[Freeipa-users] Queries on migrating nis netgroups
Martin Kosek
mkosek at redhat.com
Tue Jan 5 07:00:48 UTC 2016
On 01/04/2016 10:41 PM, Rob Crittenden wrote:
> Martin Kosek wrote:
...
>> I anyway tried to add externalHost to the shadow hostgroup via ldapmodify as DM
>> and it worked:
>>
>> # ipa netgroup-show masters
>> Netgroup name: masters
>> Description: ipaNetgroup masters
>> NIS domain name: rhel72
>> External host: foo
>> Member Hostgroup: masters
>>
>> I am still unable to add membership as admin though:
>>
>> # ipa netgroup-add-member masters --hosts foo2
>> ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the
>> 'externalHost' attribute of entry 'cn=masters,cn=ng,cn=alt,dc=rhel72'.
>
> That is the right way to do it. Unknown hosts to IPA are marked as
> "external" and stored separately. Just be aware that you can put
> anything in there so beware of typoes.
>
> This command works fine for me using IPA using ipa-server-4.2.0-15.el7
> so I'm not sure where the permission bug lies.
Did you try it on native netgroup (added via netgroup-add) or hostgroup shadow
group? As it works for me on native netgroups, but not on shadow netgroups,
where I can only add the external host with as DM.
More information about the Freeipa-users
mailing list