Hi Guys

I need to add principal alias to a service from the client in which it is
managed by.

>From the client I have the following script:

kinit -k -t /etc/krb5.keytab
ipa service-add myservice/myclient.example.com
ipa service-add-principal myservice/myclient.example.com myservice/

On the last command it returns the following error:

ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the
'krbPrincipalName' attribute of entry 'krbprincipalname=myservice/

I tried create a role with the 'Service Administrators' privilege and
attached it on the principal host: host/myclient.example.com (instead of
myservice/myclient.example.com) and it worked.

However I need to set this role (or privilege) globally. On the other hand,
any new host enrolled after ipa-client-install has that privilege allowed.

Thank you
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to