Thank for quick answer! If I disable HBAC rule, I can still login to Centos 5 client using IPA user, but not using AD user. Is there a workaround? I need "allow_all" disabled because of newer IPA clients.
On Mon, Apr 20, 2015 at 4:30 PM Alexander Bokovoy <aboko...@redhat.com> wrote: > On Mon, 20 Apr 2015, Srdjan Dutina wrote: > >Hi, > > > >Testing FreeIPA 4.1.0 (Centos 7 (1503)) with AD 2012 R2 trust. > > > >For Centos 5.11 Client (SSSD 1.5.1), will HBAC and SUDO rules function? If > >yes, does this apply AD users also? > SSSD 1.5.1 does not have SUDO support. > > HBAC support in 1.5.1 will mot likely not work with compat tree that is > required for legacy clients to support AD users. I don't think this > was even tested. > > -- > / Alexander Bokovoy >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project