I tried to give user access permissions to a specific host but when I
try to log in via ssh I get an error:
[hbac_evaluate] (0x0100): The rule [somerulename] did not match.
somegroup (POSIX)
-somegroup-external
-some AD user
-another AD user
ipa hbacrule-show somerulename
Rule name: somerulename
Enabled: TRUE
User Groups: somegroup
Hosts: somehost.doma.mydomain.at
HBAC Services: sshd, sudo, sudo-i
As we were relatively new to IPA we set up the trust to the domain where
these users come to "Non-transitive external trust to a domain in
another Active Directory forest" ages ago. However, both users can be
resolved on somehost.doma.mydomain.at with getent or id.
Can you think of a reason why these users get an access denied error?
Any hints would be highly appreciated!
Cheers,
Ronald
Show replies by date