I tried to give user access permissions to a specific host but when I try to log in via ssh I get an error: [hbac_evaluate] (0x0100): The rule [somerulename] did not match.

somegroup (POSIX) -somegroup-external -some AD user -another AD user ipa hbacrule-show somerulename Rule name: somerulename Enabled: TRUE User Groups: somegroup Hosts: somehost.doma.mydomain.at HBAC Services: sshd, sudo, sudo-i As we were relatively new to IPA we set up the trust to the domain where these users come to "Non-transitive external trust to a domain in another Active Directory forest" ages ago. However, both users can be resolved on somehost.doma.mydomain.at with getent or id. Can you think of a reason why these users get an access denied error? Any hints would be highly appreciated! Cheers, Ronald _______________________________________________ FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue