IPA using AD with two separate domains

Hey all,

Here is the situation I have been handed and I'm curious if it is even possible.

We have an IPA infrastructure using Active Directory via trust. All hosts are registering with IPA thru one Domain, xxx.company.class. All of the users are in the active Directory domain, yyy.company.class.

I have been able to get the users to login and strip off the domain information for a readable user, (i.e. instead of user1@yyy.company.class for both user and group, I get user1.) The problem comes when I am trying to access sudo rules via IPA-server. sssd recognizes user1 as a valid user but then attaches the host's domain, user.xxx.company.class. Since there are no users in IPA-server it can't find any information and therefore fails.

Is it possible to setup sssd.conf so the user information references the AD domain and the hosts information references the IPA domain?

Thanks,

DHM