On 01/04/2016 10:41 PM, Rob Crittenden wrote:
> Martin Kosek wrote:
>> I anyway tried to add externalHost to the shadow hostgroup via ldapmodify as 
>> DM
>> and it worked:
>> # ipa netgroup-show masters
>>   Netgroup name: masters
>>   Description: ipaNetgroup masters
>>   NIS domain name: rhel72
>>   External host: foo
>>   Member Hostgroup: masters
>> I am still unable to add membership as admin though:
>> # ipa netgroup-add-member masters --hosts foo2
>> ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the
>> 'externalHost' attribute of entry 'cn=masters,cn=ng,cn=alt,dc=rhel72'.
> That is the right way to do it. Unknown hosts to IPA are marked as
> "external" and stored separately. Just be aware that you can put
> anything in there so beware of typoes.
> This command works fine for me using IPA using ipa-server-4.2.0-15.el7
> so I'm not sure where the permission bug lies.

Did you try it on native netgroup (added via netgroup-add) or hostgroup shadow
group? As it works for me on native netgroups, but not on shadow netgroups,
where I can only add the external host with as DM.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to