On 2/17/21 12:56 PM, Ronald Wimmer via FreeIPA-users wrote:
On 19.10.20 11:38, Ronald Wimmer via FreeIPA-users wrote:
> Today we did not manage to enroll new hosts with our enrollment user.
> The only thing we changed is that we added the Permission "System:
> Remove hosts" to the "Host Enrollment" role. The error we get is:
> Joining realm failed: Failed to parse result: Insufficient access rights
> Retrying with pre-4.0 keytab retrieval method...
> Failed to parse result: Insufficient access rights
> Failed to get keytab!
> Failed to get keytab
> child exited with 9
Can somebody state precisely which permissions/roles are needed in order
to enroll a new host by issuing the ipa-client-install command?
If the client is enrolled in one step (host entry creation + join done
through ipa-client-install), I remember needing 2 privileges:
- Host Enrollment
- Host Administrators
"Host Enrollment" privilege can be obtained via the role "Enrollment
Administrator" and "Host Administrators" privilege can be obtained via
the role "IT Specialist".
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
Do not reply to spam on the list, report it: