On 29.04.2016 13:27, Ben .T.George wrote:
HI Thanks for your reply. can i do this external group mapping from web UI?
You can create External Group using webUI (user groups/ add group/ choose external radio button)
More doc about HBAC: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/configuring-host-access.html
Martin
On Fri, Apr 29, 2016 at 10:50 AM, Jakub Hrozek <jhro...@redhat.com <mailto:jhro...@redhat.com>> wrote:On Fri, Apr 29, 2016 at 12:03:42AM +0300, Ben .T.George wrote: > Hi List, > > i have a working setup of IPA with AD integrated and one client joined. > > i want to implement HBAC rules against this client. can anyone please share > me good articles of implementing HBAC from web UI. I'm not sure about the web UI, but as a general rule you'll want to add an external group (created with --external) as a member of a POSIX group and reference the POSIX group in the HBAC rule. The AD members should be added as members of the external group. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
