一、yum install -y ipa-server

二、安装ipa服务

ipa-server-install [Options]

Options:

--version             show program's version number and exit

-h, --help            show this help message and exit

basic options:

-r REALM_NAME, --realm=REALM_NAME

realm name

-n DOMAIN_NAME, --domain=DOMAIN_NAME

domain name

-p DM_PASSWORD, --ds-password=DM_PASSWORD

admin password

-P MASTER_PASSWORD, --master-password=MASTER_PASSWORD

kerberos master password (normally autogenerated)

-a ADMIN_PASSWORD, --admin-password=ADMIN_PASSWORD

admin user kerberos password

--hostname=HOST_NAME

fully qualified name of server

--ip-address=IP_ADDRESS

Master Server IP Address

-N, --no-ntp        do not configure ntp

--idstart=IDSTART   The starting value for the IDs range (default random)

--idmax=IDMAX       The max value value for the IDs range (default:

idstart+199999)

--no_hbac_allow     Don't install allow_all HBAC rule

--no-ui-redirect    Do not automatically redirect to the Web UI

--ssh-trust-dns     configure OpenSSH client to trust DNS SSHFP records

--no-ssh            do not configure OpenSSH client

--no-sshd           do not configure OpenSSH server

-d, --debug         print debugging information

-U, --unattended    unattended (un)installation never prompts the user

certificate system options:

--external-ca       Generate a CSR to be signed by an external CA

--external_cert_file=EXTERNAL_CERT_FILE

File containing PKCS#10 certificate

--external_ca_file=EXTERNAL_CA_FILE

File containing PKCS#10 of the external CA chain

--dirsrv_pkcs12=DIRSRV_PKCS12

PKCS#12 file containing the Directory Server SSL

certificate

--http_pkcs12=HTTP_PKCS12

PKCS#12 file containing the Apache Server SSL

certificate

--dirsrv_pin=DIRSRV_PIN

The password of the Directory Server PKCS#12 file

--http_pin=HTTP_PIN

The password of the Apache Server PKCS#12 file

--subject=SUBJECT   The certificate subject base (default O=)

--selfsign          Configure a self-signed CA instance rather than a

dogtag CA. WARNING: Certificate management

capabilities will be limited

DNS options:

--setup-dns         configure bind with our zone

--forwarder=FORWARDERS

Add a DNS forwarder

什么是DNS forwarder：http://technet.microsoft.com/zh-cn/ff622996.aspx

--no-forwarders     Do not add any DNS forwarders, use root servers

instead

--reverse-zone=REVERSE_ZONE

The reverse DNS zone to use

什么是reverse DNS zone：The Domain Name System (DNS) is a globally distributed Internet service. Among other services, it provides name-to-number (forward) and number-to-name (reverse) translations using defined client-server and server-server protocols. The DNS is a public service and any user is freely able to query the DNS system for forward or reverse translations.

http://www.apnic.net/apnic-info/whois_search/about-whois/what-is-in-whois/reverse-dns

--no-reverse        Do not create reverse DNS zone

--zonemgr=ZONEMGR   DNS zone manager e-mail address. Defaults to

hostmaster@DOMAIN

--no-persistent-search

Do not enable persistent search feature in the name

server

--zone-refresh=ZONE_REFRESH

When set to non-zero the name server will use DNS zone

detection based on polling instead of a persistent

search

--no-host-dns       Do not use DNS for hostname lookup during installation

--no-dns-sshfp      Do not automatically create DNS SSHFP records

--no-serial-autoincrement

Do not enable SOA serial autoincrement

uninstall options:

--uninstall         uninstall an existing installation. The uninstall can

be run with --unattended option