Thanks Jakub!!
*Hanoz Elavia |* IT Manager *O:* 604-734-2866 *|* *www.atomiccartoons.com <http://www.atomiccartoons.com>* 112 West 6th Ave, Vancouver, BC, Canada, V5Y1K6 On Mon, Feb 27, 2017 at 7:26 AM, Jakub Hrozek <jhro...@redhat.com> wrote: > On Sun, Feb 26, 2017 at 12:12:23PM -0800, Hanoz Elavia wrote: > > Hey guys, > > > > Is it possible to disable ID mapping for AD users in a FreeIPA AD trust > > setup? > > > > The version report is as follows: > > > > AD: Windows 2008 R2 > > FreeIPA Server: 4.4.0-14 > > FreeIPA Client: 4.4.0-14 > > SSSD: 1.14.0-43 > > Linux version: CentOS 7.3 x64_86 > > > > I've tried setting ldap_id_mapping = False in sssd.conf in the IPA domain > > sectionwith no success. > > > > Regards, > > > > Hanoz > > In IPA-AD trust environment the mapping is managed on the server. So > you'd need to remove the algorithmical range and add a POSIX range > instead (see ipa help idrange-add, --type=['ipa-ad-trust-posix', > 'ipa-ad-trust', 'ipa-local']) > > Note that clients cannot modify the range type at the moment, so you > also need to remove the cache from all clients in the domain. > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
