Hi Rob, Thanks for the update, the same error happens when I add a new host, so I'm lost, the same for the Foreman devs.
What can I check/test further ? Thanks, Matt 2017-03-10 21:20 GMT+01:00 Rob Crittenden <[email protected]>: > Matt . wrote: >> Hi Rob, >> >> Thanks, but what do you mean here ? The Foreman has a script which >> should be OK for it: >> >> https://github.com/theforeman/smart-proxy/blob/develop/sbin/foreman-prepare-realm >> >> Can you check this maybe ? > > Like I said, it's wrong. > > add grants the ability to add new entries, not updating existing ones. > > The right needs to be "write". > > rob > >> >> Thanks, >> >> Matt >> >> 2017-03-10 17:21 GMT+01:00 Rob Crittenden <[email protected]>: >>> Matt . wrote: >>>> I'm trying to add a host using Foreman to the FreeIPA realm but this >>>> doesn't work, all things seem to be fine and some other tests from >>>> people are working: >>>> >>>> The issue is reported here: http://projects.theforeman.org/issues/18850 >>>> >>>> >>>> My settings are like this: >>>> >>>> >>>> [root@ipa-01 ~]# ipa role-find >>>> --------------- >>>> 6 roles matched >>>> --------------- >>>> Role name: helpdesk >>>> Description: Helpdesk >>>> >>>> Role name: IT Security Specialist >>>> Description: IT Security Specialist >>>> >>>> Role name: IT Specialist >>>> Description: IT Specialist >>>> >>>> Role name: Security Architect >>>> Description: Security Architect >>>> >>>> Role name: Smart Proxy Host Manager >>>> Description: Smart Proxy management >>>> >>>> Role name: User Administrator >>>> Description: Responsible for creating Users and Groups >>>> ---------------------------- >>>> Number of entries returned 6 >>>> ---------------------------- >>>> [root@ipa-01 ~]# ipa role-show "Smart Proxy Host Manager" >>>> Role name: Smart Proxy Host Manager >>>> Description: Smart Proxy management >>>> Member users: foreman-proxy, foreman-realm-proxy >>>> Privileges: Smart Proxy Host Management >>>> [root@ipa-01 ~]# ipa privilege-show "Smart Proxy Host Management" >>>> Privilege name: Smart Proxy Host Management >>>> Description: Smart Proxy Host Management >>>> Permissions: Retrieve Certificates from the CA, System: Add DNS >>>> Entries, System: Read DNS Entries, System: Remove DNS Entries, System: >>>> Update DNS >>>> Entries, System: Manage Host Certificates, System: >>>> Manage Host Enrollment Password, System: Manage Host Keytab, System: >>>> Modify Hosts, >>>> System: Remove Hosts, System: Manage Service Keytab, >>>> System: Modify Services, Add Host Enrollment Password >>>> Granting privilege to roles: Smart Proxy Host Manager >>>> [root@ipa-01 ~]# >>>> [root@ipa-01 ~]# ipa permission-find "Add Host" >>>> --------------------- >>>> 3 permissions matched >>>> --------------------- >>>> Permission name: Add Host Enrollment Password >>>> Granted rights: add >>>> Effective attributes: userpassword >>>> Bind rule type: permission >>>> Subtree: cn=computers,cn=accounts,dc=office,dc=ipa,dc=domain,dc=tld >>>> Type: host >>>> Permission flags: V2, SYSTEM >>>> >>>> Permission name: System: Add Hostgroups >>>> Granted rights: add >>>> Bind rule type: permission >>>> Subtree: cn=hostgroups,cn=accounts,dc=office,dc=ipa,dc=domain,dc=tld >>>> Type: hostgroup >>>> Permission flags: V2, MANAGED, SYSTEM >>>> >>>> Permission name: System: Add Hosts >>>> Granted rights: add >>>> Bind rule type: permission >>>> Subtree: cn=computers,cn=accounts,dc=office,dc=ipa,dc=domain,dc=tld >>>> Type: host >>>> Permission flags: V2, MANAGED, SYSTEM >>>> ---------------------------- >>>> Number of entries returned 3 >>>> ---------------------------- >>>> >>>> >>>> Can anyone help me out as I'm unsure where this goes wrong. >>>> >>> >>> For 'Add Host Enrollment Password' the granted rights should be write >>> not add. >>> >>> add is for adding entries, not writing attributes. >>> >>> rob >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
