RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 681979 - Man page is not clear for ipa-client-install --on-master option usage
Summary: Man page is not clear for ipa-client-install --on-master option usage
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-03-03 18:55 UTC by Namita Soman
Modified: 2015-01-04 23:46 UTC (History)
3 users (show)

Fixed In Version: ipa-2.1.0-1.el6
Doc Type: Bug Fix
Doc Text:
Cause: An option in the client installer, --on-master, was not well-documented. Consequence: A user could inadvertently try to use it on a non-server install and end up with a non-working client. Fix: Make the option invisible and remove it entirely from documentation. Result: The option is available but hidden so users will not get confused by it.
Clone Of:
Environment:
Last Closed: 2011-12-06 18:20:39 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1533 0 normal SHIPPED_LIVE Moderate: ipa security and bug fix update 2011-12-06 01:23:31 UTC

Description Namita Soman 2011-03-03 18:55:19 UTC 
Description of problem:
man ipa-client-install indicates:
--on-master 
The client is being configured on an IPA server. 

The server uses this option to install the client.

The end user will not be using option, because server already has the client. And user shouldn't uninstall the client on the server, to reinstall using this option. This makes server unusable.


Version-Release number of selected component (if applicable):
ipa-server-2.0.0-13.20110303T0654zgit81fd790.el6.x86_64
ipa-client-2.0.0-13.20110303T0654zgit81fd790.el6.x86_64

How reproducible:


Steps to Reproduce:
1.man ipa-client-install
2.
3.
  
Actual results:
--on-master 
The client is being configured on an IPA server. 

Expected results:
description should include more info to make it clear that it is not an option to be used by an end user.


Additional info:
Comment 2 Dmitri Pal 2011-03-03 19:25:19 UTC 
https://fedorahosted.org/freeipa/ticket/1050
Comment 4 Rob Crittenden 2011-07-19 17:26:59 UTC 
master: 811f631c0978e02c8b4a771eead6e13160f1e528

ipa-2-0: 1b886a72488a82dd83376d9ecf6894a92d3fd515
Comment 5 Jenny Severance 2011-07-19 19:36:44 UTC 
verified:

Man page no longer contains --master option that would confuse someone.

ipa-client-install(1)                                    ipa-client-install(1)



NAME
       ipa-client-install - Configure an IPA client

SYNOPSIS
       ipa-client-install [OPTION]...

DESCRIPTION
       Configures  a client machine to use IPA for authentication and identity
       services.

       By default this configures SSSD to connect to an IPA server for authen-
       tication  and  authorization.  Optionally one can instead configure PAM
       and NSS (Name Switching Service) to work with an IPA server  over  Ker-
       beros and LDAP.

       An  authorized  user  is required to join a client machine to IPA. This
       can take the form of a kerberos principal or a one-time password  asso-
       ciated with the machine.

       This  same  tool  is  used to unconfigure IPA and attemps to return the
       machine to its previous state. Part of this process is to unenroll  the
       host  from  the  IPA  server.  Unenrollment  consists  of disabling the
       prinicipal key on the IPA server so that it  may  be  re-enrolled.  The
       machine  principal  in  /etc/krb5.keytab (host/<fqdn>@REALM) is used to
       authenticate to the IPA server to unenroll itself.  If  this  principal
       does  not  exist  then unenrollment will fail and an administrator will
       need to disable the host principal (ipa host-disable <fqdn>).

OPTIONS
       --domain=DOMAIN
              Set the domain name to DOMAIN

       --server=SERVER
              Set the IPA server to connect to

       --realm=REALM_NAME
              Set the IPA realm name to REALM_NAME

       -f, --force
              Force the settings even if errors occur

       -d, --debug
              Print debugging information to stdout

       -U, --unattended
              Unattended installation. The user will not be prompted.

       --ntp-server=NTP_SERVER
              Configure ntpd to use this NTP server.

       -S, --no-sssd
              Do not configure the client to use SSSD for authentication,  use
              nss_ldap instead.

       -N, --no-ntp
              Do not configure or enable NTP.

       -w PASSWORD, --password=PASSWORD
              Password  for  joining  a machine to the IPA realm. Assumes bulk
              password unless principal is also set.

       -W     Prompt for the password for joining a machine to the IPA  realm.

       -p, --principal
              Authorized kerberos principal to use to join the IPA realm.

       --permit
              Configure  SSSD to permit all access. Otherwise the machine will
              be controlled by the Host-based Access Controls  (HBAC)  on  the
              IPA server.

       --mkhomedir
              Configure  PAM  to  create a users home directory if it does not
              exist.

       --uninstall
              Remove the IPA client software and restore the configuration  to
              the pre-IPA state.

       --hostname
              The  hostname of this server (FQDN). By default of nodename from
              uname(2) is used.

       --enable-dns-updates
              This option tells SSSD to automatically update DNS with  the  IP
              address of this client.

EXIT STATUS
       0 if the installation was successful

       1 if an error occurred

       2 if uninstalling and the client is not configured



freeipa                           Mar 14 2008            ipa-client-install(1)


version:

ipa-server-2.0.99-3.20110715T0514zgit4bd85ce.el6.x86_64
ipa-client-2.0.99-3.20110715T0514zgit4bd85ce.el6.x86_64
Comment 6 Rob Crittenden 2011-10-31 15:34:46 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: An option in the client installer, --on-master, was not well-documented.
Consequence: A user could inadvertently try to use it on a non-server install and end up with a non-working client.
Fix: Make the option invisible and remove it entirely from documentation.
Result: The option is available but hidden so users will not get confused by it.
Comment 7 errata-xmlrpc 2011-12-06 18:20:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1533.html
Note You need to log in before you can comment on or make changes to this bug.