OK. I have done this and am using the pam stack that is the result of what you here describe.
A few threads back you mentioned that this could be a reason why my hbac are not restricting access. I have no hbac rules currently and any active directory user can access any host. Is there something else I could look at to see why this is happening? Thanks. ___________________ Warren Birnbaum : Infrastructure Services Web Automation Engineer Europe CDT Techn. Operations Nike Inc. : Mobile +31 6 23902697 On 1/25/16, 2:11 PM, "Alexander Bokovoy" <aboko...@redhat.com> wrote: >On Mon, 25 Jan 2016, Birnbaum, Warren (ETW) wrote: >>Thanks Alexander. Is there a place where there are example pam stacks >>that work with active directory and hbac? >Defaults in RHEL/Fedora should be enough: > - install RHEL/Fedora, > - apply ipa-client-install, > >then you get proper setup. That's what is tested and supported. > >ipa-client-install would run authconfig utility with correct parameters >to set PAM stack properly. > >-- >/ Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
