Hello,
I am using freeipa 4.5.0.21 (full details below) and I noticed a weird
behaviour. When getting informations about a server with a regular
user, it won't show the server roles while these roles will be given
when checking the server roles themselves. In this case the roles are
of 'configured' status instead of 'enabled' (which is probably what
would be expected).
As it's not documented in the official Guide and I didn't find
anything in the mail archive, I believe some clarification is needed.
Should server roles be found through some commands but not others ? Is
there any security issue of showing them always ?
(user)
# ipa server-show srv3.idm.local --all
dn: cn=srv3.idm.local,cn=masters,cn=ipa,cn=etc,dc=idm,dc=local
Server name: srv3.idm.local
Enabled server roles:
objectclass: top, nsContainer, ipaReplTopoManagedServer,
ipaConfigObject, ipaSupportedDomainLevelConfig
(user)
# ipa server-role-show srv3.idm.local 'NTP server'
Server name: srv3.idm.local
Role name: NTP server
Role status: configured
(admin)
# ipa server-show srv3.idm.local --all
dn: cn=srv3.idm.local,cn=masters,cn=ipa,cn=etc,dc=idm,dc=local
Server name: srv3.idm.local
Managed suffixes: domain, ca
Min domain level: 0
Max domain level: 1
Enabled server roles: CA server, DNS server, NTP server
objectclass: top, nsContainer, ipaReplTopoManagedServer,
ipaConfigObject, ipaSupportedDomainLevelConfig
# yum info ipa-server -v
Loading "fastestmirror" plugin
Config time: 0.008
Yum version: 3.4.3
rpmdb time: 0.000
Setting up Package Sacks
Loading mirror speeds from cached hostfile
pkgsack time: 0.004
Installed Packages
Name : ipa-server
Arch : x86_64
Version : 4.5.0
Release : 21.el7.centos.2.2
Size : 1.0 M
Repo : installed
From repo : ipa
Committer : Johnny Hughes <johnny(a)centos.org>
Committime : Thu Oct 19 14:00:00 2017
Buildtime : Thu Oct 19 22:52:09 2017
Install time: Mon Sep 23 21:46:46 2019
Installed by: root <root>
Changed by : System <unset>
Summary : The IPA authentication server
URL :
http://www.freeipa.org/
Licence : GPLv3+
Description : IPA is an integrated solution to provide centrally
managed Identity (users,
: hosts, services), Authentication (SSO, 2FA), and Authorization
: (host access control, SELinux user roles, services). The
solution provides
: features for further integration with Linux based
clients (SUDO, automount)
: and integration with Active Directory based
infrastructures (Trusts).
: If you are installing an IPA server, you need to install
this package.
# cat /etc/*release*
CentOS Linux release 7.4.1708 (Core)
Derived from Red Hat Enterprise Linux 7.4 (Source)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
CentOS Linux release 7.4.1708 (Core)
CentOS Linux release 7.4.1708 (Core)
cpe:/o:centos:centos:7
Best regards
Eugene