freeipa-users--- via FreeIPA-users
2017-09-02 14:10:00 UTC
GOAL: Setup freeipa for w/ kerberos NFS4 file sharing,
and autofs/auto mount home directories. A small number of users or hosts.
I have a centos 7.3 Internet host "pez.ipa.uqjau.org", with
bind/bind-chroot installed and working. There is a "ipa.uqjau.org"
delegation NS record and a SOA ipa.uqjau.org record, both mapped to
host "pez.ipa.uqjau.org" both in the "uqjau.org" zone. bind is working
OK on pez with pez bind authoritative for ipa.uqjau.org, but I plan
to uninstall bind-chroot and let 'ipa-server-install' setup bind from
scratch. (I understand I need to uninstall bind-chroot, and plan to
do so.)
I'm new to freeipa, but have read for 7 hours or so, and have spent a
couple of hours reading the list. NFS4 is working now.
For guidance on the install I have been looking at:
<https://mkosek.fedorapeople.org/publican_site/en-US/FreeIPA/3.4/html/FreeIPA_Guide/creating-server.html>
<https://blog.christophersmart.com/articles/freeipa-how-to-fedora/>
How does this look?
ipa-server-install \
--unattended \
--realm=IPA.UQJAU.ORG \
--domain=ipa.uqjau.org \
--ds-password=SOMETHINGSECRET \
--admin-password=ANOTHERPW \
--mkhomedir \
--ip-address=45.55.89.85 \
--idstart=50000 \
--no_hbac_allow \
--ssh-trust-dns \
--setup-dns \
--no-forwarders \
--no-reverse \
--zonemgr=AN_EMAIL_ADDR_HERE \
--no-dnssec-validation \
The --zonemgr line above is what I think the man page intends, right?
and autofs/auto mount home directories. A small number of users or hosts.
I have a centos 7.3 Internet host "pez.ipa.uqjau.org", with
bind/bind-chroot installed and working. There is a "ipa.uqjau.org"
delegation NS record and a SOA ipa.uqjau.org record, both mapped to
host "pez.ipa.uqjau.org" both in the "uqjau.org" zone. bind is working
OK on pez with pez bind authoritative for ipa.uqjau.org, but I plan
to uninstall bind-chroot and let 'ipa-server-install' setup bind from
scratch. (I understand I need to uninstall bind-chroot, and plan to
do so.)
I'm new to freeipa, but have read for 7 hours or so, and have spent a
couple of hours reading the list. NFS4 is working now.
For guidance on the install I have been looking at:
<https://mkosek.fedorapeople.org/publican_site/en-US/FreeIPA/3.4/html/FreeIPA_Guide/creating-server.html>
<https://blog.christophersmart.com/articles/freeipa-how-to-fedora/>
How does this look?
ipa-server-install \
--unattended \
--realm=IPA.UQJAU.ORG \
--domain=ipa.uqjau.org \
--ds-password=SOMETHINGSECRET \
--admin-password=ANOTHERPW \
--mkhomedir \
--ip-address=45.55.89.85 \
--idstart=50000 \
--no_hbac_allow \
--ssh-trust-dns \
--setup-dns \
--no-forwarders \
--no-reverse \
--zonemgr=AN_EMAIL_ADDR_HERE \
--no-dnssec-validation \
The --zonemgr line above is what I think the man page intends, right?
--
thanks,
Tom
_______________________________________________
FreeIPA-users mailing list -- freeipa-***@lists.fedorahosted.org
To unsubscribe send
thanks,
Tom
_______________________________________________
FreeIPA-users mailing list -- freeipa-***@lists.fedorahosted.org
To unsubscribe send