Примечание
ipa-server-install
в конфигурации по умолчанию, не указаны CA параметры, например, --external-ca
или --ca-less
, сервер FreeIPA устанавливается с интегрированным CA.
# ipa-server-install
Do you want to configure integrated DNS (BIND)? [no]: yes
Примечание
Server host name [ipa.example.test]: Please confirm the domain name [example.test]: Please provide a realm name [EXAMPLE.TEST]:
Важно
Directory Manager password: Password (confirm):
Предупреждение
IPA admin password: Password (confirm):
Do you want to configure DNS forwarders? [yes]:
Following DNS servers are configured in /etc/resolv.conf: 127.0.0.1 Do you want to configure these servers as DNS forwarders? [yes]:
All detected DNS servers were added. You can enter additional addresses now: Enter an IP address for a DNS forwarder, or press Enter to skip: 8.8.8.8 DNS forwarder 8.8.8.8 added. You may add another. Enter an IP address for a DNS forwarder, or press Enter to skip: DNS forwarders: 127.0.0.1, 8.8.8.8 Checking DNS forwarders, please wait ...
Примечание
Do you want to search for missing reverse zones? [yes] Checking DNS domain 0.168.192.in-addr.arpa., please wait ... Do you want to create reverse zone for IP 192.168.0.162 [yes]: yes Please specify the reverse zone name [0.168.192.in-addr.arpa.]: Checking DNS domain 0.168.192.in-addr.arpa., please wait ... Using reverse zone(s) 0.168.192.in-addr.arpa.
Примечание
NetBIOS domain name [EXAMPLE]:
Do you want to configure OPENNTPD with NTP server or pool address? [no]:
The IPA Master Server will be configured with: Hostname: ipa.example.test IP address(es): 192.168.0.113 Domain name: example.test Realm name: EXAMPLE.TEST The CA will be configured with: Subject DN: CN=Certificate Authority,O=EXAMPLE.TEST Subject base: O=EXAMPLE.TEST Chaining: self-signed BIND DNS server will be configured to serve IPA domain with: Forwarders: 8.8.8.8 Forward policy: only Reverse zone(s): 0.168.192.in-addr.arpa. Continue to configure the system with these values? [no]: yes
============================================================================== Setup complete Next steps: 1. You must make sure these network ports are open: TCP Ports: * 80, 443: HTTP/HTTPS * 389, 636: LDAP/LDAPS * 88, 464: kerberos * 53: bind UDP Ports: * 88, 464: kerberos * 53: bind * 123: ntp 2. You can now obtain a kerberos ticket using the command: 'kinit admin' This ticket will allow you to use the IPA tools (e.g., ipa user-add) and the web user interface. Be sure to back up the CA certificates stored in /root/cacert.p12 These files are required to create replicas. The password for these files is the Directory Manager password The ipa-server-install command was successful