1ipa-server-install(1)        FreeIPA Manual Pages        ipa-server-install(1)
2
3
4

NAME

6       ipa-server-install - Configure an IPA server
7

SYNOPSIS

9       ipa-server-install [OPTION]...
10

DESCRIPTION

12       Configures  the services needed by an IPA server. This includes setting
13       up a Kerberos Key Distribution Center (KDC) and a Kadmin daemon with an
14       LDAP  back-end, configuring Apache, configuring NTP and optionally con‐
15       figuring and starting an LDAP-backed DNS  server.  By  default  a  dog‐
16       tag-based CA will be configured to issue server certificates.
17
18

OPTIONS

20   BASIC OPTIONS
21       -r REALM_NAME, --realm=REALM_NAME
22              The Kerberos realm name for the IPA server
23
24       -n DOMAIN_NAME, --domain=DOMAIN_NAME
25              Your DNS domain name
26
27       -p DM_PASSWORD, --ds-password=DM_PASSWORD
28              The  password  to be used by the Directory Server for the Direc‐
29              tory Manager user
30
31       -P MASTER_PASSWORD, --master-password=MASTER_PASSWORD
32              The kerberos master password (normally autogenerated)
33
34       -a ADMIN_PASSWORD, --admin-password=ADMIN_PASSWORD
35              The password for the IPA admin user
36
37       --hostname=HOST_NAME
38              The fully-qualified DNS name of this  server.  If  the  hostname
39              does  not  match  system  hostname,  the system hostname will be
40              updated accordingly to prevent service failures.
41
42       --ip-address=IP_ADDRESS
43              The IP address of this server. If this address  does  not  match
44              the address the host resolves to and --setup-dns is not selected
45              the installation will  fail.  If  the  server  hostname  is  not
46              resolvable, a record for the hostname and IP_ADDRESS is added to
47              /etc/hosts.
48
49       -N, --no-ntp
50              Do not configure NTP
51
52       --idstart=IDSTART
53              The starting user and group id number (default random)
54
55       --idmax=IDMAX
56              The maximum user and group id number (default:  idstart+199999).
57              If set to zero, the default value will be used.
58
59       --no_hbac_allow
60              Don't  install allow_all HBAC rule. This rule lets any user from
61              any host access any service on any other host.  It  is  expected
62              that users will remove this rule before moving to production.
63
64       --no-ui-redirect
65              Do not automatically redirect to the Web UI.
66
67       --ssh-trust-dns
68              Configure OpenSSH client to trust DNS SSHFP records.
69
70       --no-ssh
71              Do not configure OpenSSH client.
72
73       --no-sshd
74              Do not configure OpenSSH server.
75
76       -d, --debug
77              Enable debug logging when more verbose output is needed
78
79       -U, --unattended
80              An unattended installation that will never prompt for user input
81
82
83
84   CERTIFICATE SYSTEM OPTIONS
85       --external-ca
86              Generate a CSR to be signed by an external CA
87
88       --external_cert_file=FILE
89              File containing PKCS#10 certificate
90
91       --external_ca_file=FILE
92              File containing PKCS#10 of the external CA chain
93
94       --dirsrv_pkcs12=FILE
95              PKCS#12 file containing the Directory Server SSL Certificate
96
97       --http_pkcs12=FILE
98              PKCS#12 file containing the Apache Server SSL Certificate
99
100       --dirsrv_pin=DIRSRV_PIN
101              The password of the Directory Server PKCS#12 file
102
103       --http_pin=HTTP_PIN
104              The password of the Apache Server PKCS#12 file
105
106       --subject=SUBJECT
107              The certificate subject base (default O=REALM.NAME)
108
109       --selfsign
110              Configure  a self-signed CA instance for issuing server certifi‐
111              cates instead of using dogtag for certificates.
112
113              WARNING: Using this option will restrain the server  certificate
114              management  capabilities.  Please, keep in mind that there is no
115              way to change this setting later.
116
117
118   DNS OPTIONS
119       --setup-dns
120              Generate a DNS zone if it does not exist already  and  configure
121              the DNS server.  This option requires that you either specify at
122              least one DNS forwarder through the --forwarder  option  or  use
123              the --no-forwarders option.
124
125              Note that you can set up a DNS at any time after the initial IPA
126              server  install  by  running   ipa-dns-install   (see   ipa-dns-
127              install(1)).
128
129       --forwarder=IP_ADDRESS
130              Add  a  DNS forwarder to the DNS configuration. You can use this
131              option multiple times to specify more forwarders, but  at  least
132              one must be provided, unless the --no-forwarders option is spec‐
133              ified.
134
135       --no-forwarders
136              Do not add any DNS forwarders. Root DNS  servers  will  be  used
137              instead.
138
139       --reverse-zone=REVERSE_ZONE
140              The reverse DNS zone to use
141
142       --no-reverse
143              Do not create reverse DNS zone
144
145       --zonemgr
146              The e-mail address of the DNS zone manager. Defaults to hostmas‐
147              ter@DOMAIN
148
149       --no-persistent-search
150              Do not enable persistent search mechanism for updating the  list
151              of  DNS zones in the name server. When persistent search is dis‐
152              abled and --zone-refresh option is not set  to  non-zero  value,
153              new zones won't be resolvable until the name server is reloaded.
154
155       --zone-refresh=ZONE_REFRESH
156              When set to non-zero value, persistent search zone update mecha‐
157              nism will be disabled and the name server  will  use  a  polling
158              mechanism to load new DNS zones every ZONE_REFRESH seconds.
159
160       --no-host-dns
161              Do not use DNS for hostname lookup during installation
162
163       --no-dns-sshfp
164              Do not automatically create DNS SSHFP records.
165
166       --no-serial-autoincrement
167              Do  not enable SOA serial autoincrement feature. SOA serial will
168              have to be updated automatically or other DNS features like zone
169              transfer  od  DNSSEC  will  not  function properly. This feature
170              requires persistent search zone update mechanism.
171
172
173   UNINSTALL OPTIONS
174       --uninstall
175              Uninstall an existing IPA installation
176
177       -U, --unattended
178              An unattended uninstallation that will  never  prompt  for  user
179              input
180
181

EXIT STATUS

183       0 if the (un)installation was successful
184
185       1 if an error occurred
186
187

SEE ALSO

189       ipa-dns-install(1)
190
191
192
193FreeIPA                           Jun 28 2012            ipa-server-install(1)
Impressum