On (15/02/16 11:45), Birnbaum, Warren (ETW) wrote:
>Unfortunately setting up a IPA Ad Trust is something not possible within
>our organization. Is it then fair to say that waiting for Ticket #4623 is
>our only option? https://fedorahosted.org/freeipa/ticket/4634
As I wrote in previous mail HBAC can work only with id_provider = ipa.
and GPO works only with id_provider = ad.
Your configuration is little bit non-standard
id_provider = proxy (to files) and auth provider LDAP (AD).
I can only recommend to look into pam_access.so.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project