[Freeipa-users] Can't add AD user group to IPA group
Jakub Hrozek
jhrozek at redhat.com
Sun Mar 8 20:40:11 UTC 2015
On Fri, Mar 06, 2015 at 08:24:28PM +0000, Craig White wrote:
> Seems the initial/default setup for IPA server is to put in an 'allow_all' rule. Thus you can actively manage HBAC but out of the box, it is essentially turned off by that rule.
Yes. The default was the opposite very long time ago, you had to
explicitly enable access to the box. But it was causing too many user
issues.
More information about the Freeipa-users
mailing list