Hi Rob, Thanks, but what do you mean here ? The Foreman has a script which should be OK for it:
https://github.com/theforeman/smart-proxy/blob/develop/sbin/foreman-prepare-realm Can you check this maybe ? Thanks, Matt 2017-03-10 17:21 GMT+01:00 Rob Crittenden <rcrit...@redhat.com>: > Matt . wrote: >> I'm trying to add a host using Foreman to the FreeIPA realm but this >> doesn't work, all things seem to be fine and some other tests from >> people are working: >> >> The issue is reported here: http://projects.theforeman.org/issues/18850 >> >> >> My settings are like this: >> >> >> [root@ipa-01 ~]# ipa role-find >> --------------- >> 6 roles matched >> --------------- >> Role name: helpdesk >> Description: Helpdesk >> >> Role name: IT Security Specialist >> Description: IT Security Specialist >> >> Role name: IT Specialist >> Description: IT Specialist >> >> Role name: Security Architect >> Description: Security Architect >> >> Role name: Smart Proxy Host Manager >> Description: Smart Proxy management >> >> Role name: User Administrator >> Description: Responsible for creating Users and Groups >> ---------------------------- >> Number of entries returned 6 >> ---------------------------- >> [root@ipa-01 ~]# ipa role-show "Smart Proxy Host Manager" >> Role name: Smart Proxy Host Manager >> Description: Smart Proxy management >> Member users: foreman-proxy, foreman-realm-proxy >> Privileges: Smart Proxy Host Management >> [root@ipa-01 ~]# ipa privilege-show "Smart Proxy Host Management" >> Privilege name: Smart Proxy Host Management >> Description: Smart Proxy Host Management >> Permissions: Retrieve Certificates from the CA, System: Add DNS >> Entries, System: Read DNS Entries, System: Remove DNS Entries, System: >> Update DNS >> Entries, System: Manage Host Certificates, System: >> Manage Host Enrollment Password, System: Manage Host Keytab, System: >> Modify Hosts, >> System: Remove Hosts, System: Manage Service Keytab, >> System: Modify Services, Add Host Enrollment Password >> Granting privilege to roles: Smart Proxy Host Manager >> [root@ipa-01 ~]# >> [root@ipa-01 ~]# ipa permission-find "Add Host" >> --------------------- >> 3 permissions matched >> --------------------- >> Permission name: Add Host Enrollment Password >> Granted rights: add >> Effective attributes: userpassword >> Bind rule type: permission >> Subtree: cn=computers,cn=accounts,dc=office,dc=ipa,dc=domain,dc=tld >> Type: host >> Permission flags: V2, SYSTEM >> >> Permission name: System: Add Hostgroups >> Granted rights: add >> Bind rule type: permission >> Subtree: cn=hostgroups,cn=accounts,dc=office,dc=ipa,dc=domain,dc=tld >> Type: hostgroup >> Permission flags: V2, MANAGED, SYSTEM >> >> Permission name: System: Add Hosts >> Granted rights: add >> Bind rule type: permission >> Subtree: cn=computers,cn=accounts,dc=office,dc=ipa,dc=domain,dc=tld >> Type: host >> Permission flags: V2, MANAGED, SYSTEM >> ---------------------------- >> Number of entries returned 3 >> ---------------------------- >> >> >> Can anyone help me out as I'm unsure where this goes wrong. >> > > For 'Add Host Enrollment Password' the granted rights should be write > not add. > > add is for adding entries, not writing attributes. > > rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
