On Jun 13, 2011, at 4:43 PM, Steven Jones wrote:
I have put 3 clients into a netgroup and added a user, however when I remove
the user from the netgroup the user can still login! Even if the user wasnt
ever in teh netgroup they can login
So how do I stop that?
When will we see
Hi,
Ive seen/read it.and I have a hard copy on my desk in front of me right
now
I find it typical of such documents, it has lots of sections in great detail
but it doesnt tell you how to achieve anything end to endand often its
gives you written instructions on visual tasks so if
1) Create an HBAC Rule or rules: choose allow or deny
2) add users/usergroups to the rule
3) add hosts/hostgroups to the rule
4) disable the default 'allow all' rule
Now any system that has SSSD 1.5 will enforce those HBAC rules.
For systems that do not support sssd, I have been working on a
Hmm,
So whats the default rule? can i set precedence? is there any?
Example.
So Ive disabled the allow_all rule, I made a deny_all rule and then a rule to
allow specific user groups to login to specific hostgroups serversthat
didnt work...
So I disabled the deny_all rule and users in
Steven Jones wrote:
Hmm,
So whats the default rule? can i set precedence? is there any?
The default rule is deny.
Example.
So Ive disabled the allow_all rule, I made a deny_all rule and then a rule to
allow specific user groups to login to specific hostgroups serversthat
didnt
Just to add on the advice, not to detract,
On Tue, 2011-06-14 at 01:10 +, JR Aquino wrote:
1) Create an HBAC Rule or rules: choose allow or deny
Do yourself a favor and never use deny rules, they are there if you
*really* need them, but you do not want to use them if you can avoid
them :)