FreeIPA not accepting SubID Range

RenegadeSithLord · February 13, 2026, 4:39pm

So I’ve had to create a second custom Subordinate ID range. It’s created, but it still won’t let my users kinit to their account. Subordinate IDs are fully created, but I see this error:

[13/Feb/2026:09:03:33.171178086 -0500] - ERR - find_sid_for_ldap_entry - [file ipa_sidgen_common.c, line 533]: Cannot convert Posix ID [1326] into an unused SID on entry

UIDs in the range of 1000-5999 are all affected, and they are in the newly created range. The other range, which starts at UID 6000 seems to work without a problem.

This is for all users in that newly created range. Not sure how to fix this, save for destroying and recreating the account over again, but I don’t know if that’s the fix. Any clues on how to clean this up?

label · February 14, 2026, 4:05pm

Removing the account and recreating it (in the same range) is not going to solve this. What are the other messages before and after this? In majority of cases, there are supposed to be find_sid_for_id messages, sidgen_task_thread messages, rid_to_sid_with_check.

RenegadeSithLord · February 17, 2026, 10:45am

Oddly, it seems my fix was “a little patience”. Whatever was not letting the SubID part to work just needed some time to propagate? Anyway, it seems to have worked just fine when I came into the office this morning. So I’m going to sip my coffee and contemplate the mysteries of the universe for a while.

Topic		Replies	Views
Rocky 8.9 Idm Server Problem Rocky Linux Help & Support	4	1196	March 26, 2024
IPA Replica Error - RuntimeError: RID bases too close Rocky Linux Help & Support	4	516	August 25, 2023
FreeIPA Web UI login fails after upgrade to rocky 8 Rocky Linux Help & Support rocky-linux-8	2	417	August 3, 2025
IPA Replica installation error Rocky Linux Help & Support	1	563	August 25, 2023
FreeIPA and MacOS Sanoma Rocky Linux Help & Support rocky-linux-9	22	2476	August 31, 2024

FreeIPA not accepting SubID Range

Related topics