> On 1 Jun 2018, at 22:10, David Potterveld <jongle.a....@gmail.com> wrote: > > I'm not sure that we do need it…
Then removing the local domain is also a valid workaround for this issue. > I think it was put in the config as a placeholder for old accounts on legacy > systems when deciding on how UID ranges should be mapped when we ultimately > migrate to a FreeIPA domain that trusts our AD forest. We're having some > issues getting permission from the AD managers to set up the required trust, > but that's another story. Until that's ironed out, we are joining systems to > the domain with "realm" using the SID<->UID mapping that FreeIPA will use. > > I've found a workaround for the bug for us. If I just comment out the > "max_id" line in domain/local, then everything goes back to normal. With only > a small number of IDs in local, and anything imported from legacy systems > well below the start of the SID mapping, I don't think we need to try and > enforce the upper limit. > > Thanks, > David > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/OITRMKTZYHHMUSO3O547HNKCM2GBXWAL/ _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted.org/message/AE3VBXJM6JRF5R634WKVZMG5XTESTHMP/