1ipa-server-install(1) FreeIPA Manual Pages ipa-server-install(1)
2
6 ipa-server-install - Configure an IPA server
7
9 ipa-server-install [OPTION]...
10
12 Configures the services needed by an IPA server. This includes setting
13 up a Kerberos Key Distribution Center (KDC) and a Kadmin daemon with an
14 LDAP back-end, configuring Apache, configuring NTP and optionally con‐
15 figuring and starting an LDAP-backed DNS server. By default a dog‐
16 tag-based CA will be configured to issue server certificates.
17
20 BASIC OPTIONS
21 -r REALM_NAME, --realm=REALM_NAME
22 The Kerberos realm name for the IPA server
23 -n DOMAIN_NAME, --domain=DOMAIN_NAME
25 Your DNS domain name
26 -p DM_PASSWORD, --ds-password=DM_PASSWORD
28 The password to be used by the Directory Server for the Direc‐
29 tory Manager user
30 -P MASTER_PASSWORD, --master-password=MASTER_PASSWORD
32 The kerberos master password (normally autogenerated)
33 -a ADMIN_PASSWORD, --admin-password=ADMIN_PASSWORD
35 The password for the IPA admin user
36 --hostname=HOST_NAME
38 The fully-qualified DNS name of this server. If the hostname
39 does not match system hostname, the system hostname will be
40 updated accordingly to prevent service failures.
41 --ip-address=IP_ADDRESS
43 The IP address of this server. If this address does not match
44 the address the host resolves to and --setup-dns is not selected
45 the installation will fail. If the server hostname is not
46 resolvable, a record for the hostname and IP_ADDRESS is added to
47 /etc/hosts.
48 -N, --no-ntp
50 Do not configure NTP
51 --idstart=IDSTART
53 The starting user and group id number (default random)
54 --idmax=IDMAX
56 The maximum user and group id number (default: idstart+199999).
57 If set to zero, the default value will be used.
58 --no_hbac_allow
60 Don't install allow_all HBAC rule. This rule lets any user from
61 any host access any service on any other host. It is expected
62 that users will remove this rule before moving to production.
63 --no-ui-redirect
65 Do not automatically redirect to the Web UI.
66 --ssh-trust-dns
68 Configure OpenSSH client to trust DNS SSHFP records.
69 --no-ssh
71 Do not configure OpenSSH client.
72 --no-sshd
74 Do not configure OpenSSH server.
75 -d, --debug
77 Enable debug logging when more verbose output is needed
78 -U, --unattended
80 An unattended installation that will never prompt for user input
81 CERTIFICATE SYSTEM OPTIONS
85 --external-ca
86 Generate a CSR to be signed by an external CA
87 --external_cert_file=FILE
89 File containing PKCS#10 certificate
90 --external_ca_file=FILE
92 File containing PKCS#10 of the external CA chain
93 --dirsrv_pkcs12=FILE
95 PKCS#12 file containing the Directory Server SSL Certificate
96 --http_pkcs12=FILE
98 PKCS#12 file containing the Apache Server SSL Certificate
99 --dirsrv_pin=DIRSRV_PIN
101 The password of the Directory Server PKCS#12 file
102 --http_pin=HTTP_PIN
104 The password of the Apache Server PKCS#12 file
105 --subject=SUBJECT
107 The certificate subject base (default O=REALM.NAME)
108 --selfsign
110 Configure a self-signed CA instance for issuing server certifi‐
111 cates instead of using dogtag for certificates.
112 WARNING: Using this option will restrain the server certificate
114 management capabilities. Please, keep in mind that there is no
115 way to change this setting later.
116 DNS OPTIONS
119 --setup-dns
120 Generate a DNS zone if it does not exist already and configure
121 the DNS server. This option requires that you either specify at
122 least one DNS forwarder through the --forwarder option or use
123 the --no-forwarders option.
124 Note that you can set up a DNS at any time after the initial IPA
126 server install by running ipa-dns-install (see ipa-dns-
127 install(1)).
128 --forwarder=IP_ADDRESS
130 Add a DNS forwarder to the DNS configuration. You can use this
131 option multiple times to specify more forwarders, but at least
132 one must be provided, unless the --no-forwarders option is spec‐
133 ified.
134 --no-forwarders
136 Do not add any DNS forwarders. Root DNS servers will be used
137 instead.
138 --reverse-zone=REVERSE_ZONE
140 The reverse DNS zone to use
141 --no-reverse
143 Do not create reverse DNS zone
144 --zonemgr
146 The e-mail address of the DNS zone manager. Defaults to hostmas‐
147 ter@DOMAIN
148 --no-persistent-search
150 Do not enable persistent search mechanism for updating the list
151 of DNS zones in the name server. When persistent search is dis‐
152 abled and --zone-refresh option is not set to non-zero value,
153 new zones won't be resolvable until the name server is reloaded.
154 --zone-refresh=ZONE_REFRESH
156 When set to non-zero value, persistent search zone update mecha‐
157 nism will be disabled and the name server will use a polling
158 mechanism to load new DNS zones every ZONE_REFRESH seconds.
159 --no-host-dns
161 Do not use DNS for hostname lookup during installation
162 --no-dns-sshfp
164 Do not automatically create DNS SSHFP records.
165 --no-serial-autoincrement
167 Do not enable SOA serial autoincrement feature. SOA serial will
168 have to be updated automatically or other DNS features like zone
169 transfer od DNSSEC will not function properly. This feature
170 requires persistent search zone update mechanism.
171 UNINSTALL OPTIONS
174 --uninstall
175 Uninstall an existing IPA installation
176 -U, --unattended
178 An unattended uninstallation that will never prompt for user
179 input
180
183 0 if the (un)installation was successful
184 1 if an error occurred
186
189 ipa-dns-install(1)
190FreeIPA Jun 28 2012 ipa-server-install(1)