Hi Rob,

Thanks, but what do you mean here ? The Foreman has a script which
should be OK for it:

https://github.com/theforeman/smart-proxy/blob/develop/sbin/foreman-prepare-realm

Can you check this maybe ?

Thanks,

Matt

2017-03-10 17:21 GMT+01:00 Rob Crittenden <rcrit...@redhat.com>:
> Matt . wrote:
>> I'm trying to add a host using Foreman to the FreeIPA realm but this
>> doesn't work, all things seem to be fine and some other tests from
>> people are working:
>>
>> The issue is reported here: http://projects.theforeman.org/issues/18850
>>
>>
>> My settings are like this:
>>
>>
>> [root@ipa-01 ~]# ipa role-find
>> ---------------
>> 6 roles matched
>> ---------------
>>   Role name: helpdesk
>>   Description: Helpdesk
>>
>>   Role name: IT Security Specialist
>>   Description: IT Security Specialist
>>
>>   Role name: IT Specialist
>>   Description: IT Specialist
>>
>>   Role name: Security Architect
>>   Description: Security Architect
>>
>>   Role name: Smart Proxy Host Manager
>>   Description: Smart Proxy management
>>
>>   Role name: User Administrator
>>   Description: Responsible for creating Users and Groups
>> ----------------------------
>> Number of entries returned 6
>> ----------------------------
>> [root@ipa-01 ~]# ipa role-show "Smart Proxy Host Manager"
>>   Role name: Smart Proxy Host Manager
>>   Description: Smart Proxy management
>>   Member users: foreman-proxy, foreman-realm-proxy
>>   Privileges: Smart Proxy Host Management
>> [root@ipa-01 ~]# ipa privilege-show "Smart Proxy Host Management"
>>   Privilege name: Smart Proxy Host Management
>>   Description: Smart Proxy Host Management
>>   Permissions: Retrieve Certificates from the CA, System: Add DNS
>> Entries, System: Read DNS Entries, System: Remove DNS Entries, System:
>> Update DNS
>>                Entries, System: Manage Host Certificates, System:
>> Manage Host Enrollment Password, System: Manage Host Keytab, System:
>> Modify Hosts,
>>                System: Remove Hosts, System: Manage Service Keytab,
>> System: Modify Services, Add Host Enrollment Password
>>   Granting privilege to roles: Smart Proxy Host Manager
>> [root@ipa-01 ~]#
>> [root@ipa-01 ~]# ipa permission-find "Add Host"
>> ---------------------
>> 3 permissions matched
>> ---------------------
>>   Permission name: Add Host Enrollment Password
>>   Granted rights: add
>>   Effective attributes: userpassword
>>   Bind rule type: permission
>>   Subtree: cn=computers,cn=accounts,dc=office,dc=ipa,dc=domain,dc=tld
>>   Type: host
>>   Permission flags: V2, SYSTEM
>>
>>   Permission name: System: Add Hostgroups
>>   Granted rights: add
>>   Bind rule type: permission
>>   Subtree: cn=hostgroups,cn=accounts,dc=office,dc=ipa,dc=domain,dc=tld
>>   Type: hostgroup
>>   Permission flags: V2, MANAGED, SYSTEM
>>
>>   Permission name: System: Add Hosts
>>   Granted rights: add
>>   Bind rule type: permission
>>   Subtree: cn=computers,cn=accounts,dc=office,dc=ipa,dc=domain,dc=tld
>>   Type: host
>>   Permission flags: V2, MANAGED, SYSTEM
>> ----------------------------
>> Number of entries returned 3
>> ----------------------------
>>
>>
>> Can anyone help me out as I'm unsure where this goes wrong.
>>
>
> For 'Add Host Enrollment Password' the granted rights should be write
> not add.
>
> add is for adding entries, not writing attributes.
>
> rob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to