Dear FreeIPA users I have a three nodes installation (version 4.6.8, CentOS 7.9.2009) and I'm trying to manage users and hosts in order to allow them to send emails; I've retrieved host keytab from ipa servers and configured host krb5.conf to ipa servers;
I've a test user on FreeIPA (or, in future, User groups) and an smtp server (postfix; or in future Host groups) and a smtp service smtp/hostname@REALM I'd like to configure an HBAC rule in order to: 1) allow the group of user to send email via the smtp server 2) ban the user to send email removing him/her from the user group but there is something that's not working, I've made two tests (user in User group and deleted from User group) and in both cases the user is able to send email from his client (I attach the output of some ipa commands) Beside, I've tried to add a HBAC service "smtp" (even if I do not understand its real use, if its a "only" a tag) and a HBAC Service group but nothing has changed. At the moment I don't realize where I'm wrong even looking at some log files, thank you cheers Stefano ### 1 user-test in User Group ipa hbacrule-show smtp Rule name: smtp Service category: all Description: Regola di accesso ai server smtp Enabled: TRUE User Groups: smtp Host Groups: smtp ipa user-show user-test Member of groups: smtp Indirect Member of HBAC rule: smtp ipa hbactest --user=user-test --host=host.domain --service=all -------------------- Access granted: True -------------------- Matched rules: smtp-cnaf ### 2 user-test deleted from User Group ipa hbactest --user=user-test --host=host.domain --service=all --------------------- Access granted: False --------------------- Not matched rules: smtp-cnaf _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
