How do you let a remote user be an admin for IPA? I followed the fedora group example
external group:ad_admins_external Posix Group: ad_admins Then I made ad_admins a group member of ipa group 'admins' - theoretically now MSAD\Administrator is an IPA admin? I get the following. How does this work? Thanks, Brian sh-4.1$ kinit [email protected] Password for [email protected]: sh-4.1$ klist Ticket cache: FILE:/tmp/krb5cc_1653800500 Default principal: [email protected] Valid starting Expires Service principal 12/09/12 22:34:43 12/10/12 08:35:09 krbtgt/[email protected] renew until 12/10/12 22:34:43 sh-4.1$ sh-4.1$ kinit [email protected]^C sh-4.1$ sh-4.1$ ipa user-add ipa: ERROR: Could not create log_dir u'/home/msad.test/administrator/.ipa/log' First name: joe Last name: blo User login [jblo]: ipa: ERROR: Insufficient access: SASL(-14): authorization failure: Invalid credentials sh-4.1$ klist Ticket cache: FILE:/tmp/krb5cc_1653800500 Default principal: [email protected] Valid starting Expires Service principal 12/09/12 22:34:43 12/10/12 08:35:09 krbtgt/[email protected] renew until 12/10/12 22:34:43 12/09/12 22:35:31 12/10/12 08:35:09 krbtgt/[email protected] renew until 12/10/12 22:34:43 12/09/12 22:35:09 12/10/12 08:35:09 HTTP/[email protected] renew until 12/10/12 22:34:43 sh-4.1$ _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
