On 11/11/2013 11:14 PM, Stephen Benjamin wrote:
> I've been working on getting Foreman and my FreeIPA instance completely
> But I have an issue, I have a user that has limited roles for Host
> Enrollment, including
> "Add Host" and "Remove Host" permissions. Remove Host doesn't work like I
> $ ipa host-del testbuild.bitbin.de
> ipa: ERROR: Insufficient access: not allowed to perform this command
> Failed while deleting host from IPA.
> [Mon Nov 11 23:03:35 2013] [error] ipa: INFO: registrat...@bitbin.de:
> host_del((u'testbuild.bitbin.de',), updatedns=False): ACIError
> Is there an additional permission I need? I tried a bunch of different
> but I couldn't figure out the right one to give.
There should not be any additional permission required. I tested the procedure
according to your log and deleting hosts as "foreman" user worked for me. Can
you please send the role and privilege entry so that I can check for
# ipa role-show "Host Enrollment"
# ipa privilege-show "Host Enrollment"
Freeipa-users mailing list