Hi all, Refering to this topic: https://www.redhat.com/archives/freeipa-users/2013-July/msg00318.html
We are no able to do a show_user from a webserver on an IPA server, but user_add gives a problem in rights. On the IPA server there is added to the services: HTTP/test-webserver.dev.domain.local@DEV.DOMAIN.LOCAL<https://test-zip.dev.msp.cullie.local/ipa/ui/#HTTP/test-zip-2.dev.msp.cullie.lo...@dev.msp.CULLIE.LOCAL> We installed mod_auth_kerb on the webserver and the IPA-server and created a keytab also on both servers. <https://test-zip.dev.msp.cullie.local/ipa/ui/#HTTP/test-zip-2.dev.msp.cullie.lo...@dev.msp.CULLIE.LOCAL> With our script we still get the following error because the rights that the user has: ipa: ERROR: Insufficient access: Insufficient 'add' privilege to the 'userPassword' attribute When we add a user "apache" to the IPA server and give it admin rights and set it to the "User Administrator" Role we still don't have the right privileges to do so. We need to setup a S4U2Proxy where we thought of that we did by installing the mod_auth_kerb on the webserver, but this seems to be on the IPA servers. The same question for the keytab, where do we use it when we use a simple webserver form to add a user ? It's the same as in the topic here where there is spoken about the "User privileges": http://comments.gmane.org/gmane.linux.redhat.freeipa.user/8244 What do we have to do on which server ? We have put a lot of time into the user_show part and that works, now westill need the user_add (and so on). Has anyone some sort of sample/howto for this ? Thanks in advance. Matt
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users