[Freeipa-users] Active Directory users are not controlled by HBAC
Alexander Bokovoy
abokovoy at redhat.com
Wed Jan 27 19:04:46 UTC 2016
On Wed, 27 Jan 2016, Birnbaum, Warren (ETW) wrote:
>I started this post with a simple question: ³is it possible to have HBAC
>work with AD authenticated users². I was not able from the tips provided
>to get any further with this.
Have you tried to read actual documentation? From your attempts it looks
like you never read
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Windows_Integration_Guide/index.html#idp1105760
>What I have not been able to have addressed is, if there are no HBAC
>rules, there should be no access, or if there is no Allow_Access rule, no
>one should be able to login to any system. Currently with this said
>configuration, everyone has access to every system. My pam stack is
>exactly as recommended. Is there someone who has FreeIPA with active
>directory authenticated users and HBAC working? I don¹t have trust
>defined with AD but authentication is working fine.
Please use official documentation:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Windows_Integration_Guide/index.html#trust-groups
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list