Hi Alex, yea my mistake.
i was following u this http://www.freeipa.org/page/Active_Directory_trust_setup#Allow_access_for_users_from_AD_domain_to_protected_resources On Fri, Apr 29, 2016 at 6:03 PM, Alexander Bokovoy <aboko...@redhat.com> wrote: > On Fri, 29 Apr 2016, Ben .T.George wrote: > >> Hi List, >> >> I have working setup of one AD, one IPA server and one client server. by >> default i can login to client server by using AD username. >> >> i want to apply HBAC rules against this client server. For that i have >> done >> below steps. >> >> 1. created External group in IPA erver >> 2. created local POSIX group n IPA server >> 3. Added AD group to external group >> 4. added POSIX group to external group. >> > You should have added external group to POSIX group, not the other way > around. > > -- > / Alexander Bokovoy >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project