On 7 July 2017 at 00:29, bogusmaster--- via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org> wrote:
Just to add some example of behaviour I described, I configured an AD
user
group membership and granted him access via HBAC rule. Waited approximately
for 2 hours and then, all of a sudden, it magically works without me
changing anything :). Below is the log excerpt from /var/log/secure which
caught the moment when HBAC rule seemingly started working with no action
on my side:
You are describing the symptoms I saw exactly. The newer SSSD version
(1.15.2-5) from the COPR repo (which is managed by some of the sssd
developers) solved my problems.
cheers
L.