On 17/10/2016 14:56, freeipa-users-requ...@redhat.com wrote:
But now I have to create for this user a ACI to read the uid,
passwd,mail,mailAlternateAddress...
mailAlternateAddress is in "objectClass mailrecipient"
I mean I must have a ACI like
access to attribute= ............
Have any a hint or link to understand this Problem?
I found this guide very helpful, specifically for allowing access to a
NT password hash attribute for doing wireless authentication.
http://firstyear.id.au/blog/html/2015/07/06/FreeIPA:_Giving_permissions_to_service_accounts..html
They are doing it the correct way here: by creating a service principal
for the RADIUS server, which it uses to get a kerberos ticket and
authenticate itself to the directory. But you could also use similar
steps to apply those permissions to a regular user.
And the related guide if you're interested:
http://firstyear.id.au/blog/html/2016/01/13/FreeRADIUS:_Using_mschapv2_with_freeipa.html
Regards,
Brian.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project