Re: [Freeipa-users] HBAC implementation help
On 29.04.2016 13:27, Ben .T.George wrote: HI Thanks for your reply. can i do this external group mapping from web UI? You can create External Group using webUI (user groups/ add group/ choose external radio button) More doc about HBAC: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/configuring-host-access.html Martin On Fri, Apr 29, 2016 at 10:50 AM, Jakub Hrozek> wrote: On Fri, Apr 29, 2016 at 12:03:42AM +0300, Ben .T.George wrote: > Hi List, > > i have a working setup of IPA with AD integrated and one client joined. > > i want to implement HBAC rules against this client. can anyone please share > me good articles of implementing HBAC from web UI. I'm not sure about the web UI, but as a general rule you'll want to add an external group (created with --external) as a member of a POSIX group and reference the POSIX group in the HBAC rule. The AD members should be added as members of the external group. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] HBAC implementation help
HI Thanks for your reply. can i do this external group mapping from web UI? On Fri, Apr 29, 2016 at 10:50 AM, Jakub Hrozekwrote: > On Fri, Apr 29, 2016 at 12:03:42AM +0300, Ben .T.George wrote: > > Hi List, > > > > i have a working setup of IPA with AD integrated and one client joined. > > > > i want to implement HBAC rules against this client. can anyone please > share > > me good articles of implementing HBAC from web UI. > > I'm not sure about the web UI, but as a general rule you'll want to add > an external group (created with --external) as a member of a POSIX group > and reference the POSIX group in the HBAC rule. The AD members should be > added as members of the external group. > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] HBAC implementation help
On Fri, Apr 29, 2016 at 12:03:42AM +0300, Ben .T.George wrote: > Hi List, > > i have a working setup of IPA with AD integrated and one client joined. > > i want to implement HBAC rules against this client. can anyone please share > me good articles of implementing HBAC from web UI. I'm not sure about the web UI, but as a general rule you'll want to add an external group (created with --external) as a member of a POSIX group and reference the POSIX group in the HBAC rule. The AD members should be added as members of the external group. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project