On Wed, Mar 09, 2016 at 01:31:00PM +0000, Darren Poulson wrote: > Hi, > > I’d tried that, but get this: > > [root@freeipa1-01 ~]# ipa idrange-mod <domain>_id_range --rid-base=1000 > ipa: ERROR: This command can not be used to change ID allocation for local > IPA domain. Run `ipa help idrange` for more information
'ipa idrange-find' should show a second idrange with 'Range type: local domain range'. Can you try if you can add the RID bases there? bye, Sumit > > > Thanks, > > Darren. > > > On 3/9/16, 9:45 AM, "freeipa-users-boun...@redhat.com on behalf of Sumit > Bose" <freeipa-users-boun...@redhat.com on behalf of sb...@redhat.com> > wrote: > > >On Wed, Mar 09, 2016 at 01:29:14AM +0000, Darren Poulson wrote: > >> Hi, > >> > >> We¹re currently trying to set up an AD domain (great fun for a bunch of > >> linux adminsŠ not) so that we can get authentication working with > >>various > >> bits of hardware that only support AD. We want this domain to trust our > >> existing FreeIPA setup. > >> > >> When trying to ipa-adtrust-install I¹m getting: > >> > >> [10/22]: adding RID bases > >> ipa : CRITICAL Found more than one local domain ID range with > >>no RID > >> base set. > >> > >> >From reading up, I need to have the id ranges configured with primary > >>and > >> secondary RIDs. Is there any way to do this, or do I have to delete and > > > >You can use 'ipa idrange-mod ...' to add the RID bases to existing > >ranges. > > > >HTH > > > >bye, > >Sumit > > > >> recreate the ranges? And if I do that, what are the implications? > >> > >> IPA 4.2.0 (CentOS 7) > >> AD 2012R2 > >> > >> Cheers, > >> > >> Darren. > >> > >> > >> > > > > > > > >> -- > >> Manage your subscription for the Freeipa-users mailing list: > >> https://www.redhat.com/mailman/listinfo/freeipa-users > >> Go to http://freeipa.org for more info on the project > > > >-- > >Manage your subscription for the Freeipa-users mailing list: > >https://www.redhat.com/mailman/listinfo/freeipa-users > >Go to http://freeipa.org for more info on the project > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project