Hi!

I'm trying to build an auto-enrollment script that would leverage a
service account to enroll hosts.

Here is the LDIF for this service account:
https://gist.github.com/touzoku/2b03a47d3f0bcfbdf30a

This service account is created successfully, but when I try to:
1) kinit hostadmin
2) ipa host-add foobar.contoso.com

The following error appears:
ipa: ERROR: Insufficient access: Insufficient 'add' privilege to add
the entry 'fqdn=foobar.contoso.com,cn=computers,cn=accounts,dc=contoso,dc=com'.

Which privilege am I missing? A normal (posix) user, with the same set
of privileges worked fine, the problem started to happen when I moved
user from normal users to cn=sysaccounts,cn=etc.

Also, is my set of privileges minimal? Which privileges do I need to
just add host entries?

Best regards,
Marat Vyshegorodtsev

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to