Hi, the following three patches should fix https://fedorahosted.org/freeipa/ticket/2967 https://fedorahosted.org/freeipa/ticket/2972 https://fedorahosted.org/freeipa/ticket/3038 respectively.
bye, Sumit
From bab787a651773ec9bead34cfaaec05991ebc74c4 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Mon, 1 Oct 2012 13:36:00 +0200 Subject: [PATCH] Add man page paragraph about running ipa-adtrust-install multiple times Fixes https://fedorahosted.org/freeipa/ticket/2967 --- install/tools/man/ipa-adtrust-install.1 | 8 ++++++++ 1 Datei geändert, 8 Zeilen hinzugefügt(+) diff --git a/install/tools/man/ipa-adtrust-install.1 b/install/tools/man/ipa-adtrust-install.1 index 5303ec27be2af3d36c0e83d839625c3bdd6816a4..dc48ac8cdf5342ff3750b2bf1965ee25224e26fb 100644 --- a/install/tools/man/ipa-adtrust-install.1 +++ b/install/tools/man/ipa-adtrust-install.1 @@ -25,6 +25,14 @@ ipa\-adtrust\-install [\fIOPTION\fR]... Adds all necessary objects and configuration to allow an IPA server to create a trust to an Active Directory domain. This requires that the IPA server is already installed and configured. + +ipa\-adtrust\-install can be run multiple times to reinstall deleted objects or +broken configuration files. E.g. a fresh samba configuration (smb.conf file and +registry based configuration can be created. Other items like e.g. the +configuration of the local range cannot be changed by running +ipa\-adtrust\-install a second time because with changes here other objects +might be affected as well. + .SH "OPTIONS" .TP \fB\-d\fR, \fB\-\-debug\fR -- 1.7.11.4
From ff2700ab7b793ae167823dc3d93c131e0d8ea998 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Mon, 1 Oct 2012 21:43:45 +0200 Subject: [PATCH] Enhance description of --no-msdcs in man page Fixes https://fedorahosted.org/freeipa/ticket/2972 --- install/tools/man/ipa-adtrust-install.1 | 26 +++++++++++++++++++++++++- 1 Datei geändert, 25 Zeilen hinzugefügt(+), 1 Zeile entfernt(-) diff --git a/install/tools/man/ipa-adtrust-install.1 b/install/tools/man/ipa-adtrust-install.1 index dc48ac8cdf5342ff3750b2bf1965ee25224e26fb..13f111004eda4477db948355d26f524409805b7b 100644 --- a/install/tools/man/ipa-adtrust-install.1 +++ b/install/tools/man/ipa-adtrust-install.1 @@ -45,7 +45,31 @@ The IP address of the IPA server. If not provided then this is determined based The NetBIOS name for the IPA domain. If not provided then this is determined based on the leading component of the DNS domain name. .TP \fB\-\-no\-msdcs\fR -Do not create DNS service records for Windows in managed DNS server +Do not create DNS service records for Windows in managed DNS server. Since those +DNS service records are the only way to discover domain controllers of other +domains they must be added manually to a different DNS server to allow trust +realationships work properly. All needed service records are listed when +ipa\-adtrust\-install finishes and either \-\-no\-msdcs was given or no IPA DNS +service is configured. Typically service records for the following service names +are needed for the IPA domain which should point to all IPA servers: +.IP +\(bu _ldap._tcp +.IP +\(bu _kerberos._tcp +.IP +\(bu _kerberos._udp +.IP +\(bu _ldap._tcp.dc._msdcs +.IP +\(bu _kerberos._tcp.dc._msdcs +.IP +\(bu _kerberos._udp.dc._msdcs +.IP +\(bu _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs +.IP +\(bu _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs +.IP +\(bu _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs .TP \fB\-U\fR, \fB\-\-unattended\fR An unattended installation that will never prompt for user input -- 1.7.11.4
From 335ea2644ba8b171a288223dedbe6a237316e8f7 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Mon, 1 Oct 2012 21:54:00 +0200 Subject: [PATCH] Add --rid-base and --secondary-rid-base to ipa-adtrust-install man page Fixes https://fedorahosted.org/freeipa/ticket/3038 --- install/tools/man/ipa-adtrust-install.1 | 10 ++++++++++ 1 Datei geändert, 10 Zeilen hinzugefügt(+) diff --git a/install/tools/man/ipa-adtrust-install.1 b/install/tools/man/ipa-adtrust-install.1 index 13f111004eda4477db948355d26f524409805b7b..fa63bca3c4859325acb5891de6ad1e21b97dc754 100644 --- a/install/tools/man/ipa-adtrust-install.1 +++ b/install/tools/man/ipa-adtrust-install.1 @@ -74,6 +74,16 @@ are needed for the IPA domain which should point to all IPA servers: \fB\-U\fR, \fB\-\-unattended\fR An unattended installation that will never prompt for user input .TP +\fB\-U\fR, \fB\-\-rid-base\fR=\fIRID_BASE\fR +First RID value of the local domain. The first Posix ID of the local domain will +be assigned to this RID, the second to RID+1 etc. See the online help of the +idrange CLI for details. +.TP +\fB\-U\fR, \fB\-\-secondary-rid-base\fR=\fISECONDARY_RID_BASE\fR +Start value of the secondary RID range, which is only used in the case a user +and a group share numerically the same Posix ID. See the online help of the +idrange CLI for details. +.TP \fB\-A\fR, \fB\-\-admin\-name\fR=\fIADMIN_NAME\fR The name of the user with administrative privileges for this IPA server. Defaults to 'admin'. .TP -- 1.7.11.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel