only the enrollment bit. Add creating hosts
and others as needed.
rob
>
> WBR,
> Alexander Frolushkin
>
> -Original Message-
> From: Rob Crittenden [mailto:rcrit...@redhat.com]
> Sent: Monday, April 20, 2015 8:41 PM
> To: Alexander Frolushkin (SIB); freeip
ost is not new, it was removed from domain to test the privileges...
WBR,
Alexander Frolushkin
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Monday, April 20, 2015 8:41 PM
To: Alexander Frolushkin (SIB); freeipa-users@redhat.com; 'David Kupka'
Subject: Re
Alexander Frolushkin wrote:
> Very strange. If this user acts as a member of admins group - it can enroll
> host. If not - it can't.
> Only difference this group brings in permissions - a number of replication
> agreement permissions...
admins can do nearly anything so that's not surprising.
Fo
-boun...@redhat.com] On Behalf Of Alexander Frolushkin
Sent: Monday, April 20, 2015 5:06 PM
To: 'David Kupka'; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Found new problem after 3.3 - 4.1 update
>Hello!
>This thread seams to solve similar issue:
>https://www.redhat.co
>Hello!
>This thread seams to solve similar issue:
>https://www.redhat.com/archives/freeipa-users/2013-January/msg00153.html
Thank You, but...
On 3.3 I used this thread to make it work.
But on 4.1:
User, able to enroll:
memberofindirect: cn=System: Read Replication
Agreements,cn=permissions,cn=p
On 04/20/2015 12:00 PM, Alexander Frolushkin wrote:
Hello!
We found our host enrollment role does not work after ipa server update.
Now user having this role get this error:
Joining realm failed: No permission to join this host to the IPA domain.
Maybe now we need to add some addition permission
Hello!
We found our host enrollment role does not work after ipa server update.
Now user having this role get this error:
Joining realm failed: No permission to join this host to the IPA domain.
Maybe now we need to add some addition permissions to this role, can someone to
point out which permis