Am Fri, Sep 23, 2022 at 01:07:24PM +0200 schrieb Ronald Wimmer via FreeIPA-users:
I tried to give user access permissions to a specific host but when I
try to
log in via ssh I get an error:
[hbac_evaluate] (0x0100): The rule [somerulename] did not match.
Hi,
near the log line above there should be additional information about the
rule and the user. Can you send those as well? You might have to increase
the debug_level to see all messages.
bye,
Sumit
somegroup (POSIX)
-somegroup-external
-some AD user
-another AD user
ipa hbacrule-show somerulename
Rule name: somerulename
Enabled: TRUE
User Groups: somegroup
Hosts: somehost.doma.mydomain.at
HBAC Services: sshd, sudo, sudo-i
As we were relatively new to IPA we set up the trust to the domain where
these users come to "Non-transitive external trust to a domain in another
Active Directory forest" ages ago. However, both users can be resolved on
somehost.doma.mydomain.at with getent or id.
Can you think of a reason why these users get an access denied error?
Any hints would be highly appreciated!
Cheers,
Ronald
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue