[Freeipa-users] Question about ldap proxy/AD + sudo + HBAC
Lukas Slebodnik
lslebodn at redhat.com
Mon Feb 15 12:01:17 UTC 2016
On (15/02/16 11:45), Birnbaum, Warren (ETW) wrote:
>Thanks Lukas.
>
>Unfortunately setting up a IPA Ad Trust is something not possible within
>our organization. Is it then fair to say that waiting for Ticket #4623 is
>our only option? https://fedorahosted.org/freeipa/ticket/4634
>
As I wrote in previous mail HBAC can work only with id_provider = ipa.
and GPO works only with id_provider = ad.
Your configuration is little bit non-standard
id_provider = proxy (to files) and auth provider LDAP (AD).
I can only recommend to look into pam_access.so.
LS
More information about the Freeipa-users
mailing list