[Freeipa-users] HBAC Test - web vs command line - returns different results
Michael Mercier
mmercier at gmail.com
Fri Aug 31 13:33:37 UTC 2012
Hello,
I seem to be having a problem with the HBAC test:
Versions:
[root at ipaserver ipatest]# rpm -qa|grep ^ipa
ipa-server-2.2.0-16.el6.x86_64
ipa-pki-common-theme-9.0.3-7.el6.noarch
ipa-pki-ca-theme-9.0.3-7.el6.noarch
ipa-python-2.2.0-16.el6.x86_64
ipa-admintools-2.2.0-16.el6.x86_64
ipa-server-selinux-2.2.0-16.el6.x86_64
ipa-client-2.2.0-16.el6.x86_64
On the web console:
Browse to HBAC TEST
Who: mike
Accessing: pix.beta.local
Via service: tac_plus
From: ipaclient.beta.local (correct me if I am wrong, but I don't believe this has any effect)
Rules: tacacs
Run Test -> Access Granted with matched rules showing tacacs
On the command line:
ipa hbactest
User name: mike
Target Host: pix.beta.local
Service: tac_plus
---------------------
Access granted: False
---------------------
Not matched rules: tacacs
tacacs rule:
General: Enabled
Who: user group: ciscoadmin -> mike is a member
accessing: cisco-devices -> pix.beta.local is a member
Via Service: tac_plus
From: any host
NOTE: tacacs is the only enabled rule, allow_all has been disabled (but is still present)
Any ideas?
Thanks,
Mike
More information about the Freeipa-users
mailing list