[Freeipa-users] HBAC rules not working
Steven Jones
Steven.Jones at vuw.ac.nz
Thu Nov 24 01:27:53 UTC 2011
Redoing the user groups and host groups yet again with new names makes no difference........
Redoing this and Im suspicious that the gui might show the hosts group exists in the hosts group tab but it may not be in the LDAP backend....certainly in the HBAC window the host group fails to appear....and I cant login.
:/
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Steven Jones [Steven.Jones at vuw.ac.nz]
Sent: Thursday, 24 November 2011 2:08 p.m.
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] HBAC rules not working
Hi,
Even a reboot doesnt fix the ghost host group issue...
Can it be dont via the cli?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Steven Jones [Steven.Jones at vuw.ac.nz]
Sent: Thursday, 24 November 2011 2:02 p.m.
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] HBAC rules not working
I have deleted the hosts and re-added.....made a new hosts group.
However when I try to make a new HBAC rule for the new hosts group, the hosts group is not in the list of available host groups to allow me to pick it.
:/
It is under the host group tabs....but its invisible elsewhere.....currently I am rebooting the IPA server to see if that fixes the log jam.
:/
Kind of worried that I seem to be having rather simple terminal problems when its 2 weeks from release....
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Steven Jones [Steven.Jones at vuw.ac.nz]
Sent: Thursday, 24 November 2011 1:06 p.m.
To: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] HBAC rules not working
I have traced this to the host groups in the HBAC rule...
All my HBAC rules do not work unless I specify any "to" host, I cannot specify a host group at all.
If I enable the allow_all rule but add to host group to it then that no longer works.....
So Im stuck
:/
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
________________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Steven Jones [Steven.Jones at vuw.ac.nz]
Sent: Thursday, 24 November 2011 12:23 p.m.
To: Alexander Bokovoy; freeipa-devel at redhat.com; freeipa-users at redhat.com
Subject: [Freeipa-users] HBAC rules not working
Hi,
I have disabled the allow_all rule
I have created a group and added a user, I have enrolled a client and added it to a host group....I have done a HBAC rule between the two groups to allow all services, that user group to that host group from anywhere, but I cannot login....
If I enable the allow_all HBAC I can....
So how do I fault find why I cant login?
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
More information about the Freeipa-users
mailing list