[Freeipa-users] HBAC rules not applying to Solaris clients
Rob Crittenden
rcritten at redhat.com
Sat Aug 15 15:24:12 UTC 2015
sipazzo wrote:
> Hi I am using freeipa 3.0.0-47 in a mixed environment with rhel5-7
> clients, Solaris 10 clients and a handful of Solaris 11 clients. I
> followed this guide in setting up the solaris clients: 3.8. Configuring
> a Solaris System as a FreeIPA Client
> <https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html>
>
>
>
>
> 3.8. Configuring a Solaris System as a FreeIPA Client
> <https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html>
> FreeIPA provides an example profile for configuring Solaris 10 as a
> FreeIPA client. This can be loaded using ldapclient and the init
> command: [root at solaris ~]# ldapclient init ipa.example.com
> View on docs.fedoraproject.org
> <https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html>
>
> Preview by Yahoo
>
> and my users are able to authenticate to the directory but the hbac
> rules are not being applied. Any user whether given access or not can
> login to the Solaris systems. The "allow-all" rule has been disabled, my
> nsswitch.conf file looks good and I have tried different configs of
> pam.d, including the provided example to try to resolve the issue. Am I
> missing some steps?
HBAC enforcement is provided by sssd so doesn't work in Solaris.
rob
More information about the Freeipa-users
mailing list