Red Hat Bugzilla – Bug 1392778
Update man page for ipa-adtrust-install by removing --no-msdcs option
Last modified: 2017-08-01 05:42:02 EDT
Description of problem: Update man page for ipa-adtrust-install by removing --no-msdcs option Version-Release number of selected component (if applicable): ipa-server-trust-ad-4.4.0-14.el7_3.x86_64 How reproducible: Always Steps to Reproduce: 1. Run ipa-adtrust-install --help 2. Check the output. Actual results: Options: --version show program's version number and exit -h, --help show this help message and exit -d, --debug print debugging information --netbios-name=NETBIOS_NAME NetBIOS name of the IPA domain --rid-base=RID_BASE Start value for mapping UIDs and GIDs to RIDs --secondary-rid-base=SECONDARY_RID_BASE Start value of the secondary range for mapping UIDs and GIDs to RIDs -U, --unattended unattended installation never prompts the user -a ADMIN_PASSWORD, --admin-password=ADMIN_PASSWORD admin user kerberos password -A ADMIN_NAME, --admin-name=ADMIN_NAME admin user principal --add-sids Add SIDs for existing users and groups as the final step --add-agents Add IPA masters to a list of hosts allowed to serveinformation about users from trusted forests --enable-compat Enable support for trusted domains for old clients Expected results: It doesn't list any option for '--no-msdcs' which is deprecated. So we should be removing it from man page. Additional info: --no-msdcs Do not create DNS service records for Windows in managed DNS server. Since those DNS service records are the only way to discover domain controllers of other domains they must be added manually to a different DNS server to allow trust reala‐tionships work properly. All needed service records are listed when ipa-adtrust-install finishes and either --no-msdcs was given or no IPA DNS service is configured. Typically service records for the following service names are needed for the IPA domain which should point to all IPA servers: · _ldap._tcp · _kerberos._tcp · _kerberos._udp · _ldap._tcp.dc._msdcs · _kerberos._tcp.dc._msdcs · _kerberos._udp.dc._msdcs · _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs · _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs · _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs
Upstream ticket: https://fedorahosted.org/freeipa/ticket/6480
Fixed upstream master: https://fedorahosted.org/freeipa/changeset/623cc428cfd79ea228bda6e88dc48bad9aaf61aa
Fixed upstream ipa-4-4: https://fedorahosted.org/freeipa/changeset/ef988aab6c756d5fec4513c182d702fb0a1db249
Tested on RHEL7.4. Verified using ipa-server-trust-ad-4.5.0-13.el7.x86_64 --no-msdcs option has been removed from ipa-adtrust-install man page.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2304