subject:"\[Freeipa\-users\] HBAC Troubleshooting \(IPA 4.2\)"

Re: [Freeipa-users] HBAC Troubleshooting (IPA 4.2)

2016-11-01 Thread Jake

icman" <data...@gmail.com> Cc: "freeipa-users" <freeipa-users@redhat.com> Sent: Tuesday, November 1, 2016 7:04:45 PM Subject: Re: [Freeipa-users] HBAC Troubleshooting (IPA 4.2) Jake, I've seen this behaviour and am still struggling to find a solution. The v

Re: [Freeipa-users] HBAC Troubleshooting (IPA 4.2)

2016-11-01 Thread Lachlan Musicman

Jake, I've seen this behaviour and am still struggling to find a solution. The version of underlying OS and sssd are useful to know fwiw. To trouble shoot HBAC: - in *target machine* sssd.conf, add debug_level=7 to each stanza (can go as high as 9, but I believe 7 will be sufficient) -

[Freeipa-users] HBAC Troubleshooting (IPA 4.2)

2016-11-01 Thread Jake

Hey All, I'm having some issues tracing HBAC policies, it seems whenever I disable the allow_all policy, I'm no longer able to access services I have allowed in my more-specific hbac policy. What are the troubleshooting steps (logs) I can run on the client to see what is being denied and by