[Authentication] Does realm honor ad-cli parameters?

Stephen Gallagher sgallagh at redhat.com
Tue Oct 18 11:51:27 UTC 2016


On 10/18/2016 06:50 AM, Stef Walter wrote:
> On 18.10.2016 11:32, Niklas Andersson wrote:
>> Hi,
>>
>>  Can I add ad-cli parameters to realm when joining? I am interested in
>> using the --domain-controller parameter to specify a specific server to
>> use for joining.
>>
>>
>> I.e:
>>
>> realm join --membership-software=adcli
>> --domain-controller=myspecificserver.mydomain.tld MYDOMAIN.TLD
> 
> Hmmm, I thought you could do:
> 
> sudo realm join --membership-software=adcli \
>      myspecificserver.mydomain.tld
> 
> Just join to the server, and I think it'll figure it out. Even the IP
> address seems to work for AD domains.
> 

Actually, the IP address thing seems not to work anymore for AD 2016 servers.
I'm not sure the reasoning, but it would probably not be a terrible idea to
simply disallow raw IPs for both AD and FreeIPA domains.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/authentication/attachments/20161018/8d240bcc/attachment.sig>


More information about the Authentication mailing list