| Description | Location |
|---|---|
| Tool directory | /usr/sbin/ |
| Package | ipa-client |
ipa-client-install [
-d | --debug
] [
--domain=domainName
] [
--enable-dns-updates
] [
-f, --force
] [
--hostname=clientHostname
] [
--mkhomedir
] [
-N, --no-ntp
] [
--no-krb5-offline-passwords
] [
-ntp-server=NTP_server
] [
--on-master
] [
-p | --principal
] [
--permit
] [
--realm=realmName
] [
-S | --no-sssd
] [
--server=IPA_server_fqdn
] [
-U | --unattended
] [
--uninstall
] [
-w password | --password=password | -W
]
| Parameter | Alternate Parameter | Description |
|---|---|---|
--domain=domainName
| Gives the domain name for the IPA domain. | |
| --enable-dns-updates | Tells SSSD to update DNS with the IP address of this client. | |
| -f | --force | Forces the script to apply the settings even if errors occur. |
--hostname=clientHostname
|
Sets the fully-qualified domain name of the client server. If this is not given, the script uses the nodename given in uname.
IMPORTANT
This must be a valid DNS name, which means only numbers, alphabetic characters, and hyphens (-) are allowed. Other characters, like underscores, in the hostname will cause DNS failures.
| |
| --mkhomedir | Configures PAM to create a user's home directory if it does not exist. | |
| -N | --no-ntp | Does not configure or enable NTP. |
| --no-krb5-offline-passwords | Prevents the SSSD services from storing Kerberos passwords in the SSSD cache. The cache is useful because a user may log into a system when a machine is offline and then attempt to access domain services after the machine is brought online. Using the cache stores the password, which can be referenced when the domain is accessed. | |
--ntp-server=NTP_server
|
Configures the local ntpd service to use the IPA NTP server.
| |
| --on-master |
Indicates the client is being configured on an IPA server. This is not for a normal invocation of the setup script; this option is used by ipa-server-install when a server is configured.
| |
| -p | --principal | Passes an authorized Kerberos principal to use to join the IPA realm. This is used during an automated deployment, such as a kickstart process. |
| --permit | Configures SSSD to permit all access. If this is not set, then access to the client is controlled by the host-based access controls on the IPA server. | |
--realm=realmName
| Gives the IPA realm name. | |
| -S | --no-sssd |
Tells the client to use nss_ldap for authentication instead of SSSD.
|
--server=IPA_server_fqdn
|
Gives the name of the IPA server to connect to. This must be a fully-qualified domain name.
IMPORTANT
This must be a valid DNS name, which means only numbers, alphabetic characters, and hyphens (-) are allowed. Other characters, like underscores, in the hostname will cause DNS failures.
| |
| -U | --unattended | Performs an unattended installation, with no user prompts. |
| --uninstall | Removes the IPA client software and configuration to restore the machine to a pre-IPA state. | |
| -w password | --password=password | Gives the Kerberos password to use to access the IPA realm and join the machine. If only the password parameter is used, the script assumes this is a bulk enrollment and uses the machine name as the Kerberos principal. If the principal is given, the script binds as an IPA user. |
| -W | Prompts for the password. |