summaryrefslogtreecommitdiffstats
path: root/install/tools/man/ipa-adtrust-install.1
Commit message (Collapse)AuthorAgeFilesLines
* ipa-adtrust-install: configure compatibility tree to serve trusted domain usersAlexander Bokovoy2013-07-181-0/+23
| | | | | | | | | | | | | | | | | | | | | | | | | Enables support for trusted domains users for old clients through Schema Compatibility plugin. SSSD supports trusted domains natively starting with version 1.9 platform. For platforms that lack SSSD or run older SSSD version one needs to use this option. When enabled, slapi-nis package needs to be installed and schema-compat-plugin will be configured to provide lookup of users and groups from trusted domains via SSSD on IPA server. These users and groups will be available under cn=users,cn=compat,$SUFFIX and cn=groups,cn=compat,$SUFFIX trees. SSSD will normalize names of users and groups to lower case. In addition to providing these users and groups through the compat tree, this option enables authentication over LDAP for trusted domain users with DN under compat tree, i.e. using bind DN uid=administrator@ad.domain,cn=users,cn=compat,$SUFFIX. This authentication is related to PAM stack using 'system-auth' PAM service. If you have disabled HBAC rule 'allow_all', then make sure there is special service called 'system-auth' created and HBAC rule to allow access to anyone to this rule on IPA masters is added. Please note that system-auth PAM service is not used directly by any other application, therefore it is safe to create one specifically to support trusted domain users via compatibility path. https://fedorahosted.org/freeipa/ticket/3567
* ipa-adtrust-install: allow to reset te NetBIOS domain nameSumit Bose2012-11-081-1/+5
| | | | Fixes https://fedorahosted.org/freeipa/ticket/3192
* Add SIDs for existing users and groups at the end of ipa-adtrust-installSumit Bose2012-10-041-0/+10
| | | | Fixes https://fedorahosted.org/freeipa/ticket/3104
* Add --rid-base and --secondary-rid-base to ipa-adtrust-install man pageSumit Bose2012-10-031-0/+10
| | | | Fixes https://fedorahosted.org/freeipa/ticket/3038
* Enhance description of --no-msdcs in man pageSumit Bose2012-10-031-1/+25
| | | | Fixes https://fedorahosted.org/freeipa/ticket/2972
* Add man page paragraph about running ipa-adtrust-install multiple timesSumit Bose2012-10-031-0/+8
| | | | Fixes https://fedorahosted.org/freeipa/ticket/2967
* Fix various typos.Yuri Chornoivan2012-09-181-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3089
* Ask for admin password in ipa-adtrust-installAlexander Bokovoy2012-08-241-0/+9
| | | | | | | | | The credentials of the admin user will be used to obtain Kerberos ticket before configuring cross-realm trusts support and afterwards, to ensure that the ticket contains MS-PAC information required to actually add a trust with Active Directory domain via 'ipa trust-add --type=ad' command. https://fedorahosted.org/freeipa/ticket/2852
* Ensure ipa-adtrust-install is run with Kerberos ticket for admin userAlexander Bokovoy2012-07-311-3/+0
| | | | | | | | | | | | When setting up AD trusts support, ipa-adtrust-install utility needs to be run as: - root, for performing Samba configuration and using LDAPI/autobind - kinit-ed IPA admin user, to ensure proper ACIs are granted to fetch keytab As result, we can get rid of Directory Manager credentials in ipa-adtrust-install https://fedorahosted.org/freeipa/ticket/2815
* Add DNS service records for WindowsSumit Bose2011-11-301-0/+3
| | | | https://fedorahosted.org/freeipa/ticket/1939
* Add ipa-adtrust-install utilitySumit Bose2011-09-141-0/+47
https://fedorahosted.org/freeipa/ticket/1619
generated by cgit (git 2.34.1) at 2024-05-10 20:41:30 +0000