Please keep freeipa-users in CC
On 08.08.2016 11:22, Deepak Dimri wrote:
Thanks Martin,
Don't i need to create subdomain for each team and then register the
hosts under that domain and finally assign HBAC?
HBAC rule is per host/hostgroup and it is unrelated to domain. Read doc
there should be everything :)
Martin
Regards,
Deepak
------------------------------------------------------------------------
Subject: Re: [Freeipa-users] Delegated Administration in IPA
To: [email protected]; [email protected]
From: [email protected]
Date: Mon, 8 Aug 2016 10:41:59 +0200
On 08.08.2016 10:03, Deepak Dimri wrote:
Hi List,
I want some help here! i have 100 of linux servers and ec2
instances used by various teams/departments. I want to have
group wise clubbing of these servers so that i can delegate
administration access to manager of that particular group. For
example lets say out of those 100 servers, 25 servers belongs to
engineering team so i want to register these 25 servers under
engineering group/domain and then assign the full administration
access to engineering manager to manage these 25 servers and there
accesses.
I am getting a sense that we can create DNS subdomains for each
team i.e. engineering.<ipa server domain name> and then register
those 25 servers under engineering.<ipa server domain name> but
then i am not sure how i can assign the access and do rest of the
configurations.
I would be thankfully if any of you can provide with configuration
steps to help me
Thanks,
Deepak
Hello,
I think you need HBAC
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/configuring-host-access.html
You need add servers to particular hostgroups, and create HBAC rules
according the doc ^^^
Martin
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
