yea my mistake.
i was following u this
On Fri, Apr 29, 2016 at 6:03 PM, Alexander Bokovoy <aboko...@redhat.com>
> On Fri, 29 Apr 2016, Ben .T.George wrote:
>> Hi List,
>> I have working setup of one AD, one IPA server and one client server. by
>> default i can login to client server by using AD username.
>> i want to apply HBAC rules against this client server. For that i have
>> below steps.
>> 1. created External group in IPA erver
>> 2. created local POSIX group n IPA server
>> 3. Added AD group to external group
>> 4. added POSIX group to external group.
> You should have added external group to POSIX group, not the other way
> / Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project