[Freeipa-users] Active Directory users are not controlled by HBAC
Birnbaum, Warren (ETW)
Warren.Birnbaum at nike.com
Mon Jan 25 22:35:05 UTC 2016
OK. I have done this and am using the pam stack that is the result of
what you here describe.
A few threads back you mentioned that this could be a reason why my hbac
are not restricting access. I have no hbac rules currently and any active
directory user can access any host. Is there something else I could look
at to see why this is happening?
Thanks.
___________________
Warren Birnbaum : Infrastructure Services
Web Automation Engineer
Europe CDT Techn. Operations
Nike Inc. : Mobile +31 6 23902697
On 1/25/16, 2:11 PM, "Alexander Bokovoy" <abokovoy at redhat.com> wrote:
>On Mon, 25 Jan 2016, Birnbaum, Warren (ETW) wrote:
>>Thanks Alexander. Is there a place where there are example pam stacks
>>that work with active directory and hbac?
>Defaults in RHEL/Fedora should be enough:
> - install RHEL/Fedora,
> - apply ipa-client-install,
>
>then you get proper setup. That's what is tested and supported.
>
>ipa-client-install would run authconfig utility with correct parameters
>to set PAM stack properly.
>
>--
>/ Alexander Bokovoy
More information about the Freeipa-users
mailing list