3.3. Example: Running the Script Interactively and Silently
3.3.1. Basic Interactive Installation
ipa-server-installscript. This launches the script interactively, which prompts for the required information to set up a server, but without more advanced configuration like DNS and CA options.
- Run the
[root@server ~]# ipa-server-install
- Enter the hostname. This is determined automatically using reverse DNS.
Server host name [ipaserver.example.com]:
- Enter the domain name. This is determined automatically based on the hostname.
Please confirm the domain name [example.com]:
- Enter the new Kerberos realm name. This is usually based on the domain name.
Please provide a realm name [EXAMPLE.COM]:
- Enter the password for the Directory Server superuser,
cn=Directory Manager. There are password strength requirements for this password, including a minimum password length (eight characters).
Directory Manager password: Password (confirm):
- Enter the password for the IdM system user account,
admin. This user is created on the machine.
IPA admin password: Password (confirm):
- The script then reprints the hostname, IP address, and domain name. Confirm that the information is correct.
The IPA Master Server will be configured with Hostname: ipaserver.example.com IP address: 192.168.1.1 Domain name: example.com Realm name: EXAMPLE.COM Continue to configure the system with these values? [no]: yes
- After that, the script configures all of the associated services for IdM, with task counts and progress bars.
Configuring NTP daemon (ntpd) [1/4]: stopping ntpd ... Done configuring NTP daemon (ntpd). Configuring directory server (dirsrv): Estimated time 1 minute [1/38]: creating directory server user .... Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds [1/20]: creating certificate server user ... Done configuring certificate server (pki-tomcatd). Configuring Kerberos KDC (krb5kdc): Estimated time 30 seconds [1/10]: adding sasl mappings to the directory ... Done configuring Kerberos KDC (krb5kdc). Configuring kadmin [1/2]: starting kadmin [2/2]: configuring kadmin to start on boot Done configuring kadmin. Configuring ipa_memcached [1/2]: starting ipa_memcached [2/2]: configuring ipa_memcached to start on boot Done configuring ipa_memcached. Configuring ipa-otpd [1/2]: starting ipa-otpd [2/2]: configuring ipa-otpd to start on boot Done configuring ipa-otpd. Configuring the web interface (httpd): Estimated time 1 minute [1/15]: disabling mod_ssl in httpd ... Done configuring the web interface (httpd). Applying LDAP updates Restarting the directory server Restarting the KDC Sample zone file for bind has been created in /tmp/sample.zone.pUfcGp.db Restarting the web server Setup complete
- Restart the
SSHservice to retrieve the Kerberos principal and to refresh the name server switch (NSS) configuration file:
[root@server ~]# service sshd restart
- Authenticate to the Kerberos realm using the admin user's credentials to ensure that the user is properly configured and the Kerberos realm is accessible.
[root@server ~]# kinit admin Password for admin@EXAMPLE.COM:
- Test the IdM configuration by running a command like
ipa user-find. For example:
[root@server ~]# ipa user-find admin -------------- 1 user matched -------------- User login: admin Last name: Administrator Home directory: /home/admin Login shell: /bin/bash UID: 939000000 GID: 939000000 Account disabled: False Password: True Kerberos keys available: True ---------------------------- Number of entries returned 1 ----------------------------
3.3.2. Silent (Non-Interactive) Installation
- Passwords for the IdM administrative user and the Directory Server super user (Directory Manager)
- The server hostname
- The Kerberos realm name
- The DNS domain name
ipa-server-install, along with the
-Uto force it to run without requiring user interaction.
Example 3.1. Basic Installation without Interaction
[root@server ~]# ipa-server-install -a secret12 --hostname=ipaserver.example.com -r EXAMPLE.COM -p secret12 -n example.com -U
To accept the default shown in brackets, press the Enter key. The IPA Master Server will be configured with Hostname: ipaserver.example.com IP address: 192.168.1.1 Domain name: example.com