On Thu, May 18, 2023 at 1:03 PM alexey safonov via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > > After upgrading to RHEL 9.2 it seems I must enable SID in my prod setup. > > So when I tried I'm getting an error message > > [18/May/2023:23:09:46.570447195 +0800] - ERR - get_ranges - [file > ipa_sidgen_common.c, line 276]: Failed to convert LDAP entry to range > struct. > [18/May/2023:23:09:46.571579606 +0800] - ERR - sidgen_task_add - [file > ipa_sidgen_task.c, line 283]: Cannot find ranges. > > > After investigating/search forum it seems like an error with my ID > range. But I can't get why. I have no overlaps > > ---------------- > 4 ranges matched > ---------------- > dn: cn=INT.LHFT.IO_id_range,cn=ranges,cn=etc,dc=int,dc=lhft,dc=io > cn: INT.LHFT.IO_id_range > ipabaseid: 1368600000 > ipaidrangesize: 200000 > ipabaserid: 100000 > iparangetype: ipa-local > objectclass: top > objectclass: ipaIDrange > objectclass: ipaDomainIDRange > > dn: cn=INT.LHFT.IO_subid_range,cn=ranges,cn=etc,dc=int,dc=lhft,dc=io > cn: INT.LHFT.IO_subid_range > ipabaseid: 2147483648 > ipaidrangesize: 2147352576 > ipabaserid: 2147283648 > ipanttrusteddomainsid: S-1-5-21-738065-838566-328754306 > iparangetype: ipa-ad-trust > objectclass: top > objectclass: ipaIDrange > objectclass: ipaTrustedADDomainRange > > dn: cn=LHFT_1,cn=ranges,cn=etc,dc=int,dc=lhft,dc=io > cn: LHFT_1 > ipabaseid: 10000 > ipaidrangesize: 10000 > ipabaserid: 10000 > iparangetype: ipa-local > objectclass: ipaIDrange > objectclass: ipadomainidrange > > dn: cn=LHFT_2,cn=ranges,cn=etc,dc=int,dc=lhft,dc=io > cn: LHFT_2 > ipabaseid: 4000 > ipaidrangesize: 5000 > ipabaserid: 1000 > iparangetype: ipa-local > objectclass: ipaIDrange > objectclass: ipadomainidrange > ---------------------------- > Number of entries returned 4 > ---------------------------- > [root@lt-hk1-avm01 asafonov]# > > Any ideas why I can't enable/generate SIDs?
Hello, I'd start looking at /var/log/ipaserver-enable-sid.log. You need to have RID set for the idranges to add SIDs. Please, take a look at this thread that might help: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org/thread/5BUG3EVCRQKNF6BC74LA2CL3H2I2EV3P/ HTH, Rafael > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue -- Rafael Guterres Jeffman Senior Software Engineer FreeIPA - Red Hat
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue