How do you let a remote user be an admin for IPA?
I followed the fedora group example
external group:ad_admins_external
Posix Group: ad_admins
Then I made ad_admins a group member of ipa group 'admins' - theoretically now
MSAD\Administrator is an IPA admin? I get the following. How does this work?
Thanks,
Brian
sh-4.1$ kinit administra...@msad.test
Password for administra...@msad.test:
sh-4.1$ klist
Ticket cache: FILE:/tmp/krb5cc_1653800500
Default principal: administra...@msad.test
Valid starting Expires Service principal
12/09/12 22:34:43 12/10/12 08:35:09 krbtgt/msad.t...@msad.test
renew until 12/10/12 22:34:43
sh-4.1$
sh-4.1$ kinit administra...@msad.test^C
sh-4.1$
sh-4.1$ ipa user-add
ipa: ERROR: Could not create log_dir u'/home/msad.test/administrator/.ipa/log'
First name: joe
Last name: blo
User login [jblo]:
ipa: ERROR: Insufficient access: SASL(-14): authorization failure: Invalid
credentials
sh-4.1$ klist
Ticket cache: FILE:/tmp/krb5cc_1653800500
Default principal: administra...@msad.test
Valid starting Expires Service principal
12/09/12 22:34:43 12/10/12 08:35:09 krbtgt/msad.t...@msad.test
renew until 12/10/12 22:34:43
12/09/12 22:35:31 12/10/12 08:35:09 krbtgt/ipa.t...@msad.test
renew until 12/10/12 22:34:43
12/09/12 22:35:09 12/10/12 08:35:09 HTTP/ipa1.ipa.t...@ipa.test
renew until 12/10/12 22:34:43
sh-4.1$
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
