From e15a1c627d3b59256995d781a8dd47d433174729 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Oct 03 2012 08:14:00 +0000 Subject: Enhance description of --no-msdcs in man page Fixes https://fedorahosted.org/freeipa/ticket/2972 --- diff --git a/install/tools/man/ipa-adtrust-install.1 b/install/tools/man/ipa-adtrust-install.1 index dc48ac8..13f1110 100644 --- a/install/tools/man/ipa-adtrust-install.1 +++ b/install/tools/man/ipa-adtrust-install.1 @@ -45,7 +45,31 @@ The IP address of the IPA server. If not provided then this is determined based The NetBIOS name for the IPA domain. If not provided then this is determined based on the leading component of the DNS domain name. .TP \fB\-\-no\-msdcs\fR -Do not create DNS service records for Windows in managed DNS server +Do not create DNS service records for Windows in managed DNS server. Since those +DNS service records are the only way to discover domain controllers of other +domains they must be added manually to a different DNS server to allow trust +realationships work properly. All needed service records are listed when +ipa\-adtrust\-install finishes and either \-\-no\-msdcs was given or no IPA DNS +service is configured. Typically service records for the following service names +are needed for the IPA domain which should point to all IPA servers: +.IP +\(bu _ldap._tcp +.IP +\(bu _kerberos._tcp +.IP +\(bu _kerberos._udp +.IP +\(bu _ldap._tcp.dc._msdcs +.IP +\(bu _kerberos._tcp.dc._msdcs +.IP +\(bu _kerberos._udp.dc._msdcs +.IP +\(bu _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs +.IP +\(bu _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs +.IP +\(bu _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs .TP \fB\-U\fR, \fB\-\-unattended\fR An unattended installation that will never prompt for user input