summaryrefslogtreecommitdiffstats
path: root/ipa-client/ipa-install
Commit message (Collapse)AuthorAgeFilesLines
* Pass on debug option from ipa-client-install to ipa-joinRob Crittenden2009-12-091-0/+2
|
* Add server option to ipa-join so the IPA server can be specified.Rob Crittenden2009-11-301-1/+1
| | | | | | | This is needed because in the client installer we actually perform the join before creating the configuration files that join uses. All we need is the IPA server to join to and we have that from the CLI options so use that.
* Integrate ipa-join and ipa-rmkeytab into the client install/uninstallRob Crittenden2009-11-251-110/+209
| | | | This will fetch a keytab on installation and remove it upon uninstallation.
* Enrollment for a host in an IPA domainRob Crittenden2009-09-241-0/+1
| | | | | | | | | | | | This will create a host service principal and may create a host entry (for admins). A keytab will be generated, by default in /etc/krb5.keytab If no kerberos credentails are available then enrollment over LDAPS is used if a password is provided. This change requires that openldap be used as our C LDAP client. It is much easier to do SSL using openldap than mozldap (no certdb required). Otherwise we'd have to write a slew of extra code to create a temporary cert database, import the CA cert, ...
* The new admin tool 'ipa' uses a different configuration file, create it.Rob Crittenden2009-04-131-7/+8
|
* Use OpenSSL for SSL instead of the built-in python version.Rob Crittenden2009-02-201-0/+3
|
* Rename ipa-python directory to ipapython so it is a real python libraryRob Crittenden2009-02-091-3/+3
| | | | | We used to install it as ipa, now installing it as ipapython. The rpm is still ipa-python.
* We were assuming that, if the realm was correct then also theSimo Sorce2008-09-181-9/+6
| | | | | | | | | | | rest of the krb5.conf configuration were. This clearly breaks with the default EXAMPLE.COM realm configuratrion. Furthermore it makes it not possible to try to 'fix' an installation by rerruninng ipa-client-install This patch removes the special case and avoids krb5.conf only if the on_master flag is passed. Fix also one inner 'if' statement to be simpler to understand.
* Wrap up the raw_input() to user_input() for convenience and uniformity.Martin Nagy2008-07-231-17/+6
|
* Move version.py to the common ipa directory instead of being server-based so ↵Rob Crittenden2008-06-031-16/+28
| | | | | | it can be used by the client tool. Fix the client tool imports to fail more gracefully.
* Try to clear up messages prompting for domain and IPA server when DNS ↵Rob Crittenden2008-05-301-4/+4
| | | | discovery fails to find them.
* Now that admin is in the common users tree make the nss_ldapSimo Sorce2008-05-291-2/+2
| | | | | configuration look at the specific tree where users are and not search the full server.
* Fix the case where domain != lower(REALM)Simo Sorce2008-05-291-13/+16
| | | | | add the domain to the ipa.conf file for apps that need to know This should fix a bug in the replica setup
* Change file mode of log files to 600.Martin Nagy2008-05-201-0/+3
| | | | 446869
* Make sure all services are stopped during uninstall.Rob Crittenden2008-05-141-0/+5
| | | | | | | | | We were just shutting down the KDC if it had been started prior to IPA installation. We need to stop it in all cases. And we should restart nscd as it may have made an LDAP connection. 440322
* fix stupid typo,Simo Sorce2008-05-101-1/+1
| | | | thanks Nalin for spotting this.
* On IPA Servers connect to ourselves using localhost,Simo Sorce2008-05-081-2/+5
| | | | | and avoid searching for KDC servers via DNS, we just connect to ourselves.
* Make sure we always have the [domain-realm] section or kerberos libs misbheave.Simo Sorce2008-04-221-5/+5
|
* Fix client discovery and make sure command line options are not overwrittenSimo Sorce2008-04-091-36/+53
| | | | with discovered options, just verified.
* Make sure we start the NSCD daemon.Simo Sorce2008-04-081-0/+15
| | | | It makes a huge difference on clients, if we cache lookups
* - Better defaults for nss_ldapSimo Sorce2008-04-011-2/+13
| | | | | | | | - Make sure timeouts are not too high, so that machine does not hang if remote servers are not reachable - Make sure root can always login no matter what the status of the ldap servers - use rfc2307bis schema directive
* Implement client uninstallSimo Sorce2008-03-311-2/+42
| | | | (including RHEL4 contrib setup script)
* Allow client install to specify ntp server nameSimo Sorce2008-03-141-1/+6
|
* Prevent server and domain from being undefined or blank when we need themRob Crittenden2008-03-051-4/+8
| | | | | | | Improve LDAP error reporting Don't return the str() of discovery values because it can return "None" 436130
* Close all fds when running another program. This fixes the SELinux AVCs.Rob Crittenden2008-03-031-1/+1
| | | | | | Put installation log files into /var/log. 430024
* Add action statement to ldap.conf updateRob Crittenden2008-02-271-15/+15
| | | | | Move imports into try/except so that ctrl-C can always be caught Fix typo
* Don't try to use options.realm_name unless it was passed inRob Crittenden2008-02-261-6/+15
| | | | | | | Don't allow empty responses to domain and realm name Handle ctrl-C 434982
* Provide feedback on what is being done during ipa-client-installRob Crittenden2008-02-201-0/+6
| | | | 429541
* Pass in server and domain parameters if provided, so that they are not ignoredSimo Sorce2008-02-191-3/+8
|
* Run ipa-client-install after server install bitsSimo Sorce2008-02-201-3/+21
|
* Add uniqueMember -> member mapping into /etc/ldap.conf on installationSimo Sorce2008-02-051-0/+1
|
* Fix issues reported by rpmlint.Rob Crittenden2008-01-181-1/+0
| | | | | | | | | | | | | | - Removing shebangs (#!) from a bunch of python libraries - Don't use a variable name in init scripts for the lock file - Keep the init script name consistent with the binary name, so renamed ipa-kpasswd.init to ipa_kpasswd.init - Add status option to the init scripts - Move most python scripts out of /usr/share/ipa and into the python site-packages directories (ipaserver and ipaclient) - Remove unnecessary sys.path.append("/usr/share/ipa") - Fix the license string in the spec files - Rename ipa-webgui to ipa_webgui everywhere - Fix a couple of issues reported by pychecker in ipa-python
* Fix case where a question was being asked in unattended mode.Rob Crittenden2008-01-171-2/+10
| | | | | Catch permission errors on install. Initialize srv so the error message works if the user presses enter
* Improve confirmation.Karl MacMillan2007-12-121-6/+9
|
* Confirm before configuring the client.Karl MacMillan2007-12-121-1/+7
|
* Fix client installation toolSimo Sorce2007-12-041-2/+4
|
* - Set correct values in ipa.conf during client install so that admin tools canSimo Sorce2007-11-161-0/+15
| | | | | | | | reach the xml-rpc server. - Assume the kdc/ldap server == xml-rpc server for v1. Initial code to read the Kerberos Master Key from the Directory
* NTP configuration for client and server.Karl MacMillan2007-11-011-12/+5
| | | | | | | | Configure ipa servers as an ntp server and clients to (by default) us the ipa server as an ntp server. Also corrected the messages about which ports should be opened.
* Print warning about NTPKarl MacMillan2007-10-221-0/+13
| | | | | | | | | | | | After looking into setting up ntpd on the IPA servers I decided it was better just to warn admins. There are just too many valid setups for time synchronization for us to try to get this right. Additionally, just installing ntp and accepting the default config will result in a configuration that is perfectly valid for IPA. This patch checks if ntpd is running and suggests enabling it if it is not - for client and server. It also adds some suggested next steps to the server installation.
* Autotool ipa-client - patch from William Jon McCann <mccann@jhu.edu>Karl MacMillan2007-10-172-10/+13
|
* Initial support for confiuguring a DNS Server during installation.Simo Sorce2007-09-201-1/+0
| | | | It's not perfect yet but good enough to include it.
* Better file parsing routines,Simo Sorce2007-09-061-31/+49
| | | | | also switch to recreate ldap.conf and krb5.conf from scratch on clients, avoid nasty failures in case the original files contained strange directives
* merge ipa-server/ipaserver/util.py into ipa-python/ipautil.pySimo Sorce2007-09-041-1/+1
| | | | this way freeipa-client does not depend on freeipa-server
* Complete autodiscovery with autoconfigurationSimo Sorce2007-08-301-17/+96
| | | | | | | The code is still not perfect and rely on a yet unreleased nss_ldap package that fix dns discovery problems within nss_ldap itself. Also the manipulation of krb5.conf need to be improved
* Add interactive prompts to ipa-server-installSimo Sorce2007-08-201-3/+3
| | | | | | Change unattended flag to be -U Change master password flag to be -P instead of -m Improve ipa-client-install readability for user prompts
* Add a prototype client tool to configure a client of the IPA serverSimo Sorce2007-08-162-0/+119
Right now it does only discovery (or fallback)