct values should be for the rid-base and
secondary-rid-base, however, we can’t seem to modify the ID range with the
missing values we created to cover the legacy NIS users:
$ ipa idrange-mod ID.EXAMPLE.COM_legacy_range
ipa: ERROR: This command
Hi,
On Tue, Jan 23, 2024 at 1:05 AM Dungan, Scott A. via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
> Thanks to Paul for all the leg work on this issue. Based on that, I can
> confirm that we have the same problem after updating to 4.9.12-11 from
> 4.9.11-7. Running the oddjob
Thanks to Paul for all the leg work on this issue. Based on that, I can confirm
that we have the same problem after updating to 4.9.12-11 from 4.9.11-7.
Running the oddjob command to add SIDs to the user accounts fails after
encountering UIDs outside of the default IPA range. It was able to get
Paul Nickerson via FreeIPA-users wrote:
> I confirmed that users who had an ipaNTSecurityIdentifier attribute could log
> in to the web UI, and those that did not have the ipaNTSecurityIdentifier
> attribute could not.
>
> I found the error in /var/log/dirsrv/slapd-SEMI-EXAMPLE-NET/errors like
I confirmed that users who had an ipaNTSecurityIdentifier attribute could log
in to the web UI, and those that did not have the ipaNTSecurityIdentifier
attribute could not.
I found the error in /var/log/dirsrv/slapd-SEMI-EXAMPLE-NET/errors like you
said:
[17/Jan/2024:20:28:09.571195828 +]
Paul Nickerson via FreeIPA-users wrote:
> Thank you for the assistance. I tried running the oddjob without specifying a
> NetBIOS name, and it gave a return code of 1, no output, and didn't seem to
> do anything. Then I saw your NetBIOS comment.
>
> First I checked to see if we already had a
Thank you for the assistance. I tried running the oddjob without specifying a
NetBIOS name, and it gave a return code of 1, no output, and didn't seem to do
anything. Then I saw your NetBIOS comment.
First I checked to see if we already had a NetBIOS name configured, and I
didn't find anything
On Срд, 17 сту 2024, Alexander Bokovoy via FreeIPA-users wrote:
On Срд, 17 сту 2024, Paul Nickerson via FreeIPA-users wrote:
I have two FreeIPA servers in a cluster, both running on RHEL 8.9. They
started on RHEL 8.0 I believe, and have been upgrading in-place since
then. I recently restarted
On Срд, 17 сту 2024, Paul Nickerson via FreeIPA-users wrote:
I have two FreeIPA servers in a cluster, both running on RHEL 8.9. They
started on RHEL 8.0 I believe, and have been upgrading in-place since
then. I recently restarted the FreeIPA services, which triggered an
ipa-server-upgrade to
Paul Nickerson via FreeIPA-users wrote:
> I have two FreeIPA servers in a cluster, both running on RHEL 8.9. They
> started on RHEL 8.0 I believe, and have been upgrading in-place since then. I
> recently restarted the FreeIPA services, which triggered an
> ipa-server-upgrade to upgrade from
22 matches
Mail list logo
