sipazzo wrote:
Hi I am using freeipa 3.0.0-47 in a mixed environment with rhel5-7
clients, Solaris 10 clients and a handful of Solaris 11 clients. I
followed this guide in setting up the solaris clients: 3.8. Configuring
a Solaris System as a FreeIPA Client
<https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html>
        
        
        
        
3.8. Configuring a Solaris System as a FreeIPA Client
<https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html>
FreeIPA provides an example profile for configuring Solaris 10 as a
FreeIPA client. This can be loaded using ldapclient and the init
command: [root@solaris ~]# ldapclient init ipa.example.com
View on docs.fedoraproject.org
<https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html>
        
Preview by Yahoo

and my users are able to authenticate to the directory but the hbac
rules are not being applied. Any user whether given access or not can
login to the Solaris systems. The "allow-all" rule has been disabled, my
nsswitch.conf file looks good and I have tried different configs of
pam.d, including the provided example to try to resolve the issue. Am I
missing some steps?

HBAC enforcement is provided by sssd so doesn't work in Solaris.

rob

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to