Re: [Freeipa-users] ID Mapping

2017-02-27 Thread Hanoz Elavia 
Thanks Jakub!!


*Hanoz Elavia |*  IT Manager
*O:* 604-734-2866 *|*  *www.atomiccartoons.com
*
112 West 6th Ave, Vancouver, BC, Canada, V5Y1K6

On Mon, Feb 27, 2017 at 7:26 AM, Jakub Hrozek  wrote:

> On Sun, Feb 26, 2017 at 12:12:23PM -0800, Hanoz Elavia wrote:
> > Hey guys,
> >
> > Is it possible to disable ID mapping for AD users in a FreeIPA AD trust
> > setup?
> >
> > The version report is as follows:
> >
> > AD: Windows 2008 R2
> > FreeIPA Server: 4.4.0-14
> > FreeIPA Client: 4.4.0-14
> > SSSD: 1.14.0-43
> > Linux version: CentOS 7.3 x64_86
> >
> > I've tried setting ldap_id_mapping = False in sssd.conf in the IPA domain
> > sectionwith no success.
> >
> > Regards,
> >
> > Hanoz
>
> In IPA-AD trust environment the mapping is managed on the server. So
> you'd need to remove the algorithmical range and add a POSIX range
> instead (see  ipa help idrange-add, --type=['ipa-ad-trust-posix',
> 'ipa-ad-trust', 'ipa-local'])
>
> Note that clients cannot modify the range type at the moment, so you
> also need to remove the cache from all clients in the domain.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] ID Mapping

2017-02-26 Thread Jakub Hrozek 
On Sun, Feb 26, 2017 at 12:12:23PM -0800, Hanoz Elavia wrote:
> Hey guys,
> 
> Is it possible to disable ID mapping for AD users in a FreeIPA AD trust
> setup?
> 
> The version report is as follows:
> 
> AD: Windows 2008 R2
> FreeIPA Server: 4.4.0-14
> FreeIPA Client: 4.4.0-14
> SSSD: 1.14.0-43
> Linux version: CentOS 7.3 x64_86
> 
> I've tried setting ldap_id_mapping = False in sssd.conf in the IPA domain
> sectionwith no success.
> 
> Regards,
> 
> Hanoz

In IPA-AD trust environment the mapping is managed on the server. So
you'd need to remove the algorithmical range and add a POSIX range
instead (see  ipa help idrange-add, --type=['ipa-ad-trust-posix',
'ipa-ad-trust', 'ipa-local'])

Note that clients cannot modify the range type at the moment, so you
also need to remove the cache from all clients in the domain.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] ID Mapping

2017-02-26 Thread Hanoz Elavia 
Hey guys,

Is it possible to disable ID mapping for AD users in a FreeIPA AD trust
setup?

The version report is as follows:

AD: Windows 2008 R2
FreeIPA Server: 4.4.0-14
FreeIPA Client: 4.4.0-14
SSSD: 1.14.0-43
Linux version: CentOS 7.3 x64_86

I've tried setting ldap_id_mapping = False in sssd.conf in the IPA domain
sectionwith no success.

Regards,

Hanoz
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project