Hey All,
Let's suppose I have two AD groups:
unixadmin
unixusers
In FreeIPA, I would like to give unixadmin group access to ALL FreeIPA
functions.
Whereas for the unixusers, I would like to give R/O access.
I've already done the group mappings from AD to FreeIPA.
What is the best way to achieve this? I'm finding related links online
but not quite what I'm looking for.
I did a test to see if nesting the unixadmin group within the FreeIPA
admins group would work but I still can't login to FreeIPA with my AD
user, despite my ID residing in the unixadmin group which in turn is
nested in the FreeIPA admins group.
This is FreeIPA 4.6.4 .
--
Thx,
TK.