Hi Jakub Thanks for your response. It's an option, but my backups servers I will not add to the FreeIPA server.
Then, I cannot use the option HBAC, because I want my backup server can connect with root to some client server of my FreeIPA Server. If I'm doing something wrong, please let me know Thanks, Regards Jose Alvarez R. -----Original Message----- From: freeipa-users-boun...@redhat.com [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Jakub Hrozek Sent: martes 13 de septiembre de 2016 02:22 a.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] About AllowGroups with sshd On Mon, Sep 12, 2016 at 10:00:57AM -0600, Jose Alvarez R. wrote: > Hello > > > > I have an question > > > > I have an FreeIPA 3.0 server(CentOS 6) with some clients servers(CentOS 6). > I wants enable root a two servers this servers, because they are > backup servers. > > > > I add theses lines in /etc/ssh/sshd_config of a client server. > > > > AllowUsers root@192.168.20.2 > > AllowUsers root@192.168.20.90 > > PermitRootLogin yes > > > > This working, but when try login with my user IPA, I can't login. > > > > I add the line "AllowGroups" with my group of users_IPA > > > > AllowGroups <group_user> > > > > But not working, Can you help me ? > > > > Thanks, Regards > > > > Jose Alvarez. I know I'm not answering your question directly, but isn't it better to use HBAC with IPA and centralize the access control rather than edit config files on the clients? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project