I have working setup of one AD, one IPA server and one client server. by
default i can login to client server by using AD username.
i want to apply HBAC rules against this client server. For that i have done
1. created External group in IPA erver
2. created local POSIX group n IPA server
3. Added AD group to external group
4. added POSIX group to external group.
After that have created HBAC rule by adding both local and external IPA
groups, added sshd as service and selected service group as sudo.
i have applied this HBAC rule to client server and from web UI and while
testing HBAC from web, i am getting access denied .
How can i implement HBAC with Active directory user group.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project