diff --git a/metadata.rb b/metadata.rb
index 0775378..ba3ab7d 100644
--- a/metadata.rb
+++ b/metadata.rb
@@ -4,7 +4,7 @@ maintainer_email 'psi-jack@linux-help.org'
 license          'GPLv3'
 description      'Installs/Configures freeipa'
 long_description 'Installs/Configures freeipa'
-version          '0.1.3'
+version          '0.1.4'
 
 depends 'ohai'
 depends 'chef-vault'
diff --git a/recipes/client.rb b/recipes/client.rb
index 2b736df..3255079 100644
--- a/recipes/client.rb
+++ b/recipes/client.rb
@@ -17,6 +17,8 @@
 # limitations under the License.
 #
 
+include_recipe 'chef-vault'
+
 node.set[:freeipa][:client] = true
 
 # become aware servers
@@ -32,23 +34,28 @@ unless freeipa_servers.empty? then
 
   puts "DEBUG: got here!"
   service "messagebus" do
-    action [:enable,:start]
+    action	[:enable,:start]
   end
   service "certmonger" do
-    action [:enable,:start]
+    action	[:enable,:start]
   end
 
+  passwords = chef_vault_item(:freeipa, 'passwords')
+
   #### Join node to freeipa 'domain'
   # configures kerberos client to point to kdc on freeipa::server
   # configures ldap to look up posix information via sssd/nss
   execute "joining freeipa client to domain" do
-    not_if "ls /var/lib/ipa-client/sysrestore/sysrestore.index"
-    cmd = "ipa-client-install -U"
-    cmd += " --server " + freeipa_masters[0][:fqdn]
-    cmd += " --domain " + node[:domain]
-    cmd += " --realm " + node[:domain].upcase
-    command cmd
-    ignore_failure true
+    not_if	{ File.exist?("/var/lib/ipa-client/sysrestore/sysrestore.index") }
+    cmd =	"ipa-client-install"
+    cmd +=	" --server " + freeipa_masters[0][:fqdn]
+    cmd +=	" --domain " + node[:domain]
+    cmd +=	" --realm " + node[:domain].upcase
+    cmd +=	" --mkhomedir --unattended"
+    cmd +=      " -p admin -w " + passwords['ldap_server_admin_pwd']
+    sensitive	true
+    command	cmd
+    #ignore_failure true
   end