GOAL: Setup freeipa for w/ kerberos NFS4 file sharing,                          
               
and autofs/auto mount home directories. A small number of users or hosts.       
               
                                                                                
               
I have a centos 7.3 Internet host "pez.ipa.uqjau.org", with
bind/bind-chroot installed and working. There is a "ipa.uqjau.org"
delegation NS record and a SOA ipa.uqjau.org record, both mapped to
host "pez.ipa.uqjau.org" both in the "uqjau.org" zone. bind is working
OK on pez with pez bind authoritative for ipa.uqjau.org, but I plan
to uninstall bind-chroot and let 'ipa-server-install' setup bind from
scratch.  (I understand I need to uninstall bind-chroot, and plan to
do so.)

I'm new to freeipa, but have read for 7 hours or so, and have spent a
couple of hours reading the list. NFS4 is working now.

For guidance on the install I have been looking at:

<https://mkosek.fedorapeople.org/publican_site/en-US/FreeIPA/3.4/html/FreeIPA_Guide/creating-server.html>

<https://blog.christophersmart.com/articles/freeipa-how-to-fedora/>

How does this look?

    ipa-server-install \
        --unattended \
        --realm=IPA.UQJAU.ORG \
        --domain=ipa.uqjau.org \
        --ds-password=SOMETHINGSECRET \
        --admin-password=ANOTHERPW \
        --mkhomedir \
        --ip-address=45.55.89.85 \
        --idstart=50000 \
        --no_hbac_allow \
        --ssh-trust-dns \
        --setup-dns \
        --no-forwarders \
        --no-reverse \
        --zonemgr=AN_EMAIL_ADDR_HERE \
        --no-dnssec-validation \


The --zonemgr line above is what I think the man page intends, right?

--
thanks,
Tom
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to