IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-11 00:31:56 -06:00
Code Issues Packages Projects Releases Wiki Activity
fd056918e6
freeipa/install/tools
History
Rob Crittenden f87bd57c1d Fix certmonger errors when doing a client or server uninstall. 
This started with the client uninstaller returning a 1 when not installed.
There was no way to tell whether the uninstall failed or the client
simply wasn't installed which caused no end of grief with the installer.

This led to a lot of certmonger failures too, either trying to stop
tracking a non-existent cert or not handling an existing tracked
certificate.

I moved the certmonger code out of the installer and put it into the
client/server shared ipapython lib. It now tries a lot harder and smarter
to untrack a certificate.

ticket 142
2010-09-09 16:38:52 -04:00
..
man Enable compat plugin by default and configure netgroups 2010-08-19 10:50:07 -04:00
ipa-compat-manage Enable compat plugin by default and configure netgroups 2010-08-19 10:50:07 -04:00
ipa-dns-install Use ldap2 instead of legacy LDAP code from v1 in installer scripts. 2010-04-19 11:27:10 -04:00
ipa-fix-CVE-2008-3274 Use ldap2 instead of legacy LDAP code from v1 in installer scripts. 2010-04-19 11:27:10 -04:00
ipa-ldap-updater Add LDAP upgrade over ldapi support. 2010-06-01 09:52:10 -04:00
ipa-nis-manage Fix ipa-compat-manage and ipa-nis-manage 2010-07-15 11:18:11 -04:00
ipa-replica-install Query the remote server to see if this replica host already exists. 2010-06-01 09:52:14 -04:00
ipa-replica-manage Fall back to DM password if GSSAPI fails and make deleting more user-friendly 2010-06-01 09:52:21 -04:00
ipa-replica-prepare Use ldap2 instead of legacy LDAP code from v1 in installer scripts. 2010-04-19 11:27:10 -04:00
ipa-server-certinstall Use ldap2 instead of legacy LDAP code from v1 in installer scripts. 2010-04-19 11:27:10 -04:00
ipa-server-install Fix certmonger errors when doing a client or server uninstall. 2010-09-09 16:38:52 -04:00
ipa-upgradeconfig Better upgrade detection so we don't print spurious errors 2009-09-15 17:42:36 -04:00
ipactl Make ipactl a lot smarter and have it manage named as well. 2010-09-07 15:39:18 -04:00
Makefile.am Add ipa-dns-install script 2010-02-09 15:45:35 -05:00
README Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00

README 

Required packages:

krb5-server
fedora-ds-base
fedora-ds-base-devel
openldap-clients
openldap-devel
krb5-server-ldap
cyrus-sasl-gssapi
httpd
mod_auth_kerb
ntp
openssl-devel
nspr-devel
nss-devel
mozldap-devel
mod_python
gcc
python-ldap
TurboGears
python-kerberos
python-krbV
python-tgexpandingformwidget
python-pyasn1

Installation example:

TEMPORARY: until bug https://bugzilla.redhat.com/show_bug.cgi?id=248169 is
           fixed.

Please apply the fedora-ds.init.patch in freeipa/ipa-server/ipa-install/share/
to patch your init scripts before running ipa-server-install. This tells
FDS where to find its kerberos keytab.

Things done as root are denoted by #. Things done as a unix user are denoted
by %.

# cd freeipa
# patch -p0 < ipa-server/ipa-install/share/fedora-ds.init.patch

Now to do the installation.

# cd freeipa
# make install

To start an interactive installation use:
# /usr/sbin/ipa-server-install 

For more verbose output add the -d flag run the command with -h to see all options

You have a basic working system with one super administrator (named admin).

To create another administrative user:

% kinit admin@FREEIPA.ORG
% /usr/sbin/ipa-adduser -f Test -l User test
% ldappasswd -Y GSSAPI -h localhost -s password uid=test,cn=users,cn=accounts,dc=freeipa,dc=org
% /usr/sbin/ipa-groupmod -a test admins

An admin user is just a regular user in the group admin.

Now you can destroy the old ticket and log in as test:

% kdestroy
% kinit test@FREEIPA.ORG
% /usr/sbin/ipa-finduser test