LXC/LXD/Proxmox container, custom uid/gid mappings for FreeIPA users

How to allow lxc containers to connect to users created in FreeIPA server Add these to the lxc files for the containers u want to allow connecting to the freeipa server

lxc.idmap = u 1000000 1000000 200000
lxc.idmap = g 1000000 1000000 200000
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536

Make sure to add these in /etc/{subuid,subgid}

# FreeIPA ids
root:1000000:2000000
# FreeIPA ids

And make sure to install the ipa server with the options: ipa-server-install --setup-dns --no-ntp --mkhomedir --idstart=1000000 --idmax=1999999

Resources:

• https://kiwix.ounapuu.ee/serverfault.com_en_all_2019-02/A/question/848620.html
• https://kiwix.ounapuu.ee/serverfault.com_en_all_2019-02/A/question/777095.html
• https://forum.proxmox.com/threads/can-i-ask-an-uid-range-not-to-be-mapped-in-an-unprivileged-container.49544/
• https://forum.proxmox.com/threads/problems-using-a-mount-point-and-lxc-idmap.77370/
• https://superuser.com/questions/1518783/how-do-i-take-advantage-of-freeipa-centralized-authentication-in-an-lxc-containe
• https://ubuntu.com/blog/nested-containers-in-lxd