When I add a host to the hbac rule and not a host group I can login....

Something is wrong with the host group(s).....damned if I can see what.

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Steven Jones [steven.jo...@vuw.ac.nz]
Sent: Thursday, 24 November 2011 2:38 p.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] HBAC rules not working

When I go to a different existing HBAC rule and add the host group I can 
login.....

confused.....cant see what Im doing wrong....


regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Steven Jones [steven.jo...@vuw.ac.nz]
Sent: Thursday, 24 November 2011 2:35 p.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] HBAC rules not working

When I go to the host group and pick the group I want, then go to the HBAC tab 
the hbac rule I have written doesnt appear as an enrol choice, but other rules 
do.....

This is just wierd....

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Steven Jones [steven.jo...@vuw.ac.nz]
Sent: Thursday, 24 November 2011 2:27 p.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] HBAC rules not working

Redoing the user groups and host groups yet again with new names makes no 
difference........

Redoing this and Im suspicious that the gui might show the hosts group  exists  
in the hosts group tab but it may not be in the LDAP backend....certainly in 
the HBAC window the host group fails to appear....and I cant login.

:/

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Steven Jones [steven.jo...@vuw.ac.nz]
Sent: Thursday, 24 November 2011 2:08 p.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] HBAC rules not working

Hi,

Even a reboot doesnt fix the ghost host group issue...

Can it be dont via the cli?



regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Steven Jones [steven.jo...@vuw.ac.nz]
Sent: Thursday, 24 November 2011 2:02 p.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] HBAC rules not working

I have deleted the hosts and re-added.....made a new hosts group.

However when I try to make a new HBAC rule for the new hosts group, the hosts 
group is not in the list of available host groups to allow me to pick it.

:/

It is under the host group tabs....but its invisible elsewhere.....currently I 
am rebooting the IPA server to see if that fixes the log jam.

:/

Kind of worried that I seem to be having rather simple terminal problems when 
its 2 weeks from release....

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Steven Jones [steven.jo...@vuw.ac.nz]
Sent: Thursday, 24 November 2011 1:06 p.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] HBAC rules not working

I have traced this to the host groups in the HBAC rule...

All my HBAC rules do not work unless I specify any "to" host, I cannot specify 
a host group at all.

If I enable the allow_all rule but add to host group to it then that no longer 
works.....

So Im  stuck

:/

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Steven Jones [steven.jo...@vuw.ac.nz]
Sent: Thursday, 24 November 2011 12:23 p.m.
To: Alexander Bokovoy; freeipa-de...@redhat.com; freeipa-users@redhat.com
Subject: [Freeipa-users] HBAC rules not working

Hi,

I have disabled the allow_all rule

I have created a group and added a user, I have enrolled a client and added it 
to a host group....I have done a HBAC rule between the two groups to allow all 
services, that user group to that host group from anywhere, but I cannot 
login....

If I enable the allow_all HBAC I can....

So how do I fault find why I cant login?

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to