Rob Verduijn via FreeIPA-users wrote:
> Hello,
>
> Is there any additional configuration required to use the subordinate
> id's on a fedora client
> after assigning a subuid/subgid range to an account in the freeipa server ?
>
> now after trying to create a new rootless container image as an ordinary
> user it complains there potentially not enough uids or gids available in
> user namespace.
> and to check /etc/subuid and /etc/subgid.

You need to configure sss to handle subid in /etc/nsswitch.conf.

This is being automated upstream, see https://pagure.io/freeipa/issue/9159

rob