<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Please keep freeipa-users in CC</p>
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 08.08.2016 11:22, Deepak Dimri
wrote:<br>
</div>
<blockquote cite="mid:SNT152-W1440C1B97E7781E4DA2390F51B0@phx.gbl"
type="cite">
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style>
<div dir="ltr">Thanks Martin,
<div><br>
</div>
<div>Don't i need to create subdomain for each team and then
register the hosts under that domain and finally assign HBAC?</div>
</div>
</blockquote>
<br>
HBAC rule is per host/hostgroup and it is unrelated to domain. Read
doc there should be everything :)<br>
<br>
Martin<br>
<br>
<br>
<blockquote cite="mid:SNT152-W1440C1B97E7781E4DA2390F51B0@phx.gbl"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Regards,</div>
<div>Deepak</div>
<div>
<div>
<div><br>
</div>
<div><br>
<br>
<div>
<hr id="stopSpelling">Subject: Re: [Freeipa-users]
Delegated Administration in IPA<br>
To: <a class="moz-txt-link-abbreviated" href="mailto:deepak_dimri@hotmail.com">deepak_dimri@hotmail.com</a>; <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
From: <a class="moz-txt-link-abbreviated" href="mailto:mbasti@redhat.com">mbasti@redhat.com</a><br>
Date: Mon, 8 Aug 2016 10:41:59 +0200<br>
<br>
<br>
<br>
<br>
<div class="ecxmoz-cite-prefix">On 08.08.2016 10:03,
Deepak Dimri wrote:<br>
</div>
<blockquote
cite="mid:SNT152-W9563576EE8F3AE1D2582BEF51B0@phx.gbl">
<style><!--
.ExternalClass .ecxhmmessage P {
padding:0px;
}
.ExternalClass body.ecxhmmessage {
font-size:12pt;
font-family:Calibri;
}
--></style>
<div dir="ltr">Hi List,
<div><br>
</div>
<div>I want some help here! i have 100 of linux
servers and ec2 instances used by various
teams/departments. I want to have group wise
clubbing of these servers so that i can delegate
administration access to manager of that
particular group. For example lets say out of
those 100 servers, 25 servers belongs to
engineering team so i want to register these 25
servers under engineering group/domain and then
assign the full administration access to
engineering manager to manage these 25 servers and
there accesses. </div>
<div><br>
</div>
<div>I am getting a sense that we can create DNS
subdomains for each team i.e. engineering.<ipa
server domain name> and then register those 25
servers under engineering.<ipa server domain
name> but then i am not sure how i can assign
the access and do rest of the configurations. </div>
<div><br>
</div>
<div>I would be thankfully if any of you can provide
with configuration steps to help me</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Deepak</div>
</div>
<br>
<fieldset class="ecxmimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
Hello,<br>
<br>
I think you need HBAC
<a moz-do-not-send="true"
class="ecxmoz-txt-link-freetext"
href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/configuring-host-access.html"
target="_blank">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/configuring-host-access.html</a><br>
<br>
You need add servers to particular hostgroups, and
create HBAC rules according the doc ^^^<br>
<br>
Martin<br>
<br>
<br>
<br>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>