5:17 a.m.
Hi,
I'm trying to set up new FreeIPA servers based on an old setup. I've only migrated
users/groups to the new setup.
I wasn't able to SSH into the new IPA server and after investigating it seemed to be
some HBAC rules for SSHD service wans't enabled. I've intentionally not migrated
the preivous HBAC rules.
On the old system it had been created and included HBAC for rules using the
'--servicecat=all' options, meaning I couldn't get any information from the
HBAC rules looking in the GUI.
Why isn't this visible?
7:25 a.m.
New subject: Allow service '--servicecat=all' not visible in GUI
Finn Fysj via FreeIPA-users wrote:
Hi,
I'm trying to set up new FreeIPA servers based on an old setup. I've only
migrated users/groups to the new setup.
I wasn't able to SSH into the new IPA server and after investigating it seemed to be
some HBAC rules for SSHD service wans't enabled. I've intentionally not migrated
the preivous HBAC rules.
On the old system it had been created and included HBAC for rules using the
'--servicecat=all' options, meaning I couldn't get any information from the
HBAC rules looking in the GUI.
Why isn't this visible?
It's impossible to say without know what version you're talking about.
It is currently represented (4.10) as radio buttons for hostcat and
servicecat.
Host category the rule applies to: [ ] Any Host [X] Specified Hosts and
Groups
Service category the rule applies to: [ ] Any Service [X] Specified
Services and Groups
rob
9:01 a.m.
New subject: Allow service '--servicecat=all' not visible in GUI
$ ipa --version
VERSION: 4.10.0, API_VERSION: 2.251
411
days inactive
412
days old
freeipa-users@lists.fedorahosted.org
4 comments
2 participants
participants (2)
-
Finn Fysj -
Rob Crittenden