> In standard FreeIPA setup we have 'allow_all' HBAC rule which roughly
> states "anyone can access any service on any host". Did you disable this
> rule?
> 
> If yes, then you have to have an explicit rules allowing access to specific
> services.

Thanks! Yes, that was it exactly. I did disable the "allow all" rule on 
installation, but hadn't set up a specific rule allowing the appropriate group 
SSH access. I've added the rule, and everything is working as it should now. 
I'm a very happy sysadmin at the moment. :-)

David Guertin

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to