Please keep freeipa-users in CC

On 08.08.2016 11:22, Deepak Dimri wrote:
Thanks Martin,

Don't i need to create subdomain for each team and then register the hosts under that domain and finally assign HBAC?

HBAC rule is per host/hostgroup and it is unrelated to domain. Read doc there should be everything :)



Subject: Re: [Freeipa-users] Delegated Administration in IPA
Date: Mon, 8 Aug 2016 10:41:59 +0200

On 08.08.2016 10:03, Deepak Dimri wrote:

    Hi List,

    I want some help here! i have 100 of linux servers and ec2
    instances  used by various teams/departments.   I want to have
    group wise  clubbing of these servers so that i can delegate
    administration access to manager of  that particular group. For
    example lets say out of those 100 servers, 25 servers belongs to
    engineering team so i want to register these 25 servers under
    engineering group/domain and then assign the full administration
    access to engineering manager to manage these 25 servers and there

    I am getting a sense that we can create DNS subdomains for each
    team i.e. engineering.<ipa server domain name> and then register
    those 25 servers under engineering.<ipa server domain name> but
    then i am not sure how i can assign the access and do rest of the

    I would be thankfully if any of you can provide with configuration
    steps to help me



I think you need HBAC

You need add servers to particular hostgroups, and create HBAC rules according the doc ^^^


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to