[Freeipa-users] Minimum rights to enrol a client
David Kupka
dkupka at redhat.com
Fri Mar 20 08:37:11 UTC 2015
On 03/20/2015 09:16 AM, Andrew Holway wrote:
> Hello,
>
> I'd like to find our what the minimum role would be to allow a user to join
> a new client to freeipa.
>
> Currently our enrol command looks like:
> ipa-client-install --force-join --enable-dns-updates -U -p admin -w
> xxxxxxxx:
>
> Thanks,
>
> Andrew
>
>
>
Hello!
AFAIK there is 'Host Enrollment' privilege created during IPA server
installation. You need to create new role and add this privilege to the
newly created role.
The role can then be assigned to any user or group. User with this
privilege have enough permissions to enroll a host to IPA domain.
--
David Kupka
More information about the Freeipa-users
mailing list