On (15/02/16 11:45), Birnbaum, Warren (ETW) wrote:
>Thanks Lukas.  
>Unfortunately setting up a IPA Ad Trust is something not possible within
>our organization.  Is it then fair to say that waiting for Ticket #4623 is
>our only option?  https://fedorahosted.org/freeipa/ticket/4634

As I wrote in previous mail HBAC can work only with id_provider = ipa.
and GPO works only with id_provider = ad.

Your configuration is little bit non-standard
id_provider = proxy (to files) and auth provider LDAP (AD).

I can only recommend to look into pam_access.so.


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to