18. May 2026 • 3 min. read

Using Podman with an Active Directory User on Fedora

linuxpodman

Hello everyone,

today we have a short but hopefully useful post.

I am using a Lenovo L15 with Fedora GNOME 44 currently at work. The system is a part of the local Active Directory which means, I have a domain user which I use to log into my laptop.

Very straight forward so far. Why am I mentioning it? Well, I am trying to use podman for several different containers, since I don’t want to install potentially useless applications on my system. Using podman, would allow me to sandbox the application and test it at the same time. Keeping my system clean and somewhat safe.

The issue is, that the AD user is not included in the ‘/etc/subuid’ and ‘/etc/subgid’ files, which define (if I understand it correctly) subordinate UID/GID ranges used for user namespace mapping in rootless containers.

Which means, I cannot use podman with my current work user. I get the following error message when executing a ‘podman pull’ or ‘podman build’ command.

ERRO[0000] cannot find UID/GID for user username@domain.local: no subuid ranges found for user "username@domain.local" in /etc/subuid - check rootless mode in man pages.
WARN[0000] Using rootless single mapping into the namespace. This might break some images. Check /etc/subuid and /etc/subgid for adding sub*ids if not using a network user

Alright. Let’s solve this issue.

Getting User ID

First things first. We need the AD user ID. This is simple enough, just execute the following to get the ID. I did try to use the username for the ID mapping, but it did not work.

$ id -u
304430964

You could also use the following command, to figure out what ID podman is seeing as a user ID.

Look for the path. That should give you the ID. 304430964 in my case.

$ podman system info | grep user
    userPercent: 6.3
      rundir: /run/user/304430964/crun
    path: /run/user/304430964/podman/podman.sock
  configFile: /home/user/.config/containers/storage.conf
  graphRoot: /home/user/.local/share/containers/storage
  runRoot: /run/user/304430964/containers
  volumePath: /home/user/.local/share/containers/storage/volumes

Add user ID to subuid and subgid

Alright. Now that we have the ID, we can insert it into the ‘/etc/subuid’ and ‘/etc/subgid’ files. Add the following to the files, replace the ID with the one you have on your system.

$ sudo vim /etc/subuid
...
<your-user-id>:100000:65536
...

Same for the subgid.

$ sudo vim /etc/subgid
...
<your-user-id>:100000:65536
...

If you check the file and have a user with an ID mapping that would overlap with 100000:65536, use a higher number (something over 165536).

Migrate podman

Once thats done, execute the podman system migration. This updates the containers to use the new user namespace mapping.

$ podman system migrate

That’s it. Now you should be able to execute podman commands with your AD user.

Till next time.

#podman#linux

Comments

Search