On Wed, 27 Jan 2016, Birnbaum, Warren (ETW) wrote:
I started this post with a simple question: ³is it possible to have HBAC
work with AD authenticated users². I was not able from the tips provided
to get any further with this.
Have you tried to read actual documentation? From your attempts it looks
like you never read
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Windows_Integration_Guide/index.html#idp1105760
What I have not been able to have addressed is, if there are no HBAC
rules, there should be no access, or if there is no Allow_Access rule, no
one should be able to login to any system. Currently with this said
configuration, everyone has access to every system. My pam stack is
exactly as recommended. Is there someone who has FreeIPA with active
directory authenticated users and HBAC working? I don¹t have trust
defined with AD but authentication is working fine.
Please use official documentation:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Windows_Integration_Guide/index.html#trust-groups
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
