Hi all

Many thanks for the replies here -

As it turned out I just needed to run kinit admin and enter the password,
as Net Vent suggested, and that resolved the issue.  For that matter, I
found I could also simply run su - admin and then run the ipa host-del
command and also achieve the same result.


On 25 September 2014 18:41, Martin Kosek <mko...@redhat.com> wrote:

> On 09/25/2014 04:11 AM, Alex Harvey wrote:
> > Hi all
> >
> > I'm new to IPA and struggling a bit to automate some tasks.
> >
> > I am unable to delete hosts from the command line although have no
> problem
> > doing this using the GUI, e.g.
> >
> > [root@myipaserver ~]# ipa host-del myhost.example.com
> >
> > ipa: ERROR: Insufficient access: not allowed to perform this command
> >
> > I guess I need to somehow pass the admin user's username and password?
> > However the man page doesn't seem to provide any option for doing this.
> >
> > Thanks
> > Alex
>
> Hello Alex,
>
> I assume you created a non-admin user with some permissions allow deleting
> a host.
>
> This error message is thrown when a virtual operation check fails. This is
> raised for example when a user is trying to do unathorized operation with
> certificates, like if user having host deletion permission does not also
> have
> permission to revoke certificates for deleted users.
>
> Does the privileged user has "Revoke Certificate" permission assigned
> through
> some privilege/role?
>
> The mismatch of behavior between CLI and UI is strange. They call the same
> code, maybe you run it with different users.
>
> Also, what is your FreeIPA version?
>
> Martin
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to