<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <br>
    <br>
    <div class="moz-cite-prefix">On 29.04.2016 13:27, Ben .T.George
      wrote:<br>
    </div>
    <blockquote
cite="mid:CA+C_GOW-7teM37C9o2vW4SGeSj20a6zAkqhPp_VRqd7e2hTpPg@mail.gmail.com"
      type="cite">
      <div dir="ltr">HI
        <div><br>
        </div>
        <div>Thanks for your reply.</div>
        <div><br>
        </div>
        <div>can i do this external group mapping from web UI?</div>
      </div>
    </blockquote>
    <br>
    You can create External Group using webUI (user groups/ add group/
    choose external radio button)<br>
    <br>
    More doc about HBAC:
<a class="moz-txt-link-freetext" href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/configuring-host-access.html">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/configuring-host-access.html</a><br>
    <br>
    Martin<br>
    <blockquote
cite="mid:CA+C_GOW-7teM37C9o2vW4SGeSj20a6zAkqhPp_VRqd7e2hTpPg@mail.gmail.com"
      type="cite">
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Fri, Apr 29, 2016 at 10:50 AM, Jakub
          Hrozek <span dir="ltr"><<a moz-do-not-send="true"
              href="mailto:jhrozek@redhat.com" target="_blank">jhrozek@redhat.com</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex"><span
              class="">On Fri, Apr 29, 2016 at 12:03:42AM +0300, Ben
              .T.George wrote:<br>
              > Hi List,<br>
              ><br>
              > i have a working setup of IPA with AD integrated and
              one client joined.<br>
              ><br>
              > i want to implement HBAC rules against this client.
              can anyone please share<br>
              > me good articles of implementing HBAC from web UI.<br>
              <br>
            </span>I'm not sure about the web UI, but as a general rule
            you'll want to add<br>
            an external group (created with --external) as a member of a
            POSIX group<br>
            and reference the POSIX group in the HBAC rule. The AD
            members should be<br>
            added as members of the external group.<br>
            <span class="HOEnZb"><font color="#888888"><br>
                --<br>
                Manage your subscription for the Freeipa-users mailing
                list:<br>
                <a moz-do-not-send="true"
                  href="https://www.redhat.com/mailman/listinfo/freeipa-users"
                  rel="noreferrer" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
                Go to <a moz-do-not-send="true"
                  href="http://freeipa.org" rel="noreferrer"
                  target="_blank">http://freeipa.org</a> for more info
                on the project<br>
              </font></span></blockquote>
        </div>
        <br>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
    </blockquote>
    <br>
  </body>
</html>