After upgrading to RHEL 9.2 it seems I must enable SID in my prod setup. So when I tried I'm getting an error message
[18/May/2023:23:09:46.570447195 +0800] - ERR - get_ranges - [file ipa_sidgen_common.c, line 276]: Failed to convert LDAP entry to range struct. [18/May/2023:23:09:46.571579606 +0800] - ERR - sidgen_task_add - [file ipa_sidgen_task.c, line 283]: Cannot find ranges. After investigating/search forum it seems like an error with my ID range. But I can't get why. I have no overlaps ---------------- 4 ranges matched ---------------- dn: cn=INT.LHFT.IO_id_range,cn=ranges,cn=etc,dc=int,dc=lhft,dc=io cn: INT.LHFT.IO_id_range ipabaseid: 1368600000 ipaidrangesize: 200000 ipabaserid: 100000 iparangetype: ipa-local objectclass: top objectclass: ipaIDrange objectclass: ipaDomainIDRange dn: cn=INT.LHFT.IO_subid_range,cn=ranges,cn=etc,dc=int,dc=lhft,dc=io cn: INT.LHFT.IO_subid_range ipabaseid: 2147483648 ipaidrangesize: 2147352576 ipabaserid: 2147283648 ipanttrusteddomainsid: S-1-5-21-738065-838566-328754306 iparangetype: ipa-ad-trust objectclass: top objectclass: ipaIDrange objectclass: ipaTrustedADDomainRange dn: cn=LHFT_1,cn=ranges,cn=etc,dc=int,dc=lhft,dc=io cn: LHFT_1 ipabaseid: 10000 ipaidrangesize: 10000 ipabaserid: 10000 iparangetype: ipa-local objectclass: ipaIDrange objectclass: ipadomainidrange dn: cn=LHFT_2,cn=ranges,cn=etc,dc=int,dc=lhft,dc=io cn: LHFT_2 ipabaseid: 4000 ipaidrangesize: 5000 ipabaserid: 1000 iparangetype: ipa-local objectclass: ipaIDrange objectclass: ipadomainidrange ---------------------------- Number of entries returned 4 ---------------------------- [root@lt-hk1-avm01 asafonov]# Any ideas why I can't enable/generate SIDs? _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
