[Freeipa-users] HBAC and SUDO rules for legacy clients
Srdjan Dutina
sdutina at gmail.com
Mon Apr 20 14:59:43 UTC 2015
Just found in
http://www.freeipa.org/images/0/0d/FreeIPA33-legacy-clients.pdf the next
sentence: "If you have HBAC's allow_all rule disabled, you will need to
allow system-auth service on the FreeIPA master, so that authentication of
the AD users can be performed."
Is this true for FreeIPA 4.1.0 also and how could I do this?
On Mon, Apr 20, 2015 at 4:51 PM Alexander Bokovoy <abokovoy at redhat.com>
wrote:
> On Mon, 20 Apr 2015, Srdjan Dutina wrote:
> >Thank for quick answer!
> >
> >If I disable HBAC rule, I can still login to Centos 5 client using IPA
> >user, but not using AD user. Is there a workaround?
> >I need "allow_all" disabled because of newer IPA clients.
> There is no workaround so far.
>
> --
> / Alexander Bokovoy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150420/c12af837/attachment.htm>
More information about the Freeipa-users
mailing list