Re: [Freeipa-users] HBAC rules not applying to Solaris clients

2015-08-19 Thread sipazzo
if I can.   From: Jakub Hrozek jhro...@redhat.com To: Martin Kosek mko...@redhat.com Cc: Freeipa-users freeipa-users@redhat.com Sent: Wednesday, August 19, 2015 12:23 AM Subject: Re: [Freeipa-users] HBAC rules not applying to Solaris clients On Tue, Aug 18, 2015 at 09:05:14PM +0200

Re: [Freeipa-users] HBAC rules not applying to Solaris clients

2015-08-19 Thread sipazzo
natxo.ase...@gmail.com Cc: Freeipa-users freeipa-users@redhat.com Sent: Saturday, August 15, 2015 10:46 AM Subject: Re: [Freeipa-users] HBAC rules not applying to Solaris clients For Solaris we are using the pam_list module to control which LDAP users can have system access. The pam_list

Re: [Freeipa-users] HBAC rules not applying to Solaris clients

2015-08-19 Thread Jakub Hrozek
On Tue, Aug 18, 2015 at 09:05:14PM +0200, Martin Kosek wrote: On 08/15/2015 07:05 PM, Natxo Asenjo wrote: On Sat, Aug 15, 2015 at 5:24 PM, Rob Crittenden rcrit...@redhat.com mailto:rcrit...@redhat.com wrote: sipazzo wrote: and my users are able to authenticate to the

Re: [Freeipa-users] HBAC rules not applying to Solaris clients

2015-08-18 Thread Martin Kosek
On 08/15/2015 07:05 PM, Natxo Asenjo wrote: On Sat, Aug 15, 2015 at 5:24 PM, Rob Crittenden rcrit...@redhat.com mailto:rcrit...@redhat.com wrote: sipazzo wrote: and my users are able to authenticate to the directory but the hbac rules are not being applied. Any user

Re: [Freeipa-users] HBAC rules not applying to Solaris clients

2015-08-17 Thread sipazzo
-users@redhat.com Sent: Saturday, August 15, 2015 10:46 AM Subject: Re: [Freeipa-users] HBAC rules not applying to Solaris clients For Solaris we are using the pam_list module to control which LDAP users can have system access. The pam_list module allow netgroups to be listed

Re: [Freeipa-users] HBAC rules not applying to Solaris clients

2015-08-15 Thread Bob
For Solaris we are using the pam_list module to control which LDAP users can have system access. The pam_list module allow netgroups to be listed in a user.allow file. On Sat, Aug 15, 2015 at 1:05 PM, Natxo Asenjo natxo.ase...@gmail.com wrote: On Sat, Aug 15, 2015 at 5:24 PM, Rob Crittenden

Re: [Freeipa-users] HBAC rules not applying to Solaris clients

2015-08-15 Thread Natxo Asenjo
On Sat, Aug 15, 2015 at 5:24 PM, Rob Crittenden rcrit...@redhat.com wrote: sipazzo wrote: and my users are able to authenticate to the directory but the hbac rules are not being applied. Any user whether given access or not can login to the Solaris systems. The allow-all rule has been

Re: [Freeipa-users] HBAC rules not applying to Solaris clients

2015-08-15 Thread Rob Crittenden
sipazzo wrote: Hi I am using freeipa 3.0.0-47 in a mixed environment with rhel5-7 clients, Solaris 10 clients and a handful of Solaris 11 clients. I followed this guide in setting up the solaris clients: 3.8. Configuring a Solaris System as a FreeIPA Client