On (15/02/16 11:45), Birnbaum, Warren (ETW) wrote: >Thanks Lukas. > >Unfortunately setting up a IPA Ad Trust is something not possible within >our organization. Is it then fair to say that waiting for Ticket #4623 is >our only option? https://fedorahosted.org/freeipa/ticket/4634 >
As I wrote in previous mail HBAC can work only with id_provider = ipa. and GPO works only with id_provider = ad. Your configuration is little bit non-standard id_provider = proxy (to files) and auth provider LDAP (AD). I can only recommend to look into pam_access.so. LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project