Hi Guys I need to add principal alias to a service from the client in which it is managed by.
>From the client I have the following script: --- kinit -k -t /etc/krb5.keytab ipa service-add myservice/myclient.example.com ipa service-add-principal myservice/myclient.example.com myservice/ myalias.example.com --- On the last command it returns the following error: --- ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the 'krbPrincipalName' attribute of entry 'krbprincipalname=myservice/ myclient.example....@example.com,cn=services,cn=accounts,dc=example,dc=com'. --- I tried create a role with the 'Service Administrators' privilege and attached it on the principal host: host/myclient.example.com (instead of myservice/myclient.example.com) and it worked. However I need to set this role (or privilege) globally. On the other hand, any new host enrolled after ipa-client-install has that privilege allowed. Thank you
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
