diff options
| author | Martin Babinsky <mbabinsk@redhat.com> | 2017-02-17 13:50:36 +0100 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2017-03-01 15:55:45 +0100 |
| commit | aa353c5f21bf040579a4aeda6840b56ae93b4309 (patch) | |
| tree | 6e6b1ed16277084eaa8bc19d7cb1572285606773 /ipaserver | |
| parent | 13b5821fa4d32b5a1cc69a97386853fad44236ec (diff) | |
| download | freeipa-aa353c5f21bf040579a4aeda6840b56ae93b4309.tar.gz freeipa-aa353c5f21bf040579a4aeda6840b56ae93b4309.tar.xz freeipa-aa353c5f21bf040579a4aeda6840b56ae93b4309.zip | |
Merge AD trust configurator into server installer
ipa-server-install is now able to configure Samba and winbind services
and manage trusts to Active Directory right off the bat with following
alterations from standalone installer:
* sidgen task is always triggered since there are only a few entries
to tag in the beginning
* the `--add-agents` option is hardcoded to False, as there are no
potential agents to resolve and addd when setting up the first
master in topology
https://fedorahosted.org/freeipa/ticket/6630
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/server/install.py | 27 |
1 files changed, 18 insertions, 9 deletions
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index be398bce7..1e6aad922 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -32,7 +32,7 @@ from ipalib.util import ( ) import ipaclient.install.ntpconf from ipaserver.install import ( - bindinstance, ca, dns, dsinstance, + adtrust, bindinstance, ca, dns, dsinstance, httpinstance, installutils, kra, krbinstance, ntpinstance, otpdinstance, custodiainstance, replication, service, sysupgrade) @@ -386,6 +386,8 @@ def install_check(installer): print(" * Configure Apache (httpd)") if options.setup_dns: print(" * Configure DNS (bind)") + if options.setup_adtrust: + print(" * Configure Samba (smb) and winbind for managing AD trusts") if not options.no_pkinit: print(" * Configure the KDC to enable PKINIT") if options.no_ntp: @@ -610,6 +612,9 @@ def install_check(installer): network_ip_address_warning(ip_addresses) broadcast_ip_address_warning(ip_addresses) + if options.setup_adtrust: + adtrust.install_check(False, options, api) + # installer needs to update hosts file when DNS subsystem will be # installed or custom addresses are used if options.ip_addresses or options.setup_dns: @@ -636,16 +641,17 @@ def install_check(installer): )) print() - # If domain name and realm does not match, IPA server will not be able - # to estabilish trust with Active Directory. Print big fat warning. + if not options.setup_adtrust: + # If domain name and realm does not match, IPA server will not be able + # to estabilish trust with Active Directory. Print big fat warning. - realm_not_matching_domain = (domain_name.upper() != realm_name) + realm_not_matching_domain = (domain_name.upper() != realm_name) - if realm_not_matching_domain: - print("WARNING: Realm name does not match the domain name.\n" - "You will not be able to estabilish trusts with Active " - "Directory unless\nthe realm name of the IPA server matches " - "its domain name.\n\n") + if realm_not_matching_domain: + print("WARNING: Realm name does not match the domain name.\n" + "You will not be able to estabilish trusts with Active " + "Directory unless\nthe realm name of the IPA server matches " + "its domain name.\n\n") if installer.interactive and not user_input( "Continue to configure the system with these values?", False): @@ -847,6 +853,9 @@ def install(installer): no_dnssec_validation=options.no_dnssec_validation) bind.create_file_with_system_records() + if options.setup_adtrust: + adtrust.install(False, options, fstore, api) + # Set the admin user kerberos password ds.change_admin_password(admin_password) |