Managing access to Fedora 27 workstation with FreeIPA and HBAC

~ Matt Smith

If you are trying to create an HBAC rule in FreeIPA to allow users to log on to Fedora 27 workstations via GDM, you will need to do the following:

– Create a new HBAC service in FreeIPA, called “systemd-user”

– Create an HBAC rule that includes “gdm”, “gdm-password”, and “systemd-user”, granting access to your users for the targeted hosts

Figuring out the need to create the “systemd-user” service required adding “debug_level=9” in the [pam] section of /etc/sssd/sssd.conf, and a lot of patience.

Leave a Reply

Your email address will not be published. Required fields are marked *