On 09/25/2014 04:11 AM, Alex Harvey wrote: > Hi all > > I'm new to IPA and struggling a bit to automate some tasks. > > I am unable to delete hosts from the command line although have no problem > doing this using the GUI, e.g. > > [root@myipaserver ~]# ipa host-del myhost.example.com > > ipa: ERROR: Insufficient access: not allowed to perform this command > > I guess I need to somehow pass the admin user's username and password? > However the man page doesn't seem to provide any option for doing this. > > Thanks > Alex
Hello Alex, I assume you created a non-admin user with some permissions allow deleting a host. This error message is thrown when a virtual operation check fails. This is raised for example when a user is trying to do unathorized operation with certificates, like if user having host deletion permission does not also have permission to revoke certificates for deleted users. Does the privileged user has "Revoke Certificate" permission assigned through some privilege/role? The mismatch of behavior between CLI and UI is strange. They call the same code, maybe you run it with different users. Also, what is your FreeIPA version? Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
