Re: [Freeipa-users] HBAC implementation help

[Martin Basti]

On 29.04.2016 13:27, Ben .T.George wrote:

HI

Thanks for your reply.

can i do this external group mapping from web UI?


You can create External Group using webUI (user groups/ add group/ 
choose external radio button)


More doc about HBAC: 
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/configuring-host-access.html


Martin


On Fri, Apr 29, 2016 at 10:50 AM, Jakub Hrozek > wrote:


On Fri, Apr 29, 2016 at 12:03:42AM +0300, Ben .T.George wrote:
> Hi List,
>
> i have a working setup of IPA with AD integrated and one client
joined.
>
> i want to implement HBAC rules against this client. can anyone
please share
> me good articles of implementing HBAC from web UI.

I'm not sure about the web UI, but as a general rule you'll want
to add
an external group (created with --external) as a member of a POSIX
group
and reference the POSIX group in the HBAC rule. The AD members
should be
added as members of the external group.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project






-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] HBAC implementation help

[Ben .T.George]

HI

Thanks for your reply.

can i do this external group mapping from web UI?

On Fri, Apr 29, 2016 at 10:50 AM, Jakub Hrozek  wrote:

> On Fri, Apr 29, 2016 at 12:03:42AM +0300, Ben .T.George wrote:
> > Hi List,
> >
> > i have a working setup of IPA with AD integrated and one client joined.
> >
> > i want to implement HBAC rules against this client. can anyone please
> share
> > me good articles of implementing HBAC from web UI.
>
> I'm not sure about the web UI, but as a general rule you'll want to add
> an external group (created with --external) as a member of a POSIX group
> and reference the POSIX group in the HBAC rule. The AD members should be
> added as members of the external group.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] HBAC implementation help

[Jakub Hrozek]

On Fri, Apr 29, 2016 at 12:03:42AM +0300, Ben .T.George wrote:
> Hi List,
> 
> i have a working setup of IPA with AD integrated and one client joined.
> 
> i want to implement HBAC rules against this client. can anyone please share
> me good articles of implementing HBAC from web UI.

I'm not sure about the web UI, but as a general rule you'll want to add
an external group (created with --external) as a member of a POSIX group
and reference the POSIX group in the HBAC rule. The AD members should be
added as members of the external group.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] HBAC implementation help

[Ben .T.George]

Hi List,

i have a working setup of IPA with AD integrated and one client joined.

i want to implement HBAC rules against this client. can anyone please share
me good articles of implementing HBAC from web UI.


Thanks & Regards,
Ben
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project