thanx
authselect enable-feature with-subid
did the trick
Rob
Rob Verduijn via FreeIPA-users wrote:
> Hello,
>
> Is there any additional configuration required to use the subordinate
> id's on a fedora client
> after assigning a subuid/subgid range to an account in the freeipa server ?
>
> now after trying to create a new rootless container image as an ordinary
> user it complains there potentially not enough uids or gids available in
> user namespace.
> and to check /etc/subuid and /etc/subgid.
You need to configure sss to handle subid in /etc/nsswitch.conf.
This is being automated upstream, see https://pagure.io/freeipa/issue/9159
rob