diff options
| author | Karl MacMillan <kmacmill@redhat.com> | 2007-11-01 15:35:02 -0400 |
|---|---|---|
| committer | Karl MacMillan <kmacmill@redhat.com> | 2007-11-01 15:35:02 -0400 |
| commit | 36e43aed1bb9d4ee94cdc8396123db48987ada46 (patch) | |
| tree | 9ab148023791a6076d825a1d1178af4137f358d8 /ipa-server/ipa-install | |
| parent | 6a0ca23577813a1534298f1af4dfa03c2bfcfc1a (diff) | |
| download | freeipa-36e43aed1bb9d4ee94cdc8396123db48987ada46.tar.gz freeipa-36e43aed1bb9d4ee94cdc8396123db48987ada46.tar.xz freeipa-36e43aed1bb9d4ee94cdc8396123db48987ada46.zip | |
NTP configuration for client and server.
Configure ipa servers as an ntp server and clients
to (by default) us the ipa server as an ntp server.
Also corrected the messages about which ports should
be opened.
Diffstat (limited to 'ipa-server/ipa-install')
| -rw-r--r-- | ipa-server/ipa-install/ipa-server-install | 18 | ||||
| -rw-r--r-- | ipa-server/ipa-install/share/Makefile.am | 1 | ||||
| -rw-r--r-- | ipa-server/ipa-install/share/ntp.conf.server.template | 50 |
3 files changed, 67 insertions, 2 deletions
diff --git a/ipa-server/ipa-install/ipa-server-install b/ipa-server/ipa-install/ipa-server-install index 5a2642dbd..06297d492 100644 --- a/ipa-server/ipa-install/ipa-server-install +++ b/ipa-server/ipa-install/ipa-server-install @@ -41,10 +41,13 @@ import shutil import glob import traceback from optparse import OptionParser + import ipaserver.dsinstance import ipaserver.krbinstance import ipaserver.bindinstance import ipaserver.httpinstance +import ipaserver.ntpinstance + from ipa.ipautil import run def parse_options(): @@ -542,6 +545,10 @@ def main(): ds.restart() krb.restart() + # Configure ntpd + ntp = ipaserver.ntpinstance.NTPInstance() + ntp.create_instance() + try: selinux=0 try: @@ -588,6 +595,12 @@ def main(): # Start Kpasswd run(["/sbin/service", "ipa-kpasswd", "start"]) + + # Set the ntpd to start on boot + run(["/sbin/chkconfig", "ntpd", "on"]) + + # Restart ntpd + run(["/sbin/service", "ntpd", "restart"]) except subprocess.CalledProcessError, e: print "Installation failed:", e return 1 @@ -610,9 +623,10 @@ def main(): print "\t\tTCP Ports:" print "\t\t * 80, 443, 8080: HTTP/HTTPS" print "\t\t * 389, 636: LDAP/LDAPS" - print "\t\t * 464: kpasswd" + print "\t\t * 88, 464: kerberos" print "\t\tUDP Ports:" - print "\t\t * 88, 750: kerberos" + print "\t\t * 88, 464: kerberos" + print "\t\t * 123: ntp" print "" print "\t2. You can now obtain a kerberos ticket using the command: 'kinit admin'." print "\t This ticket will allow you to use the IPA tools (e.g., ipa-adduser)" diff --git a/ipa-server/ipa-install/share/Makefile.am b/ipa-server/ipa-install/share/Makefile.am index 5a7fda3fa..50d81c3ad 100644 --- a/ipa-server/ipa-install/share/Makefile.am +++ b/ipa-server/ipa-install/share/Makefile.am @@ -16,6 +16,7 @@ app_DATA = \ krb5.ini.template \ krb.con.template \ krbrealm.con.template \ + ntp.conf.server.template \ $(NULL) EXTRA_DIST = \ diff --git a/ipa-server/ipa-install/share/ntp.conf.server.template b/ipa-server/ipa-install/share/ntp.conf.server.template new file mode 100644 index 000000000..09149dfc7 --- /dev/null +++ b/ipa-server/ipa-install/share/ntp.conf.server.template @@ -0,0 +1,50 @@ +# Permit time synchronization with our time source, but do not +# permit the source to query or modify the service on this system. +restrict default kod nomodify notrap +restrict -6 default kod nomodify notrap + +# Permit all access over the loopback interface. This could +# be tightened as well, but to do so would effect some of +# the administrative functions. +restrict 127.0.0.1 +restrict -6 ::1 + +# Hosts on local network are less restricted. +#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap + +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +server $SERVERA +server $SERVERB +server $SERVERC + +#broadcast 192.168.1.255 key 42 # broadcast server +#broadcastclient # broadcast client +#broadcast 224.0.1.1 key 42 # multicast server +#multicastclient 224.0.1.1 # multicast client +#manycastserver 239.255.254.254 # manycast server +#manycastclient 239.255.254.254 key 42 # manycast client + +# Undisciplined Local Clock. This is a fake driver intended for backup +# and when no outside source of synchronized time is available. +server 127.127.1.0 # local clock +#fudge 127.127.1.0 stratum 10 + +# Drift file. Put this in a directory which the daemon can write to. +# No symbolic links allowed, either, since the daemon updates the file +# by creating a temporary in the same directory and then rename()'ing +# it to the file. +driftfile /var/lib/ntp/drift + +# Key file containing the keys and key identifiers used when operating +# with symmetric key cryptography. +keys /etc/ntp/keys + +# Specify the key identifiers which are trusted. +#trustedkey 4 8 42 + +# Specify the key identifier to use with the ntpdc utility. +#requestkey 8 + +# Specify the key identifier to use with the ntpq utility. +#controlkey 8 |