diff options
-rw-r--r-- | ipa-client/ipa-install/ipa-client-install | 13 | ||||
-rw-r--r-- | ipa-server/ipa-install/ipa-server-install | 31 |
2 files changed, 44 insertions, 0 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 895756c6..0e89a66b 100644 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -67,6 +67,14 @@ def logging_setup(options): console.setFormatter(formatter) logging.getLogger('').addHandler(console) +def check_ntp(): + ret_code = 1 + p = subprocess.Popen(["/sbin/service", "ntpd", "status"], stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + stdout, stderr = p.communicate() + + return p.returncode + def main(): options = parse_options() logging_setup(options) @@ -200,6 +208,11 @@ def main(): #Modify pam to add pam_krb5 run(["/usr/sbin/authconfig", "--enablekrb5", "--update"]) + # print warning about ntp + if check_ntp() != 0: + print "WARNING: Kerberos requires time synchronization between clients" + print "and servers for correct operation. You should consider enabling ntpd." + return 0 main() diff --git a/ipa-server/ipa-install/ipa-server-install b/ipa-server/ipa-install/ipa-server-install index a8da0ae2..e05340b3 100644 --- a/ipa-server/ipa-install/ipa-server-install +++ b/ipa-server/ipa-install/ipa-server-install @@ -372,6 +372,15 @@ def read_admin_password(): admin_password = read_password("IPA admin") return admin_password +def check_ntp(): + ret_code = 1 + p = subprocess.Popen(["/sbin/service", "ntpd", "status"], stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + stdout, stderr = p.communicate() + + return p.returncode + + def main(): global ds ds = None @@ -584,6 +593,28 @@ def main(): fd.write("realm=" + realm_name + "\n") fd.close() + print "==============================================================================" + print "Setup complete" + print "" + print "Next steps:" + print "\t1. You may need to open some network ports - specifically:" + print "\t\tTCP Ports:" + print "\t\t * 80, 443, 8080: HTTP/HTTPS" + print "\t\t * 389, 636: LDAP/LDAPS" + print "\t\t * 464: kpasswd" + print "\t\tUDP Ports:" + print "\t\t * 88, 750: kerberos" + print "" + print "\t2. You can now obtain a kerberos ticket using the command: 'kinit admin'." + print "\t This ticket will allow you to use the IPA tools (e.g., ipa-adduser)" + print "\t and the web user interface." + + if check_ntp() != 0: + print "\t3. Kerberos requires time synchronization between clients" + print "\t and servers for correct operation. You should consider enabling ntpd." + + + return 0 try: |