2007-06-28 18:09:54 -05:00
|
|
|
|
|
|
|
Required packages:
|
2007-06-29 10:30:10 -05:00
|
|
|
|
2007-06-28 18:09:54 -05:00
|
|
|
krb5-server
|
2007-09-07 16:49:44 -05:00
|
|
|
fedora-ds-base
|
|
|
|
fedora-ds-base-devel
|
2007-06-28 18:09:54 -05:00
|
|
|
openldap-clients
|
2007-09-07 17:18:51 -05:00
|
|
|
openldap-devel
|
2007-06-29 10:30:10 -05:00
|
|
|
krb5-server-ldap
|
0000-12-31 18:09:24 -05:50
|
|
|
cyrus-sasl-gssapi
|
0000-12-31 18:09:24 -05:50
|
|
|
httpd
|
|
|
|
mod_auth_kerb
|
0000-12-31 18:09:24 -05:50
|
|
|
ntp
|
2007-08-20 14:38:47 -05:00
|
|
|
openssl-devel
|
2007-09-07 17:18:51 -05:00
|
|
|
nspr-devel
|
|
|
|
nss-devel
|
|
|
|
mozldap-devel
|
|
|
|
mod_python
|
|
|
|
gcc
|
|
|
|
python-ldap
|
2007-09-07 18:53:34 -05:00
|
|
|
TurboGears
|
2007-06-29 10:30:10 -05:00
|
|
|
|
|
|
|
Installation example:
|
|
|
|
|
2007-09-07 16:49:44 -05:00
|
|
|
TEMPORARY: until bug https://bugzilla.redhat.com/show_bug.cgi?id=248169 is
|
|
|
|
fixed.
|
0000-12-31 18:09:24 -05:50
|
|
|
|
2007-09-07 16:49:44 -05:00
|
|
|
Please apply the fedora-ds.init.patch in freeipa/ipa-server/ipa-install/share/
|
|
|
|
to patch your init scripts before running ipa-server-install. This tells
|
|
|
|
FDS where to find its kerberos keytab.
|
2007-06-29 10:30:10 -05:00
|
|
|
|
2007-09-07 16:49:44 -05:00
|
|
|
Things done as root are denoted by #. Things done as a unix user are denoted
|
|
|
|
by %.
|
|
|
|
|
|
|
|
# cd freeipa
|
|
|
|
# patch -p0 < ipa-server/ipa-install/share/fedora-ds.init.patch
|
|
|
|
|
|
|
|
Now to do the installation.
|
|
|
|
|
|
|
|
# cd freeipa
|
|
|
|
# make install
|
|
|
|
|
2007-09-07 15:38:30 -05:00
|
|
|
To start an interactive installation use:
|
|
|
|
# /usr/sbin/ipa-server-install
|
|
|
|
|
|
|
|
For more verbose output add the -d flag run the command with -h to see all options
|
2007-09-07 16:49:44 -05:00
|
|
|
|
|
|
|
You have a basic working system with one super administrator (named admin).
|
|
|
|
|
|
|
|
To create another administrative user:
|
|
|
|
|
|
|
|
% kinit admin@FREEIPA.ORG
|
|
|
|
% /usr/sbin/ipa-adduser -f Test -l User test
|
|
|
|
% ldappasswd -Y GSSAPI -h localhost -s password uid=test,cn=users,cn=accounts,dc=freeipa,dc=org
|
|
|
|
% /usr/sbin/ipa-groupmod -a test admins
|
|
|
|
|
|
|
|
An admin user is just a regular user in the group admin.
|
|
|
|
|
|
|
|
Now you can destroy the old ticket and log in as test:
|
|
|
|
|
|
|
|
% kdestroy
|
|
|
|
% kinit test@FREEIPA.ORG
|
|
|
|
% /usr/sbin/ipa-finduser test
|