2.2. Non-interactive installation of an IdM server with integrated DNS and with an integrated CA as the root CA

Procedure

1. Run the ipa-server-install utility with the options to supply all the required information. The minimum required options for non-interactive installation are:

   • --realm to provide the Kerberos realm name
   • --ds-password to provide the password for the Directory Manager (DM), the Directory Server super user
   • --admin-password to provide the password for admin, the Identity Management (IdM) administrator
   • --unattended to let the installation process select default options for the host name and domain name

   To install a server with integrated DNS, add also these options:

   • --setup-dns to configure integrated DNS
   • --forwarder or --no-forwarders, depending on whether you want to configure DNS forwarders or not
   • --auto-reverse or --no-reverse, depending on whether you want to configure automatic detection of the reverse DNS zones that must be created in the IdM DNS or no reverse zone auto-detection

   For example:

   # ipa-server-install --realm IDM.EXAMPLE.COM --ds-password DM_password --admin-password admin_password --unattended --setup-dns --forwarder 192.0.2.1 --no-reverse

2. After the installation script completes, update your DNS records in the following way:

   1. Add DNS delegation from the parent domain to the IdM DNS domain. For example, if the IdM DNS domain is idm.example.com, add a name server (NS) record to the example.com parent domain.

      重要

      Repeat this step each time after an IdM DNS server is installed.

   2. Add an _ntp._udp service (SRV) record for your time server to your IdM DNS. The presence of the SRV record for the time server of the newly-installed IdM server in IdM DNS ensures that future replica and client installations are automatically configured to synchronize with the time server used by this primary IdM server.