From 2377e8bcb05a11488a7e2cda05b574b64de9de9e Mon Sep 17 00:00:00 2001 From: "rcritten@redhat.com" Date: Fri, 7 Sep 2007 17:49:44 -0400 Subject: Add group command-line tools to the Makefile Updated installation instructions --- ipa-admintools/Makefile | 4 ++++ ipa-server/ipa-install/README | 45 +++++++++++++++++++++++++++++++++++-------- 2 files changed, 41 insertions(+), 8 deletions(-) diff --git a/ipa-admintools/Makefile b/ipa-admintools/Makefile index 4bed3b9a6..47822fc91 100644 --- a/ipa-admintools/Makefile +++ b/ipa-admintools/Makefile @@ -7,6 +7,10 @@ install: install -m 755 ipa-finduser $(SBINDIR) install -m 755 ipa-usermod $(SBINDIR) install -m 755 ipa-deluser $(SBINDIR) + install -m 755 ipa-addgroup $(SBINDIR) + install -m 755 ipa-delgroup $(SBINDIR) + install -m 755 ipa-findgroup $(SBINDIR) + install -m 755 ipa-groupmod $(SBINDIR) clean: rm -f *~ *.pyc diff --git a/ipa-server/ipa-install/README b/ipa-server/ipa-install/README index fd6b74736..16fc4a799 100644 --- a/ipa-server/ipa-install/README +++ b/ipa-server/ipa-install/README @@ -2,7 +2,8 @@ Required packages: krb5-server -fedora-ds-base / fedora-ds-base-devel +fedora-ds-base +fedora-ds-base-devel openldap-clients krb5-server-ldap cyrus-sasl-gssapi @@ -13,12 +14,40 @@ openssl-devel Installation example: -TEMPORARY: (until fedora ds scripts are fixed) -please use the fedora-ds.init.patch under share/ to patch your init scripts before -running ipa-server-install +TEMPORARY: until bug https://bugzilla.redhat.com/show_bug.cgi?id=248169 is + fixed. -cd ipa-install -make install -cd .. -/usr/sbin/ipa-server-install -u fds -r FREEIPA.ORG -p freeipa -m ipafree +Please apply the fedora-ds.init.patch in freeipa/ipa-server/ipa-install/share/ +to patch your init scripts before running ipa-server-install. This tells +FDS where to find its kerberos keytab. +Things done as root are denoted by #. Things done as a unix user are denoted +by %. + +# cd freeipa +# patch -p0 < ipa-server/ipa-install/share/fedora-ds.init.patch + +Now to do the installation. + +# cd freeipa +# make install +# /usr/sbin/ipa-server-install -u fds -r FREEIPA.ORG -p freeipa -P ipafree + +For more verbose output add the -d flag + +You have a basic working system with one super administrator (named admin). + +To create another administrative user: + +% kinit admin@FREEIPA.ORG +% /usr/sbin/ipa-adduser -f Test -l User test +% ldappasswd -Y GSSAPI -h localhost -s password uid=test,cn=users,cn=accounts,dc=freeipa,dc=org +% /usr/sbin/ipa-groupmod -a test admins + +An admin user is just a regular user in the group admin. + +Now you can destroy the old ticket and log in as test: + +% kdestroy +% kinit test@FREEIPA.ORG +% /usr/sbin/ipa-finduser test -- cgit