diff options
| -rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 7 | ||||
| -rw-r--r-- | ipa-client/man/ipa-client-install.1 | 5 |
2 files changed, 10 insertions, 2 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 79df8972c..af3d7312c 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -67,6 +67,8 @@ def parse_options(): basic_group.add_option("--domain", dest="domain", help="domain name") basic_group.add_option("--server", dest="server", help="IPA server") basic_group.add_option("--realm", dest="realm_name", help="realm name") + basic_group.add_option("--fixed-primary", dest="primary", action="store_true", + default=False, help="Configure sssd to use fixed server as primary IPA server") basic_group.add_option("-p", "--principal", dest="principal", help="principal to use to join the IPA realm"), basic_group.add_option("-w", "--password", dest="password", sensitive=True, @@ -753,7 +755,10 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options, clie domain.set_option('dns_discovery_domain', cli_domain) if not options.on_master: - domain.set_option('ipa_server', '_srv_, %s' % cli_server) + if options.primary: + domain.set_option('ipa_server', '%s, _srv_' % cli_server) + else: + domain.set_option('ipa_server', '_srv_, %s' % cli_server) else: # the master should only use itself for Kerberos domain.set_option('ipa_server', cli_server) diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1 index cf3db2e68..caf595719 100644 --- a/ipa-client/man/ipa-client-install.1 +++ b/ipa-client/man/ipa-client-install.1 @@ -33,7 +33,7 @@ This same tool is used to unconfigure IPA and attemps to return the machine to i .SS "HOSTNAME REQUIREMENTS" Client must use a \fBstatic hostname\fR. If the machine hostname changes for example due to a dynamic hostname assignment by a DHCP server, client enrollment to IPA server breaks and user then would not be able to perform Kerberos authentication. ---hostname option may be used to specify a static hostname that is set in machine system configuration and persist over reboot. +\-\-hostname option may be used to specify a static hostname that persists over reboot. .SH "OPTIONS" .SS "BASIC OPTIONS" @@ -47,6 +47,9 @@ Set the IPA server to connect to \fB\-\-realm\fR=\fIREALM_NAME\fR Set the IPA realm name to REALM_NAME .TP +\fB\-\-fixed\-primary\fR +Configure sssd to use a fixed server as the primary IPA server. The default is to use DNS SRV records to determine the primary server to use and fall back to the server the client is enrolled with. +.TP \fB\-p\fR, \fB\-\-principal\fR Authorized kerberos principal to use to join the IPA realm. .TP |