Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

此内容没有您所选择的语言版本。

3.3. Example: Running the Script Interactively and Silently

3.3.1. Basic Interactive Installation
复制链接

All that is required to set up an IdM server is to run the ipa-server-install script. This launches the script interactively, which prompts for the required information to set up a server, but without more advanced configuration like DNS and CA options.
  1. Run the ipa-server-install script. 
    [root@server ~]# ipa-server-install
    Copy to Clipboard Toggle word wrap
  2. Enter the hostname. This is determined automatically using reverse DNS. 
    Server host name [ipaserver.example.com]:
    Copy to Clipboard Toggle word wrap
  3. Enter the domain name. This is determined automatically based on the hostname. 
    Please confirm the domain name [example.com]:
    Copy to Clipboard Toggle word wrap
  4. Enter the new Kerberos realm name. This is usually based on the domain name. 
    Please provide a realm name [EXAMPLE.COM]:
    Copy to Clipboard Toggle word wrap
  5. Enter the password for the Directory Server superuser, cn=Directory Manager. There are password strength requirements for this password, including a minimum password length (eight characters). 
    Directory Manager password:
Password (confirm):
    Copy to Clipboard Toggle word wrap
  6. Enter the password for the IdM system user account, admin. This user is created on the machine. 
    IPA admin password:
Password (confirm):
    Copy to Clipboard Toggle word wrap
  7. The script then reprints the hostname, IP address, and domain name. Confirm that the information is correct. 
    The IPA Master Server will be configured with
Hostname:    ipaserver.example.com
IP address:  192.168.1.1
Domain name: example.com
Realm name: EXAMPLE.COM
Continue to configure the system with these values? [no]: yes
    Copy to Clipboard Toggle word wrap
  8. After that, the script configures all of the associated services for IdM, with task counts and progress bars. 
    Configuring NTP daemon (ntpd) 
[1/4]: stopping ntpd 
...
Done configuring NTP daemon (ntpd). 
Configuring directory server (dirsrv): Estimated time 1 minute 
[1/38]: creating directory server user 
.... 
Configuring certificate server (pki-tomcatd): Estimated time 3 minutes 30 seconds 
[1/20]: creating certificate server user 
... 
Done configuring certificate server (pki-tomcatd). 
Configuring Kerberos KDC (krb5kdc): Estimated time 30 seconds 
[1/10]: adding sasl mappings to the directory 
... 
Done configuring Kerberos KDC (krb5kdc). 
Configuring kadmin 
[1/2]: starting kadmin 
[2/2]: configuring kadmin to start on boot 
Done configuring kadmin. 
Configuring ipa_memcached 
[1/2]: starting ipa_memcached 
[2/2]: configuring ipa_memcached to start on boot 
Done configuring ipa_memcached. 
Configuring ipa-otpd 
[1/2]: starting ipa-otpd 
[2/2]: configuring ipa-otpd to start on boot 
Done configuring ipa-otpd. 
Configuring the web interface (httpd): Estimated time 1 minute 
[1/15]: disabling mod_ssl in httpd 
... 
Done configuring the web interface (httpd). 
Applying LDAP updates 
Restarting the directory server 
Restarting the KDC 
Sample zone file for bind has been created in /tmp/sample.zone.pUfcGp.db 
Restarting the web server 
  
Setup complete
    Copy to Clipboard Toggle word wrap
  9. Restart the SSH service to retrieve the Kerberos principal and to refresh the name server switch (NSS) configuration file: 
    [root@server ~]# service sshd restart
    Copy to Clipboard Toggle word wrap
  10. Authenticate to the Kerberos realm using the admin user's credentials to ensure that the user is properly configured and the Kerberos realm is accessible. 
    [root@server ~]# kinit admin
Password for admin@EXAMPLE.COM:
    Copy to Clipboard Toggle word wrap
  11. Test the IdM configuration by running a command like ipa user-find. For example: 
    [root@server ~]# ipa user-find admin
--------------
1 user matched
--------------
User login: admin 
Last name: Administrator 
Home directory: /home/admin 
Login shell: /bin/bash 
UID: 939000000 
GID: 939000000 
Account disabled: False 
Password: True 
Kerberos keys available: True 
----------------------------
Number of entries returned 1
----------------------------
    Copy to Clipboard Toggle word wrap

3.3.2. Silent (Non-Interactive) Installation
复制链接

As shown in Section 3.3.1, “Basic Interactive Installation”, only a few pieces of information are required to configure an IdM server. While the setup script can prompt for this information in interactive mode, this information can also be passed with the setup command to allow automated and unattended configuration:
  • Passwords for the IdM administrative user and the Directory Server super user (Directory Manager)
  • The server hostname
  • The Kerberos realm name
  • The DNS domain name
This information can be passed with the ipa-server-install, along with the -U to force it to run without requiring user interaction.

Example 3.1. Basic Installation without Interaction

[root@server ~]# ipa-server-install -a secret12 --hostname=ipaserver.example.com -r EXAMPLE.COM -p secret12 -n example.com -U
Copy to Clipboard Toggle word wrap
The script then prints the submitted values: 
To accept the default shown in brackets, press the Enter key.

The IPA Master Server will be configured with
Hostname:    ipaserver.example.com
IP address:  192.168.1.1
Domain name: example.com
Copy to Clipboard Toggle word wrap
The server name must be a valid DNS name, which means only numbers, alphabetic characters, and hyphens (-) are allowed. Other characters, like underscores, in the hostname will cause DNS failures. Additionally, the hostname must be all lower-case. No capital letters are allowed.
Then the script runs through the configuration progress for each IdM service, as in Section 3.3.1, “Basic Interactive Installation”.
返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat