How do you let a remote user be an admin for IPA? I followed the fedora group example
external group:ad_admins_external Posix Group: ad_admins Then I made ad_admins a group member of ipa group 'admins' - theoretically now MSAD\Administrator is an IPA admin? I get the following. How does this work? Thanks, Brian sh-4.1$ kinit administra...@msad.test Password for administra...@msad.test: sh-4.1$ klist Ticket cache: FILE:/tmp/krb5cc_1653800500 Default principal: administra...@msad.test Valid starting Expires Service principal 12/09/12 22:34:43 12/10/12 08:35:09 krbtgt/msad.t...@msad.test renew until 12/10/12 22:34:43 sh-4.1$ sh-4.1$ kinit administra...@msad.test^C sh-4.1$ sh-4.1$ ipa user-add ipa: ERROR: Could not create log_dir u'/home/msad.test/administrator/.ipa/log' First name: joe Last name: blo User login [jblo]: ipa: ERROR: Insufficient access: SASL(-14): authorization failure: Invalid credentials sh-4.1$ klist Ticket cache: FILE:/tmp/krb5cc_1653800500 Default principal: administra...@msad.test Valid starting Expires Service principal 12/09/12 22:34:43 12/10/12 08:35:09 krbtgt/msad.t...@msad.test renew until 12/10/12 22:34:43 12/09/12 22:35:31 12/10/12 08:35:09 krbtgt/ipa.t...@msad.test renew until 12/10/12 22:34:43 12/09/12 22:35:09 12/10/12 08:35:09 HTTP/ipa1.ipa.t...@ipa.test renew until 12/10/12 22:34:43 sh-4.1$ _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users