Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

3.3. Example: Running the Script Interactively and Silently

3.3.1. Basic Interactive Installation

All that is required to set up an IdM server is to run the ipa-server-install script. This launches the script interactively, which prompts for the required information to set up a server, but without more advanced configuration like DNS and CA options.
  1. Run the ipa-server-install script.
    [root@server ~]# ipa-server-install
  2. Enter the hostname. This is determined automatically using reverse DNS.
    Server host name [ipaserver.example.com]:
  3. Enter the domain name. This is determined automatically based on the hostname.
    Please confirm the domain name [example.com]:
  4. Enter the new Kerberos realm name. This is usually based on the domain name.
    Please provide a realm name [EXAMPLE.COM]:
  5. Enter the password for the Directory Server superuser, cn=Directory Manager. There are password strength requirements for this password, including a minimum password length (eight characters).
    Directory Manager password:
    Password (confirm):
  6. Enter the password for the IdM system user account, admin. This user is created on the machine.
    IPA admin password:
    Password (confirm):
  7. The script then reprints the hostname, IP address, and domain name. Confirm that the information is correct.
    The IPA Master Server will be configured with
    Hostname:    ipaserver.example.com
    IP address:  192.168.1.1
    Domain name: example.com
    Realm name: EXAMPLE.COM
    Continue to configure the system with these values? [no]: yes
  8. After that, the script configures all of the associated services for IdM, with task counts and progress bars.
    Configuring NTP daemon (ntpd) 
    [1/4]: stopping ntpd 
    ...
    Done configuring NTP daemon (ntpd). 
    Configuring directory server (dirsrv): Estimated time 1 minute 
    [1/38]: creating directory server user 
    .... 
    Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds 
    [1/20]: creating certificate server user 
    ... 
    Done configuring certificate server (pki-tomcatd). 
    Configuring Kerberos KDC (krb5kdc): Estimated time 30 seconds 
    [1/10]: adding sasl mappings to the directory 
    ... 
    Done configuring Kerberos KDC (krb5kdc). 
    Configuring kadmin 
    [1/2]: starting kadmin 
    [2/2]: configuring kadmin to start on boot 
    Done configuring kadmin. 
    Configuring ipa_memcached 
    [1/2]: starting ipa_memcached 
    [2/2]: configuring ipa_memcached to start on boot 
    Done configuring ipa_memcached. 
    Configuring ipa-otpd 
    [1/2]: starting ipa-otpd 
    [2/2]: configuring ipa-otpd to start on boot 
    Done configuring ipa-otpd. 
    Configuring the web interface (httpd): Estimated time 1 minute 
    [1/15]: disabling mod_ssl in httpd 
    ... 
    Done configuring the web interface (httpd). 
    Applying LDAP updates 
    Restarting the directory server 
    Restarting the KDC 
    Sample zone file for bind has been created in /tmp/sample.zone.pUfcGp.db 
    Restarting the web server 
      
    Setup complete
  9. Restart the SSH service to retrieve the Kerberos principal and to refresh the name server switch (NSS) configuration file:
    [root@server ~]# service sshd restart
  10. Authenticate to the Kerberos realm using the admin user's credentials to ensure that the user is properly configured and the Kerberos realm is accessible.
    [root@server ~]# kinit admin
    Password for admin@EXAMPLE.COM:
  11. Test the IdM configuration by running a command like ipa user-find. For example:
    [root@server ~]# ipa user-find admin
    --------------
    1 user matched
    --------------
    User login: admin 
    Last name: Administrator 
    Home directory: /home/admin 
    Login shell: /bin/bash 
    UID: 939000000 
    GID: 939000000 
    Account disabled: False 
    Password: True 
    Kerberos keys available: True 
    ----------------------------
    Number of entries returned 1
    ----------------------------

3.3.2. Silent (Non-Interactive) Installation

As shown in Section 3.3.1, “Basic Interactive Installation”, only a few pieces of information are required to configure an IdM server. While the setup script can prompt for this information in interactive mode, this information can also be passed with the setup command to allow automated and unattended configuration:
  • Passwords for the IdM administrative user and the Directory Server super user (Directory Manager)
  • The server hostname
  • The Kerberos realm name
  • The DNS domain name
This information can be passed with the ipa-server-install, along with the -U to force it to run without requiring user interaction.

Example 3.1. Basic Installation without Interaction

[root@server ~]# ipa-server-install -a secret12 --hostname=ipaserver.example.com -r EXAMPLE.COM -p secret12 -n example.com -U
The script then prints the submitted values:
To accept the default shown in brackets, press the Enter key.

The IPA Master Server will be configured with
Hostname:    ipaserver.example.com
IP address:  192.168.1.1
Domain name: example.com
The server name must be a valid DNS name, which means only numbers, alphabetic characters, and hyphens (-) are allowed. Other characters, like underscores, in the hostname will cause DNS failures. Additionally, the hostname must be all lower-case. No capital letters are allowed.
Then the script runs through the configuration progress for each IdM service, as in Section 3.3.1, “Basic Interactive Installation”.