Bug 1392778 - Update man page for ipa-adtrust-install by removing --no-msdcs option
Summary: Update man page for ipa-adtrust-install by removing --no-msdcs option
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.3
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Sudhir Menon
Depends On:
TreeView+ depends on / blocked
Reported: 2016-11-08 08:53 UTC by Sudhir Menon
Modified: 2017-08-01 09:42 UTC (History)
4 users (show)

Fixed In Version: ipa-4.5.0-1.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-08-01 09:42:02 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2304 normal SHIPPED_LIVE ipa bug fix and enhancement update 2017-08-01 12:41:35 UTC

Description Sudhir Menon 2016-11-08 08:53:07 UTC
Description of problem: Update man page for ipa-adtrust-install by removing --no-msdcs option

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Run ipa-adtrust-install --help
2. Check the output.

Actual results:
  --version             show program's version number and exit
  -h, --help            show this help message and exit
  -d, --debug           print debugging information
                        NetBIOS name of the IPA domain
  --rid-base=RID_BASE   Start value for mapping UIDs and GIDs to RIDs
                        Start value of the secondary range for mapping UIDs
                        and GIDs to RIDs
  -U, --unattended      unattended installation never prompts the user
  -a ADMIN_PASSWORD, --admin-password=ADMIN_PASSWORD
                        admin user kerberos password
  -A ADMIN_NAME, --admin-name=ADMIN_NAME
                        admin user principal
  --add-sids            Add SIDs for existing users and groups as the final
  --add-agents          Add IPA masters to a list of hosts allowed to
                        serveinformation about users from trusted forests
  --enable-compat       Enable support for trusted domains for old clients

Expected results:
It doesn't list any option for '--no-msdcs' which is deprecated.
So we should be removing it from man page.

Additional info:
Do not create DNS service records for Windows in managed DNS server. Since those DNS service records are the only way to discover domain controllers of other domains they must be added manually to a different DNS server to allow trust reala‐tionships  work  properly. All needed service records are listed when ipa-adtrust-install finishes and either --no-msdcs was given or no IPA DNS service is configured. Typically service records for the following service names are needed  for the IPA domain which should point to all IPA servers:

· _ldap._tcp
· _kerberos._tcp
· _kerberos._udp
· _ldap._tcp.dc._msdcs
· _kerberos._tcp.dc._msdcs
· _kerberos._udp.dc._msdcs
· _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs
· _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs
· _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs

Comment 2 Petr Spacek 2016-11-14 08:55:04 UTC
Upstream ticket:

Comment 3 Martin Bašti 🖰 2016-11-14 16:34:51 UTC
Fixed upstream

Comment 4 Martin Bašti 🖰 2016-11-16 23:47:04 UTC
Fixed upstream

Comment 6 Sudhir Menon 2017-05-25 12:05:21 UTC
Tested on RHEL7.4.
Verified using ipa-server-trust-ad-4.5.0-13.el7.x86_64

--no-msdcs option has been removed from ipa-adtrust-install man page.

Comment 7 errata-xmlrpc 2017-08-01 09:42:02 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.