I am setting up IPA to replace an ancient system where I'd like to preserve a handful of existing users UIDs that are in the 500 range. There are MANY files that would need to change otherwise.
I'm starting with a pristine IPA install (AlmaLinux 9.6), with standard settings. To enable the users in the low UID range, I added a range: ipa idrange-add MYDOMAIN.COM_legacy_range --base-id 501 --range-size 99 --rid-base 300000 --secondary-rid-base 200000000 --type ipa-local And that seemed fine...I create a user in that range, set a password, etc. The user can log into the IPA GUI fine. Now, on a client, I can ssh with a key as that user, but I cannot login with a password at all. The user shows a ipantsecurityidentifier so that isn't missing. A user created in the default ID range works fine. The only thing I find in the logs is with sssd debug turned way up: (2025-06-11 9:43:43): [be[mydomain.com]] [sysdb_search_by_name] (0x0400): [RID#18] No such entry (2025-06-11 9:43:43): [be[mydomain.com]] [sysdb_cache_search_groups] (0x2000): [RID#18] Search groups with filter: (&(objectCategory=group)(ghost=pam_usertype_non_existent:@mydomain.com)) (2025-06-11 9:43:43): [be[mydomain.com]] [sysdb_cache_search_groups] (0x2000): [RID#18] No such entry (2025-06-11 9:43:43): [be[mydomain.com]] [sysdb_delete_user] (0x0400): [RID#18] Error: 2 (No such file or directory) (2025-06-11 9:43:43): [be[mydomain.com]] [sysdb_search_by_name] (0x0400): [RID#18] No such entry (2025-06-11 9:43:43): [be[mydomain.com]] [get_object_from_cache] (0x0200): [RID#18] Object wasn't found in cache (2025-06-11 9:43:43): [be[mydomain.com]] [ipa_id_get_account_info_orig_done] (0x0080): [RID#18] Object not found, ending request I'm not sure what is actually missing here. The user's GID corresponds to a group I created in IPA, no private group was created, and is a member of ipausers. Any ideas what else I'm missing? -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
