On 01/04/2016 10:41 PM, Rob Crittenden wrote: > Martin Kosek wrote: ... >> I anyway tried to add externalHost to the shadow hostgroup via ldapmodify as >> DM >> and it worked: >> >> # ipa netgroup-show masters >> Netgroup name: masters >> Description: ipaNetgroup masters >> NIS domain name: rhel72 >> External host: foo >> Member Hostgroup: masters >> >> I am still unable to add membership as admin though: >> >> # ipa netgroup-add-member masters --hosts foo2 >> ipa: ERROR: Insufficient access: Insufficient 'write' privilege to the >> 'externalHost' attribute of entry 'cn=masters,cn=ng,cn=alt,dc=rhel72'. > > That is the right way to do it. Unknown hosts to IPA are marked as > "external" and stored separately. Just be aware that you can put > anything in there so beware of typoes. > > This command works fine for me using IPA using ipa-server-4.2.0-15.el7 > so I'm not sure where the permission bug lies.
Did you try it on native netgroup (added via netgroup-add) or hostgroup shadow group? As it works for me on native netgroups, but not on shadow netgroups, where I can only add the external host with as DM. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project