On Mon, 2025-10-13 at 10:54 +0200, Florence Blanc-Renaud wrote:
> Hi,
Hi.
> I really have no idea if the wheel group will cause any issue as it
> is
> defined in IPA and probably also locally.
Indeed. Apologies for the confusion. I have already dealt with the
wheel group. I removed the one defined in IPA with the really low GID.
So I think that issue is resolved.
What I have left is a low UID (112) system account that I do need to be
in IPA as it needs to have a Kerberos credential. I figured the
simplest thing to do was to give 112 it's own ID range since it's the
only low UID I have a need for. Thus I (incorrectly it seems) created:
Range name: asterisk_system_user
First Posix ID of the range: 112
Number of IDs in the range: 1
Range type: local domain range
But as you can see it has no RID ranges and I was getting an error
about RID overlap or somesuch. So I tried to add them but was told I
could not modify that range name. So I tried to delete it to recreate
it but was told I could not delete it:
# ipa idrange-del asterisk_system_user
ipa: ERROR: invalid 'ipabaseid,ipaidrangesize': range modification leaving
objects with ID out of the defined range is not allowed
You subsequently suggested that the existing range might be fixable,
which is also a reasonable solution. So that's where we are now. The
total of all ranges is currently:
> the
> idrange needs to have primary and secondary rid bases.
Right. I think I tried to add those but was given an error about not
being able to modify that range.
> The following RIDs are already taken: [1,000-201,000] [301,000-
> 340,000],
> [100,000,000-100,200,000] and [100,300,000-100,339,000]. Pick any
> value
> outside of those ranges and it won't complain about overlaps.
Right. So what is the command that will allow me to add new RIDs to
that range?
> Sorry I'm not able to provide a definite answer, but it's hard to
> know if
> removing your wheel group from IPA would break anything. Maybe you
> have
> applications that rely on it, maybe it was added un-intentionally.
> Without
> clear understanding I can't really advise.
So yeah. It's not really about the wheel group at this point. It's
just about being able to add the RIDs to that range that does not have
them. Not sure how to go about doing that.
Cheers,
b.
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
