[Freeipa-users] HBAC rules not working

[Steven Jones]

Redoing the user groups and host groups yet again with new names makes no difference........

Redoing this and Im suspicious that the gui might show the hosts group  exists  in the hosts group tab but it may not be in the LDAP backend....certainly in the HBAC window the host group fails to appear....and I cant login.

:/

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Steven Jones [Steven.Jones at vuw.ac.nz]
Sent: Thursday, 24 November 2011 2:08 p.m.
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] HBAC rules not working

Hi,

Even a reboot doesnt fix the ghost host group issue...

Can it be dont via the cli?



regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Steven Jones [Steven.Jones at vuw.ac.nz]
Sent: Thursday, 24 November 2011 2:02 p.m.
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] HBAC rules not working

I have deleted the hosts and re-added.....made a new hosts group.

However when I try to make a new HBAC rule for the new hosts group, the hosts group is not in the list of available host groups to allow me to pick it.

:/

It is under the host group tabs....but its invisible elsewhere.....currently I am rebooting the IPA server to see if that fixes the log jam.

:/

Kind of worried that I seem to be having rather simple terminal problems when its 2 weeks from release....

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Steven Jones [Steven.Jones at vuw.ac.nz]
Sent: Thursday, 24 November 2011 1:06 p.m.
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] HBAC rules not working

I have traced this to the host groups in the HBAC rule...

All my HBAC rules do not work unless I specify any "to" host, I cannot specify a host group at all.

If I enable the allow_all rule but add to host group to it then that no longer works.....

So Im  stuck

:/

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Steven Jones [Steven.Jones at vuw.ac.nz]
Sent: Thursday, 24 November 2011 12:23 p.m.
To: Alexander Bokovoy; freeipa-devel at redhat.com; freeipa-users at redhat.com
Subject: [Freeipa-users] HBAC rules not working

Hi,

I have disabled the allow_all rule

I have created a group and added a user, I have enrolled a client and added it to a host group....I have done a HBAC rule between the two groups to allow all services, that user group to that host group from anywhere, but I cannot login....

If I enable the allow_all HBAC I can....

So how do I fault find why I cant login?

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users