On Thu, Oct 1, 2020 at 12:59 PM Ronald Wimmer via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:
>
> On 01.10.20 17:46, Alexander Bokovoy wrote:
> > On to, 01 loka 2020, Ronald Wimmer via FreeIPA-users wrote:
> >> Is it possible to set this flag by default for all new IPA hosts?
> >
> > I checked the code and there is no way to set it by default. You have to
> > explicitly specify --ok-as-delegate=true when adding hosts and services.
>
> Host are added and enrolled by issuing the ipa-client-install command
> which does not seem to have a flag for this. So my only chance is to do
> a host-mod afterwards?
>
If you are willing to use Ansible, with ansible-freeipa you can use a
playbook like:
```
- name: Add hosts
hosts: ipaserver
tasks:
- name: Add host with ok_as_delegate.
ipahost:
ipaadmin_password: SomeADMINpassword
name: client.ipa.test
ip_address: 10.10.10.10
update_dns: yes
ok_as_delegate: yes
```
After that:
# ipa host-show client --all | grep Trusted
Trusted for delegation: True
Trusted to authenticate as user: False
Rafael
--
Rafael Guterres Jeffman
Senior Software Engineer
FreeIPA - Red Hat
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
