On Mon, May 11, 2015 at 01:19:01PM +0200, Vangass wrote:
> Hello,
> I have a problem with HBAC rules with conjunction with PAM authentication.
> What I try to do is to authenticate users: tac_plus - PAM (pam_sssd) -
> FreeIPA.
> It works just fine but without checking HBAC rules.
> What I did:
> - disabled allow_all rule
> - created new rule with one user and one service (tac_plus)
> And then, if I try to authenticate another user which is not in above rule
> then authetication is accepted and this user gets logged in.
> In logs, what I didn't find is an information about checking HBAC rules...
> Of course, when I use HBAC Test then everything is correct - one user is
> granted and another is declined.
> # cat /etc/pam.d/tac_plus
> auth         required      pam_sss.so
> account      required      pam_sss.so

If hbactest passes, then we need to see the logs, /var/log/secure and
SSSD logs. Also the sssd.conf, please.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to