<div dir="ltr">Thanks Jakub!!<br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><span><b><span style="font-size:9.5pt;font-family:"times new roman","serif""><span style="color:rgb(255,0,0)"><img src="https://docs.google.com/a/atomiccartoons.com/uc?id=0BzG4iWi2gPgKc2FvTEJfQVN5VTQ&export=download" height="27" width="200"><br><span style="font-family:arial,helvetica,sans-serif"><font size="2">Hanoz Elavia</font></span></span><span style="font-family:arial,helvetica,sans-serif"><font size="2"><span style="color:rgb(95,95,95)"> </span><span style="color:rgb(64,64,64)">|</span></font></span></span></b><span style="font-family:arial,helvetica,sans-serif"><font size="2"><span style="color:rgb(64,64,64)"> IT Manager <br></span><b><span style="color:rgb(64,64,64)">O:</span></b><span style="color:rgb(64,64,64)"> <a href="tel:604-734-2866" value="+16047342866" target="_blank">604-734-2866</a> </span><span style="color:black"><b>|</b> </span><span style="color:black"><u><span><span style="color:black"></span><a href="http://www.atomiccartoons.com" target="_blank">www.atomiccartoons.com</a></span></u><br>112 West 6<sup>th</sup> Ave, Vancouver, BC, Canada, V5Y1K6</span></font></span></span></div></div></div></div></div></div></div></div></div></div></div></div></div> <br><div class="gmail_quote">On Mon, Feb 27, 2017 at 7:26 AM, Jakub Hrozek <span dir="ltr"><<a href="mailto:jhrozek@redhat.com" target="_blank">jhrozek@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On Sun, Feb 26, 2017 at 12:12:23PM -0800, Hanoz Elavia wrote:<br> > Hey guys,<br> ><br> > Is it possible to disable ID mapping for AD users in a FreeIPA AD trust<br> > setup?<br> ><br> > The version report is as follows:<br> ><br> > AD: Windows 2008 R2<br> > FreeIPA Server: 4.4.0-14<br> > FreeIPA Client: 4.4.0-14<br> > SSSD: 1.14.0-43<br> > Linux version: CentOS 7.3 x64_86<br> ><br> > I've tried setting ldap_id_mapping = False in sssd.conf in the IPA domain<br> > sectionwith no success.<br> ><br> > Regards,<br> ><br> > Hanoz<br> <br> </div></div>In IPA-AD trust environment the mapping is managed on the server. So<br> you'd need to remove the algorithmical range and add a POSIX range<br> instead (see ipa help idrange-add, --type=['ipa-ad-trust-posix',<br> 'ipa-ad-trust', 'ipa-local'])<br> <br> Note that clients cannot modify the range type at the moment, so you<br> also need to remove the cache from all clients in the domain.<br> <span class="HOEnZb"><font color="#888888"><br> --<br> Manage your subscription for the Freeipa-users mailing list:<br> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" rel="noreferrer" target="_blank">https://www.redhat.com/<wbr>mailman/listinfo/freeipa-users</a><br> Go to <a href="http://freeipa.org" rel="noreferrer" target="_blank">http://freeipa.org</a> for more info on the project<br> </font></span></blockquote></div><br></div>