IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-11 08:41:55 -06:00
Code Issues Packages Projects Releases Wiki Activity
c2967a675a
freeipa/ipa-server/ipa-install
History
Simo Sorce 2b8b87b4d6 memberof was not indexed in older versions of fedora-ds, keep it around 
as an update so that if it is not there it will be added
2008-12-05 18:18:14 -05:00
..
share Fix makefiles after schema compat changes 2008-12-02 16:39:57 -05:00
updates memberof was not indexed in older versions of fedora-ds, keep it around 2008-12-05 18:18:14 -05:00
ipa-replica-install Run updates on the replica too, otherwise changes to cn=config will be missing. 2008-12-01 17:19:10 -05:00
ipa-replica-manage Corrected usage messages and manpage to match the logic for the ipa-replica-manage init command. 2008-12-01 17:19:10 -05:00
ipa-replica-prepare Make sure the CA cert is copied to the replica, fail if no ca.crt is available. Cope with some versions of ipa that forgot to copy the ca.crt cert in the right place. 2008-12-01 17:19:10 -05:00
ipa-server-certinstall Wrap up the raw_input() to user_input() for convenience and uniformity. 2008-07-23 10:05:06 -04:00
ipa-server-install add --no-host-dns option to ipa-server-install - allows specifying a hostname that might actually exist but you do not want to even attempt to resolve it via DNS 2008-10-13 14:09:07 -04:00
ipactl Start ntpd after FDS so that the ntp user can be found. 2008-03-24 11:02:49 -04:00
Makefile.am Update files for the schema compatibility plugin and RFC4876 profiles 2008-09-12 20:07:41 -04:00
README Use Fedora package names for PyKerberos (python-kerberos) and pyasn1 2008-01-24 13:44:38 -05:00

README 

Required packages:

krb5-server
fedora-ds-base
fedora-ds-base-devel
openldap-clients
openldap-devel
krb5-server-ldap
cyrus-sasl-gssapi
httpd
mod_auth_kerb
ntp
openssl-devel
nspr-devel
nss-devel
mozldap-devel
mod_python
gcc
python-ldap
TurboGears
python-kerberos
python-krbV
python-tgexpandingformwidget
python-pyasn1

Installation example:

TEMPORARY: until bug https://bugzilla.redhat.com/show_bug.cgi?id=248169 is
           fixed.

Please apply the fedora-ds.init.patch in freeipa/ipa-server/ipa-install/share/
to patch your init scripts before running ipa-server-install. This tells
FDS where to find its kerberos keytab.

Things done as root are denoted by #. Things done as a unix user are denoted
by %.

# cd freeipa
# patch -p0 < ipa-server/ipa-install/share/fedora-ds.init.patch

Now to do the installation.

# cd freeipa
# make install

To start an interactive installation use:
# /usr/sbin/ipa-server-install 

For more verbose output add the -d flag run the command with -h to see all options

You have a basic working system with one super administrator (named admin).

To create another administrative user:

% kinit admin@FREEIPA.ORG
% /usr/sbin/ipa-adduser -f Test -l User test
% ldappasswd -Y GSSAPI -h localhost -s password uid=test,cn=users,cn=accounts,dc=freeipa,dc=org
% /usr/sbin/ipa-groupmod -a test admins

An admin user is just a regular user in the group admin.

Now you can destroy the old ticket and log in as test:

% kdestroy
% kinit test@FREEIPA.ORG
% /usr/sbin/ipa-finduser test