Hi all,
I recently attempted to add a replica running FreeIPA v4.9.6 to our domain,
which consists of two servers running FreeIPA v4.9.2. I was prompted to set a
NetBIOS domain name. The installation then failed with the error “Too many ID
ranges.” In order to avoid needing to delete ID ranges to accommodate the new
replica, I removed the replica from FreeIPA and reinstalled it with an earlier
version (v4.9.2). Since then, users have been unable to perform password-based
authentication (tested with ssh & sudo). "Preauthentication failed" errors have
also been appearing in /var/log/sssd/krb5_child.log on the server I've been
attempting to login to via ssh. Does anyone know the root cause of this issue
and/or a possible solution?
Repeated message in /var/log/sssd/sssd_example.org.log of the server I’ve been
attempting to ssh to:
(2022-04-12 8:29:34): [be[example.org]] [sysdb_range_create] (0x0040): Invalid
range, skipping. Expected that either the secondary base RID or the SID of the
trusted domain is set, but not both or none of them.
Our ID ranges:
[root@ipaserver ~]$ ipa idrange-find --all --raw
----------------
2 ranges matched
----------------
dn: cn=example-freeipa-service-accounts,cn=ranges,cn=etc,dc=example,dc=org
cn: example-freeipa-service-accounts
ipabaseid: 900000
ipaidrangesize: 99999
iparangetype: ipa-local
objectclass: ipaIDrange
objectclass: ipadomainidrange
dn: cn=EXAMPLE.ORG_id_range,cn=ranges,cn=etc,dc=example,dc=org
cn: EXAMPLE.ORG_id_range
ipabaseid: 1014000
ipaidrangesize: 200000
iparangetype: ipa-local
objectclass: top
objectclass: ipaIDrange
objectclass: ipaDomainIDRange
----------------------------
Number of entries returned 2
----------------------------
[root@ipaserver ~]$
Last ~100 lines from /var/log/ipareplica-install.log:
2022-04-01T16:55:16Z DEBUG Configuring SID generation
2022-04-01T16:55:16Z DEBUG [1/7]: creating samba domain object
2022-04-01T16:55:16Z DEBUG step duration: SID generation
__create_samba_domain_object 0.02 sec
2022-04-01T16:55:16Z DEBUG [2/7]: adding admin(group) SIDs
2022-04-01T16:55:16Z DEBUG step duration: SID generation __add_admin_sids 0.01
sec
2022-04-01T16:55:16Z DEBUG [3/7]: adding RID bases
2022-04-01T16:55:16Z CRITICAL Found more than one local domain ID range with no
RID base set.
2022-04-01T16:55:16Z DEBUG Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line
635, in start_creation
run_step(full_msg, method)
File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line
621, in run_step
method()
File "/usr/lib/python3.6/site-packages/ipaserver/install/adtrustinstance.py",
line 380, in __add_rid_bases
raise RuntimeError("Too many ID ranges\n")
RuntimeError: Too many ID ranges
2022-04-01T16:55:16Z DEBUG [error] RuntimeError: Too many ID ranges
2022-04-01T16:55:16Z DEBUG File
"/usr/lib/python3.6/site-packages/ipapython/admintool.py", line 180, in execute
return_value = self.run()
File "/usr/lib/python3.6/site-packages/ipapython/install/cli.py", line 342,
in run
return cfgr.run()
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 360,
in run
return self.execute()
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 386,
in execute
for rval in self._executor():
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 431,
in __runner
exc_handler(exc_info)
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 460,
in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 421,
in __runner
step()
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 418,
in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81,
in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59,
in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 655,
in _configure
next(executor)
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 431,
in __runner
exc_handler(exc_info)
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 460,
in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 518,
in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 515,
in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 450,
in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 421,
in __runner
step()
File "/usr/lib/python3.6/site-packages/ipapython/install/core.py", line 418,
in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 81,
in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python3.6/site-packages/six.py", line 693, in reraise
raise value
File "/usr/lib/python3.6/site-packages/ipapython/install/util.py", line 59,
in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python3.6/site-packages/ipapython/install/common.py", line 65,
in _install
for unused in self._installer(self.parent):
File "/usr/lib/python3.6/site-packages/ipaserver/install/server/__init__.py",
line 603, in main
replica_install(self)
File
"/usr/lib/python3.6/site-packages/ipaserver/install/server/replicainstall.py",
line 401, in decorated
func(installer)
File
"/usr/lib/python3.6/site-packages/ipaserver/install/server/replicainstall.py",
line 1371, in install
adtrust.install(False, options, fstore, api)
File "/usr/lib/python3.6/site-packages/ipaserver/install/adtrust.py", line
483, in install
smb.create_instance()
File "/usr/lib/python3.6/site-packages/ipaserver/install/adtrustinstance.py",
line 895, in create_instance
self.start_creation(show_service_name=False)
File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line
635, in start_creation
run_step(full_msg, method)
File "/usr/lib/python3.6/site-packages/ipaserver/install/service.py", line
621, in run_step
method()
File "/usr/lib/python3.6/site-packages/ipaserver/install/adtrustinstance.py",
line 380, in __add_rid_bases
raise RuntimeError("Too many ID ranges\n")
2022-04-01T16:55:16Z DEBUG The ipa-replica-install command failed, exception:
RuntimeError: Too many ID ranges
2022-04-01T16:55:16Z ERROR Too many ID ranges
2022-04-01T16:55:16Z ERROR The ipa-replica-install command failed. See
/var/log/ipareplica-install.log for more information
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
