Re: [Freeipa-users] HBAC rules not applying to Solaris clients

2015-08-19 Thread sipazzo
-users Sent: Saturday, August 15, 2015 10:46 AM Subject: Re: [Freeipa-users] HBAC rules not applying to Solaris clients For Solaris we are using the pam_list module to control which LDAP users can have system access. The pam_list module allow netgroups to be listed in a user.allow file. On

Re: [Freeipa-users] HBAC rules not applying to Solaris clients

2015-08-19 Thread sipazzo
if I can.   From: Jakub Hrozek To: Martin Kosek Cc: Freeipa-users Sent: Wednesday, August 19, 2015 12:23 AM Subject: Re: [Freeipa-users] HBAC rules not applying to Solaris clients On Tue, Aug 18, 2015 at 09:05:14PM +0200, Martin Kosek wrote: > On 08/15/2015 07:05 PM, Natxo Ase

Re: [Freeipa-users] HBAC rules not applying to Solaris clients

2015-08-19 Thread Jakub Hrozek
On Tue, Aug 18, 2015 at 09:05:14PM +0200, Martin Kosek wrote: > On 08/15/2015 07:05 PM, Natxo Asenjo wrote: > > > > > >On Sat, Aug 15, 2015 at 5:24 PM, Rob Crittenden >> wrote: > > > >sipazzo wrote: > > > > > >and my users are able to authenticate to the dir

Re: [Freeipa-users] HBAC rules not applying to Solaris clients

2015-08-18 Thread Martin Kosek
On 08/15/2015 07:05 PM, Natxo Asenjo wrote: On Sat, Aug 15, 2015 at 5:24 PM, Rob Crittenden mailto:rcrit...@redhat.com>> wrote: sipazzo wrote: and my users are able to authenticate to the directory but the hbac rules are not being applied. Any user whether given access or

Re: [Freeipa-users] HBAC rules not applying to Solaris clients

2015-08-17 Thread sipazzo
Subject: Re: [Freeipa-users] HBAC rules not applying to Solaris clients For Solaris we are using the pam_list module to control which LDAP users can have system access. The pam_list module allow netgroups to be listed in a user.allow file. On Sat, Aug 15, 2015 at 1:05 PM, Natxo Asenjo wrote

Re: [Freeipa-users] HBAC rules not applying to Solaris clients

2015-08-15 Thread Bob
For Solaris we are using the pam_list module to control which LDAP users can have system access. The pam_list module allow netgroups to be listed in a user.allow file. On Sat, Aug 15, 2015 at 1:05 PM, Natxo Asenjo wrote: > > > On Sat, Aug 15, 2015 at 5:24 PM, Rob Crittenden > wrote: > >> sipazz

Re: [Freeipa-users] HBAC rules not applying to Solaris clients

2015-08-15 Thread Natxo Asenjo
On Sat, Aug 15, 2015 at 5:24 PM, Rob Crittenden wrote: > sipazzo wrote: > >> >> and my users are able to authenticate to the directory but the hbac >> rules are not being applied. Any user whether given access or not can >> login to the Solaris systems. The "allow-all" rule has been disabled, my

Re: [Freeipa-users] HBAC rules not applying to Solaris clients

2015-08-15 Thread Rob Crittenden
sipazzo wrote: Hi I am using freeipa 3.0.0-47 in a mixed environment with rhel5-7 clients, Solaris 10 clients and a handful of Solaris 11 clients. I followed this guide in setting up the solaris clients: 3.8. Configuring a Solaris System as a FreeIPA Client

[Freeipa-users] HBAC rules not applying to Solaris clients

2015-08-15 Thread sipazzo
Hi I am using freeipa 3.0.0-47 in a mixed environment with rhel5-7 clients, Solaris 10 clients and a handful of Solaris 11 clients. I followed this guide in setting up the solaris clients: 3.8. Configuring a Solaris System as a FreeIPA Client |   | |   |   |   |   |   | | 3.8. Configuring a Sola