Hi, Normally HBAC for AD users should be done through an external group.
So for example if we have 500+ users on AD and only 100 user are administrator and they have Linux server access. I want to set the HBAC and sudo rules for users. So user have correct access server access and sudo rights and I am using the *Active Directory trust setup* In this case i need to add all of the 100 users on in Freeipa as external group. for example :- user1 user name in AD *user1-external* external group in IPA for trusted domain users *user1 :- *POSIX group for external Do we have document for implementing the HBAC and Sudo Rules for external group. Or is there any other best way to implement the HBAC and Sudo Rules on AD users. -- *Rajat Gupta*
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code