[Freeipa-users] ipa host-del not authorised
Martin Kosek
mkosek at redhat.com
Thu Sep 25 08:41:10 UTC 2014
On 09/25/2014 04:11 AM, Alex Harvey wrote:
> Hi all
>
> I'm new to IPA and struggling a bit to automate some tasks.
>
> I am unable to delete hosts from the command line although have no problem
> doing this using the GUI, e.g.
>
> [root at myipaserver ~]# ipa host-del myhost.example.com
>
> ipa: ERROR: Insufficient access: not allowed to perform this command
>
> I guess I need to somehow pass the admin user's username and password?
> However the man page doesn't seem to provide any option for doing this.
>
> Thanks
> Alex
Hello Alex,
I assume you created a non-admin user with some permissions allow deleting a host.
This error message is thrown when a virtual operation check fails. This is
raised for example when a user is trying to do unathorized operation with
certificates, like if user having host deletion permission does not also have
permission to revoke certificates for deleted users.
Does the privileged user has "Revoke Certificate" permission assigned through
some privilege/role?
The mismatch of behavior between CLI and UI is strange. They call the same
code, maybe you run it with different users.
Also, what is your FreeIPA version?
Martin
More information about the Freeipa-users
mailing list