Re: [Freeipa-users] ID Mapping

2017-02-27 Thread Hanoz Elavia
Thanks Jakub!! *Hanoz Elavia |* IT Manager *O:* 604-734-2866 *|* *www.atomiccartoons.com <http://www.atomiccartoons.com>* 112 West 6th Ave, Vancouver, BC, Canada, V5Y1K6 On Mon, Feb 27, 2017 at 7:26 AM, Jakub Hrozek <jhro...@redhat.com> wrote: > On Sun, Feb 26, 2017 at 1

[Freeipa-users] ID Mapping

2017-02-26 Thread Hanoz Elavia
Hey guys, Is it possible to disable ID mapping for AD users in a FreeIPA AD trust setup? The version report is as follows: AD: Windows 2008 R2 FreeIPA Server: 4.4.0-14 FreeIPA Client: 4.4.0-14 SSSD: 1.14.0-43 Linux version: CentOS 7.3 x64_86 I've tried setting ldap_id_mapping = False in

Re: [Freeipa-users] Default domain for AD groups

2017-02-24 Thread Hanoz Elavia
Thanks Alexander!! On Fri, Feb 24, 2017 at 6:04 AM, Alexander Bokovoy <aboko...@redhat.com> wrote: > On to, 23 helmi 2017, Hanoz Elavia wrote: > >> Hello, >> >> My FreeIPA clients and server are setup to use the AD domain as the >> default. This is done using

[Freeipa-users] Default domain for AD groups

2017-02-23 Thread Hanoz Elavia
Hello, My FreeIPA clients and server are setup to use the AD domain as the default. This is done using the default_domain_suffix parameter in the sssd section of the sssd.conf file. This works fine for users when we use ldapsearch but not so much for groups. For e.g.: ldapsearch -x -W -s sub -H

Re: [Freeipa-users] ldapsearch for AD users

2017-02-23 Thread Hanoz Elavia
Thanks Alexander, I have rebuilt the server with compatibility and I can now query AD users. I'll just have to confirm with Dell / EMC whether the Isilon can now handle this. Regards, Hanoz On Wed, Feb 22, 2017 at 10:26 PM, Alexander Bokovoy wrote: > On ke, 22 helmi

Re: [Freeipa-users] ldapsearch for AD users

2017-02-22 Thread Hanoz Elavia
to the server. Sorry, I can't help you much there. Regards, Hanoz *Hanoz Elavia |* IT Manager *O:* 604-734-2866 *|* *www.atomiccartoons.com <http://www.atomiccartoons.com>* 112 West 6th Ave, Vancouver, BC, Canada, V5Y1K6 On Wed, Feb 22, 2017 at 2:19 PM, Jason B. Nance <ja...@tresgeek.n

Re: [Freeipa-users] ldapsearch for AD users

2017-02-22 Thread Hanoz Elavia
Hey Jason, Also, my bind DN is a native FreeIPA user and doesn't exist on the Active Directory. Regards, Hanoz *Hanoz Elavia |* IT Manager *O:* 604-734-2866 *|* *www.atomiccartoons.com <http://www.atomiccartoons.com>* 112 West 6th Ave, Vancouver, BC, Canada, V5Y1K6 On Wed, Feb 22

Re: [Freeipa-users] ldapsearch for AD users

2017-02-22 Thread Hanoz Elavia
takes care of that. Hope this helps. Regards, Hanoz *Hanoz Elavia |* IT Manager *O:* 604-734-2866 *|* *www.atomiccartoons.com <http://www.atomiccartoons.com>* 112 West 6th Ave, Vancouver, BC, Canada, V5Y1K6 On Wed, Feb 22, 2017 at 1:50 PM, Jason B. Nance <ja...@tresgeek.n

Re: [Freeipa-users] ldapsearch for AD users

2017-02-22 Thread Hanoz Elavia
as expected. Then once I rebooted the test server it stopped working. Any idea which service might be failing ? Regards, Hanoz On Wed, Feb 22, 2017 at 8:40 AM, Hanoz Elavia <h.ela...@atomiccartoons.com> wrote: > Hey Alex, > > Thanks, I ran ipa-compat-manage status and it shows

Re: [Freeipa-users] ldapsearch for AD users

2017-02-22 Thread Hanoz Elavia
Hey Alex, Thanks, I ran ipa-compat-manage status and it shows Plugin enabled. I'll have a look at the link and see if we can change the query to obtain the info required. Regards, Hanoz *Hanoz Elavia |* IT Manager *O:* 604-734-2866 *|* *www.atomiccartoons.com <http://www.atomiccartoons.

Re: [Freeipa-users] ldapsearch for AD users

2017-02-22 Thread Hanoz Elavia
Thanks Alex, Does it also means that I'll have to install the FreeIPA server with --enable-compat ? I didn't do that. Regards, Hanoz *Hanoz Elavia |* IT Manager *O:* 604-734-2866 *|* *www.atomiccartoons.com <http://www.atomiccartoons.com>* 112 West 6th Ave, Vancouver, BC, Canada,

Re: [Freeipa-users] ldapsearch for AD users

2017-02-22 Thread Hanoz Elavia
FreeIPA Client Version: 4.4.0.14 SSSD Version: 1.14.0-43 Thanks, Hanoz *Hanoz Elavia |* IT Manager *O:* 604-734-2866 *|* *www.atomiccartoons.com <http://www.atomiccartoons.com>* 112 West 6th Ave, Vancouver, BC, Canada, V5Y1K6 On Wed, Feb 22, 2017 at 7:05 AM, Hanoz Elavia

Re: [Freeipa-users] ldapsearch for AD users

2017-02-22 Thread Hanoz Elavia
Thanks guys, I think there might be a way to modify the LDAP query. I'm speaking to the EMC / Dell support personnel today to see what can be done. Regards, Hanoz *Hanoz Elavia |* IT Manager *O:* 604-734-2866 *|* *www.atomiccartoons.com <http://www.atomiccartoons.com>* 112 West 6

[Freeipa-users] ldapsearch for AD users

2017-02-21 Thread Hanoz Elavia
Hello, I've got the FreeIPA server with AD trust (Server 2008 R2) setup and running. I can login successfully on linux clients using AD credentials. I'm now trying to setup my Isilon storage appliance with mixed mode file sharing. The filer has joined the AD so it provides Windows users access