Bug 740860

Summary: hbactest fails while the sourcehost is external.
Product: Red Hat Enterprise Linux 6 Reporter: Gowrishankar Rajaiyan <grajaiya>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED DUPLICATE QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: unspecified Docs Contact:
Priority: high    
Version: 6.2CC: jgalipea, mkosek
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-27 06:30:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Gowrishankar Rajaiyan 2011-09-23 15:06:41 UTC
Description of problem:


Version-Release number of selected component (if applicable):
ipa-server-2.1.1-4.el6.x86_64

How reproducible:
Always

Steps to Reproduce:

[root@kungfupanda ~]# ipa hbacrule-show nc-test 
  Rule name: nc-test
  Enabled: TRUE
  Users: nc
  Hosts: decepticons.lab.eng.pnq.redhat.com
  Services: sshd
  Service Groups: remote
  External host: nc.pnq.redhat.com

[root@kungfupanda ~]# ipa hbacsvcgroup-show remote
  Service group name: remote
  Description: Remote Services
  Member HBAC service: sshd, telnet, vsftpd

[root@kungfupanda ~]# ipa hbactest --rule nc-test
User name: nc
Source host: nc.pnq.redhat.com
Target host: decepticons.lab.eng.pnq.redhat.com
Service: telnet
---------------------
Access granted: False
---------------------
  notmatched: nc-test

  
Actual results:
The hbactest displays "Access granted: False", even when the access should be granted.


Expected results:
Access should be granted while the source host is an external host.

Additional info:

Comment 2 Rob Crittenden 2011-09-23 17:36:28 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/1860

Comment 3 Gowrishankar Rajaiyan 2011-09-27 06:30:33 UTC

*** This bug has been marked as a duplicate of bug 736276 ***