On 1 Jun 2018, at 22:10, David Potterveld
<jongle.a.moi(a)gmail.com> wrote:
I'm not sure that we do need it…
Then removing the local domain is also a valid workaround for this issue.
I think it was put in the config as a placeholder for old accounts on
legacy systems when deciding on how UID ranges should be mapped when we ultimately migrate
to a FreeIPA domain that trusts our AD forest. We're having some issues getting
permission from the AD managers to set up the required trust, but that's another
story. Until that's ironed out, we are joining systems to the domain with
"realm" using the SID<->UID mapping that FreeIPA will use.
I've found a workaround for the bug for us. If I just comment out the
"max_id" line in domain/local, then everything goes back to normal. With only a
small number of IDs in local, and anything imported from legacy systems well below the
start of the SID mapping, I don't think we need to try and enforce the upper limit.
Thanks,
David
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahost...