Just found in http://www.freeipa.org/images/0/0d/FreeIPA33-legacy-clients.pdf the next sentence: "If you have HBAC's allow_all rule disabled, you will need to allow system-auth service on the FreeIPA master, so that authentication of the AD users can be performed." Is this true for FreeIPA 4.1.0 also and how could I do this?
On Mon, Apr 20, 2015 at 4:51 PM Alexander Bokovoy <aboko...@redhat.com> wrote: > On Mon, 20 Apr 2015, Srdjan Dutina wrote: > >Thank for quick answer! > > > >If I disable HBAC rule, I can still login to Centos 5 client using IPA > >user, but not using AD user. Is there a workaround? > >I need "allow_all" disabled because of newer IPA clients. > There is no workaround so far. > > -- > / Alexander Bokovoy >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project