On 01/04/2016 10:41 PM, Rob Crittenden wrote:
> Martin Kosek wrote:
>> I anyway tried to add externalHost to the shadow hostgroup via ldapmodify as
>> and it worked:
>> # ipa netgroup-show masters
>> Netgroup name: masters
>> Description: ipaNetgroup masters
>> NIS domain name: rhel72
>> External host: foo
>> Member Hostgroup: masters
>> I am still unable to add membership as admin though:
>> # ipa netgroup-add-member masters --hosts foo2
>> ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the
>> 'externalHost' attribute of entry 'cn=masters,cn=ng,cn=alt,dc=rhel72'.
> That is the right way to do it. Unknown hosts to IPA are marked as
> "external" and stored separately. Just be aware that you can put
> anything in there so beware of typoes.
> This command works fine for me using IPA using ipa-server-4.2.0-15.el7
> so I'm not sure where the permission bug lies.
Did you try it on native netgroup (added via netgroup-add) or hostgroup shadow
group? As it works for me on native netgroups, but not on shadow netgroups,
where I can only add the external host with as DM.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project