RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1392778 - Update man page for ipa-adtrust-install by removing --no-msdcs option
Summary: Update man page for ipa-adtrust-install by removing --no-msdcs option
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Sudhir Menon
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-08 08:53 UTC by Sudhir Menon
Modified: 2017-08-01 09:42 UTC (History)
4 users (show)

Fixed In Version: ipa-4.5.0-1.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 09:42:02 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2304 0 normal SHIPPED_LIVE ipa bug fix and enhancement update 2017-08-01 12:41:35 UTC

Description Sudhir Menon 2016-11-08 08:53:07 UTC
Description of problem: Update man page for ipa-adtrust-install by removing --no-msdcs option

Version-Release number of selected component (if applicable):
ipa-server-trust-ad-4.4.0-14.el7_3.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Run ipa-adtrust-install --help
2. Check the output.

Actual results:
Options:
  --version             show program's version number and exit
  -h, --help            show this help message and exit
  -d, --debug           print debugging information
  --netbios-name=NETBIOS_NAME
                        NetBIOS name of the IPA domain
  --rid-base=RID_BASE   Start value for mapping UIDs and GIDs to RIDs
  --secondary-rid-base=SECONDARY_RID_BASE
                        Start value of the secondary range for mapping UIDs
                        and GIDs to RIDs
  -U, --unattended      unattended installation never prompts the user
  -a ADMIN_PASSWORD, --admin-password=ADMIN_PASSWORD
                        admin user kerberos password
  -A ADMIN_NAME, --admin-name=ADMIN_NAME
                        admin user principal
  --add-sids            Add SIDs for existing users and groups as the final
                        step
  --add-agents          Add IPA masters to a list of hosts allowed to
                        serveinformation about users from trusted forests
  --enable-compat       Enable support for trusted domains for old clients

Expected results:
It doesn't list any option for '--no-msdcs' which is deprecated.
So we should be removing it from man page.

Additional info:
--no-msdcs
Do not create DNS service records for Windows in managed DNS server. Since those DNS service records are the only way to discover domain controllers of other domains they must be added manually to a different DNS server to allow trust reala‐tionships  work  properly. All needed service records are listed when ipa-adtrust-install finishes and either --no-msdcs was given or no IPA DNS service is configured. Typically service records for the following service names are needed  for the IPA domain which should point to all IPA servers:

· _ldap._tcp
· _kerberos._tcp
· _kerberos._udp
· _ldap._tcp.dc._msdcs
· _kerberos._tcp.dc._msdcs
· _kerberos._udp.dc._msdcs
· _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs
· _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs
· _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs

Comment 2 Petr Spacek 2016-11-14 08:55:04 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/6480

Comment 3 Martin Bašti 2016-11-14 16:34:51 UTC
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/623cc428cfd79ea228bda6e88dc48bad9aaf61aa

Comment 4 Martin Bašti 2016-11-16 23:47:04 UTC
Fixed upstream
ipa-4-4:
https://fedorahosted.org/freeipa/changeset/ef988aab6c756d5fec4513c182d702fb0a1db249

Comment 6 Sudhir Menon 2017-05-25 12:05:21 UTC
Tested on RHEL7.4.
Verified using ipa-server-trust-ad-4.5.0-13.el7.x86_64


--no-msdcs option has been removed from ipa-adtrust-install man page.

Comment 7 errata-xmlrpc 2017-08-01 09:42:02 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2304


Note You need to log in before you can comment on or make changes to this bug.