Redoing the user groups and host groups yet again with new names makes no difference........
Redoing this and Im suspicious that the gui might show the hosts group exists in the hosts group tab but it may not be in the LDAP backend....certainly in the HBAC window the host group fails to appear....and I cant login. :/ regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Steven Jones [steven.jo...@vuw.ac.nz] Sent: Thursday, 24 November 2011 2:08 p.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] HBAC rules not working Hi, Even a reboot doesnt fix the ghost host group issue... Can it be dont via the cli? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Steven Jones [steven.jo...@vuw.ac.nz] Sent: Thursday, 24 November 2011 2:02 p.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] HBAC rules not working I have deleted the hosts and re-added.....made a new hosts group. However when I try to make a new HBAC rule for the new hosts group, the hosts group is not in the list of available host groups to allow me to pick it. :/ It is under the host group tabs....but its invisible elsewhere.....currently I am rebooting the IPA server to see if that fixes the log jam. :/ Kind of worried that I seem to be having rather simple terminal problems when its 2 weeks from release.... regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Steven Jones [steven.jo...@vuw.ac.nz] Sent: Thursday, 24 November 2011 1:06 p.m. To: freeipa-users@redhat.com Subject: Re: [Freeipa-users] HBAC rules not working I have traced this to the host groups in the HBAC rule... All my HBAC rules do not work unless I specify any "to" host, I cannot specify a host group at all. If I enable the allow_all rule but add to host group to it then that no longer works..... So Im stuck :/ regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on behalf of Steven Jones [steven.jo...@vuw.ac.nz] Sent: Thursday, 24 November 2011 12:23 p.m. To: Alexander Bokovoy; freeipa-de...@redhat.com; freeipa-users@redhat.com Subject: [Freeipa-users] HBAC rules not working Hi, I have disabled the allow_all rule I have created a group and added a user, I have enrolled a client and added it to a host group....I have done a HBAC rule between the two groups to allow all services, that user group to that host group from anywhere, but I cannot login.... If I enable the allow_all HBAC I can.... So how do I fault find why I cant login? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users