I need to add principal alias to a service from the client in which it is
>From the client I have the following script:
kinit -k -t /etc/krb5.keytab
ipa service-add myservice/myclient.example.com
ipa service-add-principal myservice/myclient.example.com myservice/
On the last command it returns the following error:
ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the
'krbPrincipalName' attribute of entry 'krbprincipalname=myservice/
I tried create a role with the 'Service Administrators' privilege and
attached it on the principal host: host/myclient.example.com (instead of
myservice/myclient.example.com) and it worked.
However I need to set this role (or privilege) globally. On the other hand,
any new host enrolled after ipa-client-install has that privilege allowed.
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org