[Freeipa-users] Can't add AD user group to IPA group
Guertin, David S.
guertin at middlebury.edu
Tue Mar 10 11:42:23 UTC 2015
> You should be able to 'see' them via getent passwd but they should not be
> allowed to login when HBAC_ALLOW_ALL is disabled.
Ah, OK, thanks, that's what is happening. I can see them with getent passwd and id, and I can su to them, but I can't log in as them.
On the other hand, I also can't log in as a user that SHOULD have permission (as a member of the appropriate AD group), but I'm still troubleshooting that one.
David Guertin
More information about the Freeipa-users
mailing list