[Freeipa-users] Service account to enroll hosts
Marat Vyshegorodtsev
marat.vyshegorodtsev at gmail.com
Wed Jan 27 08:55:27 UTC 2016
Hi!
I'm trying to build an auto-enrollment script that would leverage a
service account to enroll hosts.
Here is the LDIF for this service account:
https://gist.github.com/touzoku/2b03a47d3f0bcfbdf30a
This service account is created successfully, but when I try to:
1) kinit hostadmin
2) ipa host-add foobar.contoso.com
The following error appears:
ipa: ERROR: Insufficient access: Insufficient 'add' privilege to add
the entry 'fqdn=foobar.contoso.com,cn=computers,cn=accounts,dc=contoso,dc=com'.
Which privilege am I missing? A normal (posix) user, with the same set
of privileges worked fine, the problem started to happen when I moved
user from normal users to cn=sysaccounts,cn=etc.
Also, is my set of privileges minimal? Which privileges do I need to
just add host entries?
Best regards,
Marat Vyshegorodtsev
More information about the Freeipa-users
mailing list