Many moons ago I migrated my home FreeIPA server from CentOS 6 to CentOS 7 via replication. I've just tried to create a new user for the first time since, and I hit:
Operations error: Allocation of a new value for range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed.
I've found a few old mailing list messages that explain the reason that this happened, so I know that I need to create a "dnarange", but I haven't found anything that shows me exactly how to do that, or what the range should be. (Since I only have a single server, I would think that the default would be fine.)
Any pointers would be appreciated.
Thanks!
On 1/28/19 11:02 AM, Ian Pilcher wrote:
Many moons ago I migrated my home FreeIPA server from CentOS 6 to CentOS 7 via replication. I've just tried to create a new user for the first time since, and I hit:
Operations error: Allocation of a new value for range cn=posix ids,cn=distributed numeric assignment plugin,cn=plugins,cn=config failed! Unable to proceed.
I've found a few old mailing list messages that explain the reason that this happened, so I know that I need to create a "dnarange", but I haven't found anything that shows me exactly how to do that, or what the range should be. (Since I only have a single server, I would think that the default would be fine.)
This turned out to be straightforward, once I found this blog post:
https://rcritten.wordpress.com/2015/01/05/freeipa-and-no-dna-range/
For posterity (for a single server setup):
[root@XXX conf.d]# ipa-replica-manage dnarange-show XXX.YYY.ZZZ: No range set
[root@XXX conf.d]# ipa idrange-find --------------- 1 range matched --------------- Range name: YYY.ZZZ_id_range First Posix ID of the range: 1785200000 Number of IDs in the range: 200000 Range type: local domain range ---------------------------- Number of entries returned 1 ----------------------------
[root@XXX conf.d]# ipa-replica-manage dnarange-set XXX.YYY.ZZZ \ 1785200000-$((1785200000+200000-1))
[root@XXX conf.d]# ipa-replica-manage dnarange-show XXX.YYY.ZZZ: 1785200000-1785399999
And I can now create a user.
freeipa-users@lists.fedorahosted.org