On 03/20/2015 09:16 AM, Andrew Holway wrote:
Hello,

I'd like to find our what the minimum role would be to allow a user to join
a new client to freeipa.

Currently our enrol command looks like:
ipa-client-install --force-join --enable-dns-updates -U -p admin -w
xxxxxxxx:

Thanks,

Andrew



Hello!

AFAIK there is 'Host Enrollment' privilege created during IPA server installation. You need to create new role and add this privilege to the newly created role. The role can then be assigned to any user or group. User with this privilege have enough permissions to enroll a host to IPA domain.

--
David Kupka

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to