We're seeing some strange gid assignment behavior. When I run ipa group-add
on one ipa client I get gids in the expected range for my domain (8000-10000).
But when it is run on one of our IPA servers we get numbers like 108500 or 58500.
ipa idrange-find reports what I would expect everywhere:
# ipa idrange-find
----------------
3 ranges matched
----------------
Range name: AD.NWRA.COM_id_range
First Posix ID of the range: 20000
Number of IDs in the range: 20000
First RID of the corresponding RID range: 0
Domain SID of the trusted domain: S-1-5-21-XXXX
Range type: Active Directory domain range
Range name: legacy
First Posix ID of the range: 1000
Number of IDs in the range: 100
First RID of the corresponding RID range: 10000
First RID of the secondary RID range: 100010000
Range type: local domain range
Range name: NWRA.COM_id_range
First Posix ID of the range: 8000
Number of IDs in the range: 2000
First RID of the corresponding RID range: 1000
First RID of the secondary RID range: 100000000
Range type: local domain range
----------------------------
Number of entries returned 3
----------------------------
ipa-client-4.6.4-10.el7.centos.3.x86_64
No idea what else to look at.
--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion(a)nwra.com
Boulder, CO 80301
https://www.nwra.com/