Hello I'm trying to setup our FreeIPA 4.1.0 (RHEL 7) servers with Ubuntu 14.04 FreeIPA 3.3.4 clients so, that users in a user group called "customers" can only access hosts, which are in a host group called "test". Users from the user group "ops" should be able to access all systems (ie. "prod" systems and also those "test" systems).
But I cannot get my head around to create proper HBAC rules/setup… Could somebody maybe lend me a helping hand? At the moment, I have set it up so, that I modified the "prod" systems sshd_config and added "DenyGroups customer" there. On the test systems, I don't have that line. That works, but it's not using IPA (in a sense… I do have to modify the hosts configuration on the system, which I dislike. Granted, with Chef, it's not much, but still *G*). Thanks, Alexander -- => Google+ => http://plus.skwar.me <== => Chat (Jabber/Google Talk) => a.sk...@gmail.com <== -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project