[Freeipa-users] ipa host-del not authorised
Alex Harvey
alexharv074 at gmail.com
Mon Sep 29 02:57:37 UTC 2014
Hi all
Many thanks for the replies here -
As it turned out I just needed to run kinit admin and enter the password,
as Net Vent suggested, and that resolved the issue. For that matter, I
found I could also simply run su - admin and then run the ipa host-del
command and also achieve the same result.
On 25 September 2014 18:41, Martin Kosek <mkosek at redhat.com> wrote:
> On 09/25/2014 04:11 AM, Alex Harvey wrote:
> > Hi all
> >
> > I'm new to IPA and struggling a bit to automate some tasks.
> >
> > I am unable to delete hosts from the command line although have no
> problem
> > doing this using the GUI, e.g.
> >
> > [root at myipaserver ~]# ipa host-del myhost.example.com
> >
> > ipa: ERROR: Insufficient access: not allowed to perform this command
> >
> > I guess I need to somehow pass the admin user's username and password?
> > However the man page doesn't seem to provide any option for doing this.
> >
> > Thanks
> > Alex
>
> Hello Alex,
>
> I assume you created a non-admin user with some permissions allow deleting
> a host.
>
> This error message is thrown when a virtual operation check fails. This is
> raised for example when a user is trying to do unathorized operation with
> certificates, like if user having host deletion permission does not also
> have
> permission to revoke certificates for deleted users.
>
> Does the privileged user has "Revoke Certificate" permission assigned
> through
> some privilege/role?
>
> The mismatch of behavior between CLI and UI is strange. They call the same
> code, maybe you run it with different users.
>
> Also, what is your FreeIPA version?
>
> Martin
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140929/5ed3ea73/attachment.htm>
More information about the Freeipa-users
mailing list