IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-28 01:41:14 -06:00
Code Issues Packages Projects Releases Wiki Activity
165d26ce2b
freeipa/ipa-server/ipa-install
History
Rob Crittenden 165d26ce2b Make check_inst() a standalone function in bindinstance. 
When an install instance is created that contains a pointer to a sysrestore
point it loads in the current configuration when instantiated. If an
instance is instantiated but not used then changes may occur to the
system state that it is unaware of. So one needs to take care in the order
that things are done to avoid losing information.

When bind was setup it was overwriting all data in sysrestore.state and
leaving just a [named] section. This caused problems at uninstall.

448173
2008-05-30 11:21:11 -04:00
..
share Move admin into cn=users,cn=accounts 2008-05-23 15:07:37 -04:00
ipa-replica-install Fix the case where domain != lower(REALM) 2008-05-29 09:43:00 -04:00
ipa-replica-manage Add a version API to the server so it knows what version it is. 2008-05-08 13:01:27 -04:00
ipa-replica-prepare Fix the case where domain != lower(REALM) 2008-05-29 09:43:00 -04:00
ipa-server-certinstall Set the license uniformly to GPLv2 only. 2008-02-04 15:15:52 -05:00
ipa-server-install Make check_inst() a standalone function in bindinstance. 2008-05-30 11:21:11 -04:00
ipactl Start ntpd after FDS so that the ntp user can be found. 2008-03-24 11:02:49 -04:00
Makefile.am Add small script to start/stop all of the services that IPA requires in the 2008-02-28 11:37:06 -05:00
README Use Fedora package names for PyKerberos (python-kerberos) and pyasn1 2008-01-24 13:44:38 -05:00

README 

Required packages:

krb5-server
fedora-ds-base
fedora-ds-base-devel
openldap-clients
openldap-devel
krb5-server-ldap
cyrus-sasl-gssapi
httpd
mod_auth_kerb
ntp
openssl-devel
nspr-devel
nss-devel
mozldap-devel
mod_python
gcc
python-ldap
TurboGears
python-kerberos
python-krbV
python-tgexpandingformwidget
python-pyasn1

Installation example:

TEMPORARY: until bug https://bugzilla.redhat.com/show_bug.cgi?id=248169 is
           fixed.

Please apply the fedora-ds.init.patch in freeipa/ipa-server/ipa-install/share/
to patch your init scripts before running ipa-server-install. This tells
FDS where to find its kerberos keytab.

Things done as root are denoted by #. Things done as a unix user are denoted
by %.

# cd freeipa
# patch -p0 < ipa-server/ipa-install/share/fedora-ds.init.patch

Now to do the installation.

# cd freeipa
# make install

To start an interactive installation use:
# /usr/sbin/ipa-server-install 

For more verbose output add the -d flag run the command with -h to see all options

You have a basic working system with one super administrator (named admin).

To create another administrative user:

% kinit admin@FREEIPA.ORG
% /usr/sbin/ipa-adduser -f Test -l User test
% ldappasswd -Y GSSAPI -h localhost -s password uid=test,cn=users,cn=accounts,dc=freeipa,dc=org
% /usr/sbin/ipa-groupmod -a test admins

An admin user is just a regular user in the group admin.

Now you can destroy the old ticket and log in as test:

% kdestroy
% kinit test@FREEIPA.ORG
% /usr/sbin/ipa-finduser test