On 29.04.2016 13:27, Ben .T.George wrote:
HI
Thanks for your reply.
can i do this external group mapping from web UI?
You can create External Group using webUI (user groups/ add group/
choose external radio button)
More doc about HBAC:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/configuring-host-access.html
Martin
On Fri, Apr 29, 2016 at 10:50 AM, Jakub Hrozek <jhro...@redhat.com
<mailto:jhro...@redhat.com>> wrote:
On Fri, Apr 29, 2016 at 12:03:42AM +0300, Ben .T.George wrote:
> Hi List,
>
> i have a working setup of IPA with AD integrated and one client
joined.
>
> i want to implement HBAC rules against this client. can anyone
please share
> me good articles of implementing HBAC from web UI.
I'm not sure about the web UI, but as a general rule you'll want
to add
an external group (created with --external) as a member of a POSIX
group
and reference the POSIX group in the HBAC rule. The AD members
should be
added as members of the external group.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project