On 12 October 2017 at 08:44, Lachlan Musicman wrote:
> On 12 October 2017 at 08:35, Orion Poplawski wrote:
>
>> On 10/06/2017 08:29 PM, Lachlan Musicman wrote:
>> > You should check your sssd_domain logs (sssd_ad.nwra.com.log) for a
>> time when
>> > someone is being denied - search for hbac_eva
On 12 October 2017 at 08:35, Orion Poplawski wrote:
> On 10/06/2017 08:29 PM, Lachlan Musicman wrote:
> > You should check your sssd_domain logs (sssd_ad.nwra.com.log) for a time
> when
> > someone is being denied - search for hbac_eval_user_element and check the
> > number it returns versus the
On 10/06/2017 08:29 PM, Lachlan Musicman wrote:
> You should check your sssd_domain logs (sssd_ad.nwra.com.log) for a time when
> someone is being denied - search for hbac_eval_user_element and check the
> number it returns versus the number of AD groups that user belongs to.
I've increased the lo
On 10/07/2017 10:17 AM, Jakub Hrozek wrote:
> Does access work from any RHEL/CentOS client? (I’m asking because as long as
> those are fully patched, all HBAC-related bugs should be fixed there)
Yeah, all of our EL6/7 machines are working fine. This is the first Ubuntu
machine I've had to deal w
Does access work from any RHEL/CentOS client? (I’m asking because as long as
those are fully patched, all HBAC-related bugs should be fixed there)
There was a bug that we fixed in commit
88f6d8ad4eef4b4fa032fd451ad732cf8201b0bf in the sssd-1-13 branch that should
help.
However, that commit was
On 7 October 2017 at 09:37, Orion Poplawski wrote:
> I just added my first ubuntu 16.04 client to our IPA domain and am having
> problem with HBAC rules randomly denying access to a user that should have
> access. Users are in AD (ad.nwra.com), I have an external group
> containing
> the AD user
