Elhamsadat Azarian wrote:
> Hi.
> Which details do u need? I will send.
Adding freeipa-users yet again. I'll stop responding if this continues.
We'd need to see the active HBAC Rules, hbactest output at a minimum.
The sssd logs on the failing machine might be relevant too but you'll
probably
Elhamsadat Azarian wrote:
> Hi Rob
> Thank you for helping
> I disabled default HBAC rule and add a new rule that user "elham" could
> login and ssh on hosts "ipa-client and ipa-server"
> Now it can ssh to ipa-server but still it had problem with ipa-client.
> So rules couldnt solve my problem.
Please keep freeipa-users in the responses.
Elhamsadat Azarian wrote:
> Hi Rob
> I did it and i got this answer:
>
> Access granted : false
>
> What can i do now?
IPA ships with a default HBAC rule, allow_all, which allows all users to
authenticate on all hosts. I can only assume you've
Elhamsadat Azarian wrote:
> I tryed to add HBAC rules to my user but it said : some operation
> failed. Users cannot be added when user category = all
Adding list back.
Try something like:
ipa hbactest --user elham --service ssh --host
There is an equivalent way to do it in the UI.
rob
>
>
Kevin Vasko via FreeIPA-users wrote:
> Have you made sure your “elham” user has the correct permissions to access
> the machines? Take a look in the UI at the groups/permissions that user elham
> has. Take a look at your HBAC rules as well. That would be my first
> recommendation to check if it
Have you made sure your “elham” user has the correct permissions to access the
machines? Take a look in the UI at the groups/permissions that user elham has.
Take a look at your HBAC rules as well. That would be my first recommendation
to check if it was me.
-Kevin
> On Oct 9, 2019, at 7:23
I checked it but i couldnt solve it
On Wed, 9 Oct 2019, 12:30 Jakub Hrozek via FreeIPA-users, <
freeipa-users@lists.fedorahosted.org> wrote:
> On Wed, Oct 09, 2019 at 08:45:16AM -, Elhamsadat Azarian via
> FreeIPA-users wrote:
> > ### Request for enhancement
> > as a Linux admin i want to
On Wed, Oct 09, 2019 at 08:45:16AM -, Elhamsadat Azarian via FreeIPA-users
wrote:
> ### Request for enhancement
> as a Linux admin i want to login into my ipa client with a user that is
> defined in ipa-server UI.
>
> ### Issue
> I installed Ipa-server and an Ipa-client on CentOS7.6
> I