summaryrefslogtreecommitdiffstats
path: root/ipa-client/ipa-install/ipa-client-install
Commit message (Collapse)AuthorAgeFilesLines
* Clear SSSD caches when uninstalling the clientGabe2015-06-301-0/+13
| | | | | | https://fedorahosted.org/freeipa/ticket/5049 Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
* increase NSS memcache timeout for IPA serverMartin Babinsky2015-06-301-0/+9
| | | | | | | | | Increasing memcache timeout to 600 seconds when configuring sssd on IPA server should improve performance when dealing with large groups in trusts. https://fedorahosted.org/freeipa/ticket/4964 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Clarify host name output in ipa-client-installPetr Spacek2015-06-051-1/+1
| | | | | | Proposed by Tomas Capek Reviewed-By: Martin Basti <mbasti@redhat.com>
* client-install: Fix kinits with non-default Kerberos config fileJan Cholasta2015-05-211-1/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/4808 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* suppress errors arising from deleting non-existent files during client uninstallMartin Babinsky2015-04-291-18/+22
| | | | | | | | | | | When rolling back partially configured IPA client a number of OSErrors pop up due to uninstaller trying to remove files that do not exist anymore. This patch supresses these errors while keeping them in log as debug messages. https://fedorahosted.org/freeipa/ticket/4966 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipa client: use NTP servers specified by userMartin Basti2015-04-241-9/+15
| | | | | | | | NTP servers specified by user should be used to synchronize time. https://fedorahosted.org/freeipa/ticket/4983 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* ipa client: use NTP servers detected from SRVMartin Basti2015-04-241-1/+8
| | | | | | | | | Detected NTP servers from SRV records should be used in NTP client configuration. https://fedorahosted.org/freeipa/ticket/4981 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* ipa client: make --ntp-server option multivaluedMartin Basti2015-04-241-8/+11
| | | | | | | | There can be more ntp servers in ntp.conf Required for ticket: https://fedorahosted.org/freeipa/ticket/4981 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* ipa-client-install: try to get host TGT several times before giving upMartin Babinsky2015-04-201-29/+40
| | | | | | | | | | | | | | New option '--kinit-attempts' enables the host to make multiple attempts to obtain host TGT from master before giving up and aborting client installation. In addition, all kinit attempts were replaced by calls to 'ipautil.kinit_keytab' and 'ipautil.kinit_password'. https://fedorahosted.org/freeipa/ticket/4808 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Add message for skipping NTP configuration during client installGabe2015-04-141-0/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/3092 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Skip time sync during client install when using --no-ntpNathan Kinder2015-03-261-1/+2
| | | | | | | | | | When --no-ntp is specified during ipa-client-install, we still attempt to perform a time sync before obtaining a TGT from the KDC. We should not be attempting to sync time with the KDC if we are explicitly told to not configure ntp. Ticket: https://fedorahosted.org/freeipa/ticket/4842 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* client: Fix ca_is_enabled callsJan Cholasta2015-03-191-2/+2
| | | | | | | | | The command was added in API version 2.107. Old IPA servers may crash with NetworkError on ca_is_enabled, handle this case gracefully. https://fedorahosted.org/freeipa/ticket/4565 Reviewed-By: David Kupka <dkupka@redhat.com>
* client-install: Do not crash on invalid CA certificate in LDAPJan Cholasta2015-03-191-4/+13
| | | | | | | | | When CA certificates in LDAP are corrupted, use the otherwise acquired CA certificates from before. https://fedorahosted.org/freeipa/ticket/4565 Reviewed-By: David Kupka <dkupka@redhat.com>
* Use dyndns_update instead of deprecated sssd optionMartin Basti2015-01-281-1/+1
| | | | | | | | | ipa_dyndns_update is deprecated in SSSD, dyndns_update should be used instead. https://fedorahosted.org/freeipa/ticket/4849 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Prefer TCP connections to UDP in krb5 clientsNathaniel McCallum2014-12-081-0/+1
| | | | | | | | | | | | | | In general, TCP is a better fit for FreeIPA due to large packet sizes. However, there is also a specific need for TCP when using OTP. If a UDP packet is delivered to the server and the server takes longer to process it than the client timeout (likely), the OTP value will be resent. Unfortunately, this will cause failures or even lockouts. Switching to TCP avoids this problem altogether. https://fedorahosted.org/freeipa/ticket/4725 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* No explicit zone specification.Jan Pazdziora2014-12-051-6/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4780 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Remove trivial path constants from modulesGabe2014-11-041-11/+7
| | | | | | https://fedorahosted.org/freeipa/ticket/4399 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Check LDAP instead of local configuration to see if IPA CA is enabledJan Cholasta2014-10-171-13/+20
| | | | | | | | The check is done using a new hidden command ca_is_enabled. https://fedorahosted.org/freeipa/ticket/4621 Reviewed-By: David Kupka <dkupka@redhat.com>
* Add ipa-client-install switch --request-cert to request cert for the hostJan Cholasta2014-10-161-12/+93
| | | | | | | | | The certificate is stored in /etc/ipa/nssdb under the nickname "Local IPA host". https://fedorahosted.org/freeipa/ticket/4550 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Use /etc/ipa/nssdb to get nicknames of IPA certs installed in /etc/pki/nssdbJan Cholasta2014-09-301-57/+21
| | | | | | | | | Previously a list of nicknames was kept in /etc/pki/nssdb/ipa.txt. The file is removed now. https://fedorahosted.org/freeipa/ticket/3259 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Use NSSDatabase instead of direct certutil calls in client codeJan Cholasta2014-09-301-38/+12
| | | | | | https://fedorahosted.org/freeipa/ticket/4416 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Introduce NSS database /etc/ipa/nssdbJan Cholasta2014-09-301-62/+97
| | | | | | | | | | This is the new default NSS database for IPA. /etc/pki/nssdb is still maintained for backward compatibility. https://fedorahosted.org/freeipa/ticket/3259 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add 'host' setting into default.conf configuration file on client. Fix ↵David Kupka2014-09-261-2/+3
| | | | | | | | | | description in man page. 'host' setting specifies local hostname not the hostname of IPA server. https://fedorahosted.org/freeipa/ticket/4481 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* No longer generate a machine certificate on client installsRob Crittenden2014-09-051-66/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4449 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Allow user to force Kerberos realm during installation.David Kupka2014-09-051-1/+1
| | | | | | | | | User can set realm not matching one resolved from DNS. This is useful especially when DNS is missconfigured. https://fedorahosted.org/freeipa/ticket/4444 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipa-client-install: Do not add already configured sources to nsswitch.conf ↵Tomas Babej2014-09-041-12/+18
| | | | | | | | | | | entries Makes sure that any new sources added are not already present in the entry. https://fedorahosted.org/freeipa/ticket/4508 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Get CA certs for system-wide store from cert store in ipa-client-install.Jan Cholasta2014-07-301-6/+8
| | | | | | | | | | All of the certificates and associated key policy are now stored in /etc/pki/ca-trust/source/ipa.p11-kit. Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Get CA certs for /etc/pki/nssdb from certificate store in ipa-client-install.Jan Cholasta2014-07-301-43/+120
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Get CA certs for /etc/ipa/ca.crt from certificate store in ipa-client-install.Jan Cholasta2014-07-301-26/+10
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Support multiple CA certificates in /etc/ipa/ca.crt in ipa-client-install.Jan Cholasta2014-07-301-45/+51
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Refactor CA certificate fetching code in ipa-client-install.Jan Cholasta2014-07-301-51/+37
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Remove certificate "External CA cert" from /etc/pki/nssdb on client uninstall.Jan Cholasta2014-07-301-3/+7
| | | | | | | This is a no longer used nickname for CA certificate on CA-less server installs. Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Fix ipa-client-install --uninstall crashDavid Kupka2014-07-081-1/+4
| | | | | | | | Fix ipa-client-install crash when chronyd service fails to start. https://fedorahosted.org/freeipa/ticket/4273 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipa-client-install: Restart nisdomain service instead of startingTomas Babej2014-06-301-1/+3
| | | | | | | | | | To ensure new NIS domain name is loaded after ipa-client-install even in case when nisdomainname service is already running, we need to restart the service rather than starting it. https://fedorahosted.org/freeipa/ticket/4393 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Do not corrupt sshd_config in client install when trailing newline is missing.Jan Cholasta2014-06-261-25/+17
| | | | | | https://fedorahosted.org/freeipa/ticket/4373 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* ipaplatform: Move paths from installers to paths moduleTomas Babej2014-06-261-67/+65
| | | | | | Part of: https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Change paths dependant on ipaservices to use ipaplatform.pathsTomas Babej2014-06-161-4/+7
| | | | | | https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Change service code in freeipa to use ipaplatform servicesTomas Babej2014-06-161-28/+28
| | | | | | https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Change platform dependant code in freeipa to use ipaplatform tasksTomas Babej2014-06-161-6/+6
| | | | | | https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Do not require custom Authconfig implementations from platform ↵Tomas Babej2014-06-161-63/+16
| | | | | | | | modules https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipaplatform: Moved Fedora 16 service implementations and refactored them as ↵Tomas Babej2014-06-161-1/+0
| | | | | | | | base Fedora module service implementations https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* admin tools: Log IPA versionPetr Viktorin2014-05-271-0/+1
| | | | | | | | | | | Add the IPA version, and vendor version if applicable, to the beginning of admintool logs -- both framework and indivitual tools that don't yet use the framework. This will make debugging easier. https://fedorahosted.org/freeipa/ticket/4219 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipa-client-install: Configure sudo to use SSSD as data sourceTomas Babej2014-05-091-1/+83
| | | | | | | | | | | Makes ipa-client-install configure SSSD as the data provider for the sudo service by default. This behaviour can be disabled by using --no-sudo flag. https://fedorahosted.org/freeipa/ticket/3358 Reviewed-By: Jakub Hrozek <jhrozek@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipa-client: Set NIS domain name in the installerTomas Babej2014-05-091-0/+65
| | | | | | | | | | | | | | | | Provides two new options for the ipa-client-install: --nisdomain: specifies the NIS domain name --no_nisdomain: flag to aviod setting the NIS domain name In case no --nisdomain is specified and --no_nisdomain flag was not set, the IPA domain is used. Manual pages updated. http://fedorahosted.org/freeipa/ticket/3202 Reviewed-By: Jakub Hrozek <jhrozek@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Move CACERT definition to a single place.Jan Cholasta2014-03-251-1/+1
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Fix order of synchronizing time when running ipa-client-installGabe2014-03-201-17/+19
| | | | | | | | | | When running ipa-client-install, it asks for user name, synchronizes time, then asks for user password which the order could be confusing to some users. This changes ipa-client-install to synchronize time before prompting for user kerberos authentication. https://fedorahosted.org/freeipa/ticket/3957 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Improve error message on failed Kerberos authenticationAna Krivokapic2014-02-181-2/+2
| | | | | | | | | | | When ipa client installation fails due to failed Kerberos authentication, make sure that the message about the failed authentication is displayed last. This makes it clear to the user that this was the reason for failed installation. https://fedorahosted.org/freeipa/ticket/3573 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Make sure state of services is preserved after client uninstallAna Krivokapic2014-01-141-34/+47
| | | | | | | | | IPA client installation did not preserve the status of nscd and nslcd services correctly. E.g. nscd would be started after uninstallation, even though it wasn't running before client installation. Make sure the state of services is saved before installation and correctly restored after uninstallation. https://fedorahosted.org/freeipa/ticket/3790
* Use /usr/bin/python2Xiao-Long Chen2014-01-031-1/+1
| | | | | | | | | | | | Part of the effort to port FreeIPA to Arch Linux, where Python 3 is the default. FreeIPA hasn't been ported to Python 3, so the code must be modified to run /usr/bin/python2 https://fedorahosted.org/freeipa/ticket/3438 Updated by pviktori@redhat.com
* ipa-client-install: Always pass hostname to the ipa-joinTomas Babej2013-12-091-4/+4
| | | | | | | | | | | The ipa-client-install script and ipa-join use different methods of resolving the hostname, the former uses gethostbyaddr() call, while the latter reads the "uinfo.nodename". This can result ipa-client-install failures in case of broken PTR records. https://fedorahosted.org/freeipa/ticket/4027
generated by cgit (git 2.34.1) at 2024-05-27 11:44:58 +0000