[Freeipa-users] HBAC implementation help
Martin Basti
mbasti at redhat.com
Fri Apr 29 11:46:07 UTC 2016
On 29.04.2016 13:27, Ben .T.George wrote:
> HI
>
> Thanks for your reply.
>
> can i do this external group mapping from web UI?
You can create External Group using webUI (user groups/ add group/
choose external radio button)
More doc about HBAC:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/configuring-host-access.html
Martin
>
> On Fri, Apr 29, 2016 at 10:50 AM, Jakub Hrozek <jhrozek at redhat.com
> <mailto:jhrozek at redhat.com>> wrote:
>
> On Fri, Apr 29, 2016 at 12:03:42AM +0300, Ben .T.George wrote:
> > Hi List,
> >
> > i have a working setup of IPA with AD integrated and one client
> joined.
> >
> > i want to implement HBAC rules against this client. can anyone
> please share
> > me good articles of implementing HBAC from web UI.
>
> I'm not sure about the web UI, but as a general rule you'll want
> to add
> an external group (created with --external) as a member of a POSIX
> group
> and reference the POSIX group in the HBAC rule. The AD members
> should be
> added as members of the external group.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160429/6ebcb3c7/attachment.htm>
More information about the Freeipa-users
mailing list