[Freeipa-users] "Remove Host" Permission Not Working
Martin Kosek
mkosek at redhat.com
Tue Nov 12 08:57:04 UTC 2013
On 11/11/2013 11:14 PM, Stephen Benjamin wrote:
> Hi,
>
> I've been working on getting Foreman and my FreeIPA instance completely integrated:
>
> https://bitbin.de/blog/2013/11/foreman-freeipa-integration-guide/
>
> But I have an issue, I have a user that has limited roles for Host Enrollment, including
> "Add Host" and "Remove Host" permissions. Remove Host doesn't work like I expect:
>
> $ ipa host-del testbuild.bitbin.de
> ipa: ERROR: Insufficient access: not allowed to perform this command
> Failed while deleting host from IPA.
>
> Logs:
>
> [Mon Nov 11 23:03:35 2013] [error] ipa: INFO: registration at BITBIN.DE: host_del((u'testbuild.bitbin.de',), updatedns=False): ACIError
>
> Is there an additional permission I need? I tried a bunch of different permissions
> but I couldn't figure out the right one to give.
There should not be any additional permission required. I tested the procedure
according to your log and deleting hosts as "foreman" user worked for me. Can
you please send the role and privilege entry so that I can check for correctness?
# ipa role-show "Host Enrollment"
# ipa privilege-show "Host Enrollment"
Thanks.
Martin
More information about the Freeipa-users
mailing list