Piotr Miedzik via FreeIPA-users wrote: > Hi > > I have problem with some users after updating freeipa server. > As of freeipa 4.10 I'm not able to login if user was created with uid > specified (ipa user-add testx --uid=1001 --first=p --last=m --password) > It also doesn't work for accounts created with previous freeipa versions. > > steps to reproduce: > > 1) install > podman run --rm -p 10.58.0.45:53:53/udp -p 10.58.0.45:53:53 -p 80:80 -p > 443:443 -p 389:389 -p 636:636 -p 88:88 -p 464:464 -p 88:88/udp -p > 464:464/udp -p 123:123/udp --name ipa01 -ti -h ipa01.dev.example.com > -v /srv/ipa01-data/:/data:Z -e > freeipa/freeipa-server:fedora-36-4.9.11 > > 2) create account testx with uid > ipa user-add testx --uid=1001 --first=p --last=m --password > 3) create account testy without uid > ipa user-add testy --first=p --last=m --password > > 4) upgrade to newest version > podman run --rm -p 10.58.0.45:53:53/udp -p 10.58.0.45:53:53 -p 80:80 -p > 443:443 -p 389:389 -p 636:636 -p 88:88 -p 464:464 -p 88:88/udp -p > 464:464/udp -p 123:123/udp --name ipa01 -ti -h ipa01.dev.example.com > -v /srv/ipa01-data/:/data:Z -e > freeipa/freeipa-server:fedora-38-4.10.3 > > user testx cannot login, user testy is able to login
IPA requires users to have SIDs which means their UID must exist in a configured idrange. There are a dozen threads in the archives related to identifying and repairing these. rob -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue