I tried to give user access permissions to a specific host but when I
try to log in via ssh I get an error:
[hbac_evaluate] (0x0100): The rule [somerulename] did not match.
somegroup (POSIX)
-somegroup-external
-some AD user
-another AD user
ipa hbacrule-show somerulename
Rule name: somerulename
Enabled: TRUE
User Groups: somegroup
Hosts: somehost.doma.mydomain.at
HBAC Services: sshd, sudo, sudo-i
As we were relatively new to IPA we set up the trust to the domain where
these users come to "Non-transitive external trust to a domain in
another Active Directory forest" ages ago. However, both users can be
resolved on somehost.doma.mydomain.at with getent or id.
Can you think of a reason why these users get an access denied error?
Any hints would be highly appreciated!
Cheers,
Ronald
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
