On Thu, Mar 4, 2021, at 09:17, Lachlan Simpson via FreeIPA-users wrote:
The IPA domain has Primary RID base of 1000 but the Base ID is
709600000?
I presumed the AD provided POSIX GID would come across per a regular Linux system gid and
that would be fine within IPA. IIRC until I edited the range of the trust it was working
after I had created the User Group in IPA with the GID 5000.
Sorry, to be clearer. When I first created the trust, I couldn't get id or getent to
work. I discovered that was because the IPA didn't know about the POSIX GID coming
from AD. So I created a group in IPA called company_name with GID 5000 - the same as was
coming from AD.
id and getent started working for users in that trust.
When I increased the idrange for the second trust, that's when smb started giving
errors instead of starting.
cheers
L.