1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
.\" A man page for ipa-server-install
.\" Copyright (C) 2008 Red Hat, Inc.
.\"
.\" This is free software; you can redistribute it and/or modify it under
.\" the terms of the GNU Library General Public License as published by
.\" the Free Software Foundation; version 2 only
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU Library General Public
.\" License along with this program; if not, write to the Free Software
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-server-install" "1" "Mar 14 2008" "freeipa" ""
.SH "NAME"
ipa\-server\-install \- Configure an IPA server
.SH "SYNOPSIS"
ipa\-server\-install [\fIOPTION\fR]...
.SH "DESCRIPTION"
Configures the services needed by an IPA server. This includes setting up a Kerberos Key Distribution Center (KDC) with an LDAP back\-end, configuring Apache, configuring NTP and starting the ipa_kpasswd service provided by IPA. By default a dogtag\-based CA will be configured to issue server certificates.
.SH "OPTIONS"
.TP
\fB\-u\fR, \fB\-\-user\fR=\fIDS_USER\fR
The user that the Directory Server will run as
.TP
\fB\-r\fR, \fB\-\-realm\fR=\fIREALM_NAME\fR
The Kerberos realm name for the IPA server
.TP
\fB\-n\fR, \fB\-\-domain\fR=\fIDOMAIN_NAME\fR
Your DNS domain name
.TP
\fB\-p\fR, \fB\-\-ds\-password\fR=\fIDM_PASSWORD\fR
The password to be used by the Directory Server for the Directory Manager user
.TP
\fB\-P\fR, \fB\-\-master\-password\fR=\fIMASTER_PASSWORD\fR
The kerberos master password (normally autogenerated)
.TP
\fB\-a\fR, \fB\-\-admin\-password\fR=\fIADMIN_PASSWORD\fR
The password for the IPA admin user
.TP
\fB\-d\fR, \fB\-\-debug\fR
Enable debug logging when more verbose output is needed
.TP
\fB\-\-selfsign\fR
Configure a self\-signed CA instance for issuing server certificates instead of using dogtag for certificates
.TP
\fB\-\-hostname\fR=\fIHOST_NAME\fR
The fully\-qualified DNS name of this server
.TP
\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
The IP address of this server. If this address does not match the address the host resolves to and --setup-dns is not selected the installation will fail.
.TP
\fB\-U\fR, \fB\-\-unattended\fR
An unattended installation that will never prompt for user input
.TP
\fB\-\-setup\-dns\fR
Generate a DNS zone if it does not exist already and configure the DNS server.
This option requires that you either specify at least one DNS forwarder through
the \fB\-\-forwarder\fR option or use the \fB\-\-no\-forwarders\fR option.
.TP
\fB\-\-forwarder\fR=\fIIP_ADDRESS\fR
Add a DNS forwarder to the DNS configuration. You can use this option multiple
times to specify more forwarders, but at least one must be provided, unless
the \fB\-\-no\-forwarders\fR option is specified.
.TP
\fB\-\-no\-forwarders\fR
Do not add any DNS forwarders. Root DNS servers will be used instead.
.TP
\fB\-\-zonemgr\fR
The e\-mail address of the DNS zone manager. Defaults too root@host.domain
.TP
\fB\-\-no\-host\-dns\fR
Do not use DNS for hostname lookup during installation
.TP
\fB\-N\fR, \fB\-\-no\-ntp\fR
Do not configure NTP
.TP
\fB\-\-uninstall\fR
Uninstall an existing IPA installation
.TP
\fB\-\-dirsrv_pkcs12\fR=\fIFILE\fR
PKCS#12 file containing the Directory Server SSL Certificate
.TP
\fB\-\-http_pkcs12\fR=\fIFILE\fR
PKCS#12 file containing the Apache Server SSL Certificate
.TP
\fB\-\-dirsrv_pin\fR=\fIDIRSRV_PIN\fR
The password of the Directory Server PKCS#12 file
.TP
\fB\-\-http_pin\fR=\fIHTTP_PIN\fR
The password of the Apache Server PKCS#12 file
.TP
\fB\-\-idstart\fR=\fIIDSTART\fR
The starting user and group id number (default random)
.TP
\fB\-\-subject\fR=\fISUBJECT\fR
The certificate subject base (default O=REALM.NAME)
.TP
\fB\-\-no_hbac_allow\fR
Don't install allow_all HBAC rule. This rule lets any user from any host access any service on any other host. It is expected that users will remove this rule before moving to production.
.TP
.SH "EXIT STATUS"
0 if the installation was successful
1 if an error occurred
|
