Imported Upstream version 4.3.1
This commit is contained in:
Mario Fetka
@@ -16,7 +16,7 @@
|
||||
.\"
|
||||
.\" Author: Sumit Bose <sbose@redhat.com>
|
||||
.\"
|
||||
.TH "ipa-adtrust-install" "1" "April 11 2017" "FreeIPA" "FreeIPA Manual Pages"
|
||||
.TH "ipa-adtrust-install" "1" "Aug 23 2011" "FreeIPA" "FreeIPA Manual Pages"
|
||||
.SH "NAME"
|
||||
ipa\-adtrust\-install \- Prepare an IPA server to be able to establish trust relationships with AD domains
|
||||
.SH "SYNOPSIS"
|
||||
@@ -26,11 +26,11 @@ Adds all necessary objects and configuration to allow an IPA server to create a
|
||||
trust to an Active Directory domain. This requires that the IPA server is
|
||||
already installed and configured.
|
||||
|
||||
Please note you will not be able to establish a trust to an Active Directory
|
||||
Please note you will not be able to estabilish an trust to an Active Directory
|
||||
domain unless the realm name of the IPA server matches its domain name.
|
||||
|
||||
ipa\-adtrust\-install can be run multiple times to reinstall deleted objects or
|
||||
broken configuration files. E.g. a fresh samba configuration (smb.conf) file and
|
||||
broken configuration files. E.g. a fresh samba configuration (smb.conf file and
|
||||
registry based configuration can be created. Other items like e.g. the
|
||||
configuration of the local range cannot be changed by running
|
||||
ipa\-adtrust\-install a second time because with changes here other objects
|
||||
@@ -52,8 +52,6 @@ the following ports to be open to allow IPA and Active Directory to communicate
|
||||
.IP
|
||||
\(bu 1024/tcp through 1300/tcp to allow EPMAP on port 135/tcp to create a TCP listener based
|
||||
on an incoming request.
|
||||
.IP
|
||||
\(bu 3268/tcp Microsoft-GC
|
||||
.TP
|
||||
\fBUDP Ports\fR
|
||||
.IP
|
||||
@@ -66,7 +64,7 @@ on an incoming request.
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
\fB\-d\fR, \fB\-\-debug\fR
|
||||
Enable debug logging when more verbose output is needed.
|
||||
Enable debug logging when more verbose output is needed
|
||||
.TP
|
||||
\fB\-\-netbios\-name\fR=\fINETBIOS_NAME\fR
|
||||
The NetBIOS name for the IPA domain. If not provided then this is determined
|
||||
@@ -75,8 +73,35 @@ ipa\-adtrust\-install for a second time with a different NetBIOS name will
|
||||
change the name. Please note that changing the NetBIOS name might break
|
||||
existing trust relationships to other domains.
|
||||
.TP
|
||||
\fB\-\-no\-msdcs\fR
|
||||
Do not create DNS service records for Windows in managed DNS server. Since those
|
||||
DNS service records are the only way to discover domain controllers of other
|
||||
domains they must be added manually to a different DNS server to allow trust
|
||||
realationships work properly. All needed service records are listed when
|
||||
ipa\-adtrust\-install finishes and either \-\-no\-msdcs was given or no IPA DNS
|
||||
service is configured. Typically service records for the following service names
|
||||
are needed for the IPA domain which should point to all IPA servers:
|
||||
.IP
|
||||
\(bu _ldap._tcp
|
||||
.IP
|
||||
\(bu _kerberos._tcp
|
||||
.IP
|
||||
\(bu _kerberos._udp
|
||||
.IP
|
||||
\(bu _ldap._tcp.dc._msdcs
|
||||
.IP
|
||||
\(bu _kerberos._tcp.dc._msdcs
|
||||
.IP
|
||||
\(bu _kerberos._udp.dc._msdcs
|
||||
.IP
|
||||
\(bu _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs
|
||||
.IP
|
||||
\(bu _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs
|
||||
.IP
|
||||
\(bu _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs
|
||||
.TP
|
||||
\fB\-\-add\-sids\fR
|
||||
Add SIDs to existing users and groups as one of the final steps of the
|
||||
Add SIDs to existing users and groups as on of final steps of the
|
||||
ipa\-adtrust\-install run. If there a many existing users and groups and a
|
||||
couple of replicas in the environment this operation might lead to a high
|
||||
replication traffic and a performance degradation of all IPA servers in the
|
||||
@@ -99,16 +124,16 @@ via \ipa-adtrust\-install run on any other IPA master. At least SSSD
|
||||
version 1.13 on IPA master is required to be able to perform as a trust agent.
|
||||
.TP
|
||||
\fB\-U\fR, \fB\-\-unattended\fR
|
||||
An unattended installation that will never prompt for user input.
|
||||
An unattended installation that will never prompt for user input
|
||||
.TP
|
||||
\fB\-\-rid-base\fR=\fIRID_BASE\fR
|
||||
First RID value of the local domain. The first POSIX ID of the local domain will
|
||||
\fB\-U\fR, \fB\-\-rid-base\fR=\fIRID_BASE\fR
|
||||
First RID value of the local domain. The first Posix ID of the local domain will
|
||||
be assigned to this RID, the second to RID+1 etc. See the online help of the
|
||||
idrange CLI for details.
|
||||
.TP
|
||||
\fB\-\-secondary-rid-base\fR=\fISECONDARY_RID_BASE\fR
|
||||
\fB\-U\fR, \fB\-\-secondary-rid-base\fR=\fISECONDARY_RID_BASE\fR
|
||||
Start value of the secondary RID range, which is only used in the case a user
|
||||
and a group share numerically the same POSIX ID. See the online help of the
|
||||
and a group share numerically the same Posix ID. See the online help of the
|
||||
idrange CLI for details.
|
||||
.TP
|
||||
\fB\-A\fR, \fB\-\-admin\-name\fR=\fIADMIN_NAME\fR
|
||||
|
||||
Reference in New Issue
Block a user