I'm trying to setup our FreeIPA 4.1.0 (RHEL 7) servers with Ubuntu 14.04
FreeIPA 3.3.4 clients so, that users in a user group called "customers"
can only access hosts, which are in a host group called "test". Users
from the user group "ops" should be able to access all systems (ie.
"prod" systems and also those "test" systems).
But I cannot get my head around to create proper HBAC rules/setup…
Could somebody maybe lend me a helping hand?
At the moment, I have set it up so, that I modified the "prod" systems
sshd_config and added "DenyGroups customer" there. On the test systems,
I don't have that line. That works, but it's not using IPA (in a sense…
I do have to modify the hosts configuration on the system, which I
dislike. Granted, with Chef, it's not much, but still *G*).
=> Google+ => http://plus.skwar.me <==
=> Chat (Jabber/Google Talk) => a.sk...@gmail.com <==
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project