Am Fri, Sep 23, 2022 at 01:07:24PM +0200 schrieb Ronald Wimmer via FreeIPA-users: > I tried to give user access permissions to a specific host but when I try to > log in via ssh I get an error: > > [hbac_evaluate] (0x0100): The rule [somerulename] did not match.
Hi, near the log line above there should be additional information about the rule and the user. Can you send those as well? You might have to increase the debug_level to see all messages. bye, Sumit > > somegroup (POSIX) > -somegroup-external > -some AD user > -another AD user > > ipa hbacrule-show somerulename > Rule name: somerulename > Enabled: TRUE > User Groups: somegroup > Hosts: somehost.doma.mydomain.at > HBAC Services: sshd, sudo, sudo-i > > As we were relatively new to IPA we set up the trust to the domain where > these users come to "Non-transitive external trust to a domain in another > Active Directory forest" ages ago. However, both users can be resolved on > somehost.doma.mydomain.at with getent or id. > > Can you think of a reason why these users get an access denied error? > > Any hints would be highly appreciated! > > Cheers, > Ronald > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue