[web: 1/2] fixing numerous trac tickets and continuing content revisions; publishing docs for freeipa 2.1 relea
Ella Lackey
elladeon at fedoraproject.org
Mon Jul 25 21:37:23 UTC 2011
commit 509c5aadb120003352cde62f8d8e0d58b7dc8f33
Author: Deon Lackey <dlackey at redhat.com>
Date: Fri Jul 22 10:19:50 2011 -0400
fixing numerous trac tickets and continuing content revisions; publishing docs for freeipa 2.1 release
fedoradocs.db | Bin 532480 -> 532480 bytes
public_html/Sitemap | 8 +-
public_html/as-IN/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/as-IN/opds-Fedora_Core.xml | 2 +-
.../as-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/as-IN/opds.xml | 10 +-
public_html/bg-BG/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/bg-BG/opds-Fedora_Core.xml | 2 +-
.../bg-BG/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/bg-BG/opds.xml | 10 +-
public_html/bn-IN/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/bn-IN/opds-Fedora_Core.xml | 2 +-
.../bn-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/bn-IN/opds.xml | 10 +-
public_html/bs-BA/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/bs-BA/opds-Fedora_Core.xml | 2 +-
.../bs-BA/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/bs-BA/opds.xml | 10 +-
public_html/ca-ES/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ca-ES/opds-Fedora_Core.xml | 2 +-
.../ca-ES/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ca-ES/opds.xml | 10 +-
public_html/cs-CZ/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/cs-CZ/opds-Fedora_Core.xml | 2 +-
.../cs-CZ/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/cs-CZ/opds.xml | 10 +-
public_html/da-DK/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/da-DK/opds-Fedora_Core.xml | 2 +-
.../da-DK/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/da-DK/opds.xml | 10 +-
public_html/de-DE/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/de-DE/opds-Fedora_Core.xml | 2 +-
.../de-DE/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/de-DE/opds.xml | 10 +-
public_html/el-GR/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/el-GR/opds-Fedora_Core.xml | 2 +-
.../el-GR/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/el-GR/opds.xml | 10 +-
.../Fedora-15-FreeIPA_Guide-en-US.epub | Bin 1139094 -> 1157730 bytes
.../Fedora/15/html-single/FreeIPA_Guide/index.html | 1609 ++++++++++++++------
...Adding_DNS_Zones-Using_Dynamic_DNS_Updates.html | 6 +-
.../15/html/FreeIPA_Guide/Client_Problems.html | 2 +-
...Authentication-Refreshing_Kerberos_Tickets.html | 16 +-
...guring_Automount-Configuring_Indirect_Maps.html | 40 +
...g_Certificates_and_Certificate_Authorities.html | 45 +-
...-Activating_and_Deactivating_User_Accounts.html | 2 +-
.../Configuring_IPA_Users-Deleting_IPA_Users.html | 2 +-
...IPA_Users-Specifying_Default_User_Settings.html | 2 +-
...ring_Indirect_Maps-Configuring_Direct_Maps.html | 34 +
.../Configuring_Microsoft_Windows.html | 2 +-
...pals-Creating_and_Using_Service_Principals.html | 71 +-
...with_IPA-Using_a_Browser_on_Another_System.html | 2 +-
.../Configuring_an_IPA_Client_on_AIX.html | 2 +-
.../Configuring_an_IPA_Client_on_HP_UX.html | 2 +-
...onfiguring_an_IPA_Client_on_Macintosh_OS_X.html | 6 +-
.../Configuring_an_IPA_Client_on_Solaris.html | 2 +-
.../html/FreeIPA_Guide/Document_Conventions.html | 2 +-
...amePassword_Authentication_in_Your_Browser.html | 2 +-
...nding_the_Permissions_of_IPA_Managed_Hosts.html | 2 +-
...neral_Troubleshooting_Tips-Kerberos_Errors.html | 9 +-
.../Fedora/15/html/FreeIPA_Guide/Glossary.html | 6 +-
.../Installing_the_IPA_Client_on_Linux.html | 10 +-
.../Installing_the_IPA_Server_Packages.html | 2 +-
.../15/html/FreeIPA_Guide/Kerberos_Errors.html | 18 +
.../Managing-Unique_UID_and_GID_Attributes.html | 6 +-
.../Managing_DNS_Zones-Adding_DNS_Zones.html | 6 +-
...ging_DNS_Zones-Adding_Records_to_DNS_Zones.html | 28 +-
..._DNS_Zones-Deleting_Records_from_DNS_Zones.html | 6 +-
.../Migrating_from_a_Directory_Server_to_IPA.html | 28 +-
.../Fedora/15/html/FreeIPA_Guide/Preface.html | 2 +-
.../FreeIPA_Guide/Setting_up_IPA_Replicas.html | 12 +-
.../15/html/FreeIPA_Guide/Troubleshooting-UI.html | 2 +-
.../FreeIPA_Guide/Uninstalling_IPA_Servers.html | 2 +-
.../Fedora/15/html/FreeIPA_Guide/Using_OCSP.html | 44 +
.../15/html/FreeIPA_Guide/Working_with_DNS.html | 4 +-
.../15/html/FreeIPA_Guide/active-directory.html | 6 +-
.../15/html/FreeIPA_Guide/adding-host-entry.html | 2 +-
.../15/html/FreeIPA_Guide/adding-locations.html | 12 +
.../Fedora/15/html/FreeIPA_Guide/adding-users.html | 2 +-
.../en-US/Fedora/15/html/FreeIPA_Guide/authz.html | 6 +-
.../Fedora/15/html/FreeIPA_Guide/automount.html | 60 +-
.../Fedora/15/html/FreeIPA_Guide/basic-usage.html | 6 +-
.../15/html/FreeIPA_Guide/certmonger-tools.html | 11 +-
.../Fedora/15/html/FreeIPA_Guide/certmongerX.html | 2 +-
.../15/html/FreeIPA_Guide/changing-forwarder.html | 24 +
...anagement_Guide-Frequently_Asked_Questions.html | 30 +-
.../Fedora/15/html/FreeIPA_Guide/client-tools.html | 224 ++--
.../15/html/FreeIPA_Guide/config-browser.html | 2 +-
.../configuring-active-directory.html | 2 +-
.../html/FreeIPA_Guide/configuring-automount.html | 192 +--
.../15/html/FreeIPA_Guide/configuring-sudo.html | 2 +-
.../15/html/FreeIPA_Guide/creating-server.html | 154 +--
.../html/FreeIPA_Guide/disabling-anon-binds.html | 2 +-
.../Fedora/15/html/FreeIPA_Guide/dns-resolve.html | 6 +-
.../Fedora/15/html/FreeIPA_Guide/doc-history.html | 85 +-
.../15/html/FreeIPA_Guide/editing-users.html | 2 +-
.../Fedora/15/html/FreeIPA_Guide/enabling-dns.html | 6 +-
.../15/html/FreeIPA_Guide/enabling-zones.html | 6 +-
.../15/html/FreeIPA_Guide/enrolling-machines.html | 2 +-
.../Fedora/15/html/FreeIPA_Guide/feedback.html | 2 +-
.../15/html/FreeIPA_Guide/finding-dns-zones.html | 6 +-
.../en-US/Fedora/15/html/FreeIPA_Guide/hosts.html | 2 +-
.../en-US/Fedora/15/html/FreeIPA_Guide/index.html | 8 +-
.../15/html/FreeIPA_Guide/installing-ipa.html | 42 +-
.../Fedora/15/html/FreeIPA_Guide/ipa-apache.html | 6 +-
.../Fedora/15/html/FreeIPA_Guide/ipa-cluster.html | 14 +-
.../en-US/Fedora/15/html/FreeIPA_Guide/ix01.html | 4 +-
.../15/html/FreeIPA_Guide/kerb-policies.html | 35 +-
.../15/html/FreeIPA_Guide/kerberos-pwd-cache.html | 26 +
.../Fedora/15/html/FreeIPA_Guide/kerberos.html | 22 +-
.../Fedora/15/html/FreeIPA_Guide/logging-in.html | 2 +-
.../Fedora/15/html/FreeIPA_Guide/logging.html | 6 +-
.../15/html/FreeIPA_Guide/managing-clients.html | 6 +-
.../FreeIPA_Guide/manually-unconfig-machines.html | 2 +-
.../15/html/FreeIPA_Guide/migrintg-from-nis.html | 6 +-
.../15/html/FreeIPA_Guide/modifying-dns-zones.html | 6 +-
.../en-US/Fedora/15/html/FreeIPA_Guide/nis.html | 2 +-
.../15/html/FreeIPA_Guide/opening-the-web-ui.html | 2 +-
.../15/html/FreeIPA_Guide/promoting-replica.html | 6 +-
.../15/html/FreeIPA_Guide/renaming-machines.html | 2 +-
.../15/html/FreeIPA_Guide/rotating-keys.html | 19 +-
.../15/html/FreeIPA_Guide/search-limits.html | 2 +-
.../Fedora/15/html/FreeIPA_Guide/searching.html | 2 +-
...guring_the_Network_Information_Service_NIS.html | 2 +-
...ccess_Control_Policies-HBAC_Service_Groups.html | 2 +-
...ased_Access_Control_Policies-HBAC_Services.html | 2 +-
...to_IPA-Performing_a_Client_based_Migration.html | 16 +-
...to_IPA-Performing_a_Server_based_Migration.html | 20 +-
...-Prerequisites-Setting_up_Active_Directory.html | 2 +-
...ectory-Creating_Synchronization_Agreements.html | 2 +-
...ectory-Deleting_Synchronization_Agreements.html | 2 +-
...ctory-Modifying_Synchronization_Agreements.html | 2 +-
...ing_IPA_Servers-Winsync_Agreement_Failures.html | 2 +-
.../15/html/FreeIPA_Guide/server-config.html | 4 +-
.../Fedora/15/html/FreeIPA_Guide/server-tools.html | 644 ++++----
.../15/html/FreeIPA_Guide/setting-up-clients.html | 4 +-
.../en-US/Fedora/15/html/FreeIPA_Guide/sudo.html | 2 +-
.../15/html/FreeIPA_Guide/tools-reference.html | 110 +--
.../troubleshooting-client-install.html | 32 +
.../html/FreeIPA_Guide/uninstalling-clients.html | 8 +-
.../15/html/FreeIPA_Guide/upgrading-server.html | 6 +-
.../Fedora/15/html/FreeIPA_Guide/user-groups.html | 2 +-
.../15/html/FreeIPA_Guide/user-pwdpolicy.html | 2 +-
.../en-US/Fedora/15/html/FreeIPA_Guide/users.html | 2 +-
.../Fedora-15-FreeIPA_Guide-en-US.pdf | Bin 1322557 -> 1410983 bytes
public_html/en-US/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/en-US/opds-Fedora_Core.xml | 2 +-
.../en-US/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/en-US/opds.xml | 10 +-
public_html/es-ES/opds-Fedora.xml | 4 +-
public_html/es-ES/opds-Fedora_15.xml | 2 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/es-ES/opds-Fedora_Core.xml | 2 +-
.../es-ES/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/es-ES/opds.xml | 12 +-
public_html/fa-IR/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/fa-IR/opds-Fedora_Core.xml | 2 +-
.../fa-IR/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/fa-IR/opds.xml | 10 +-
public_html/fi-FI/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/fi-FI/opds-Fedora_Core.xml | 2 +-
.../fi-FI/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/fi-FI/opds.xml | 10 +-
public_html/fr-FR/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/fr-FR/opds-Fedora_Core.xml | 2 +-
.../fr-FR/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/fr-FR/opds.xml | 10 +-
public_html/gu-IN/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/gu-IN/opds-Fedora_Core.xml | 2 +-
.../gu-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/gu-IN/opds.xml | 10 +-
public_html/he-IL/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/he-IL/opds-Fedora_Core.xml | 2 +-
.../he-IL/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/he-IL/opds.xml | 10 +-
public_html/hi-IN/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/hi-IN/opds-Fedora_Core.xml | 2 +-
.../hi-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/hi-IN/opds.xml | 10 +-
public_html/hu-HU/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/hu-HU/opds-Fedora_Core.xml | 2 +-
.../hu-HU/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/hu-HU/opds.xml | 10 +-
public_html/id-ID/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/id-ID/opds-Fedora_Core.xml | 2 +-
.../id-ID/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/id-ID/opds.xml | 10 +-
public_html/it-IT/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/it-IT/opds-Fedora_Core.xml | 2 +-
.../it-IT/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/it-IT/opds.xml | 10 +-
public_html/ja-JP/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ja-JP/opds-Fedora_Core.xml | 2 +-
.../ja-JP/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ja-JP/opds.xml | 10 +-
public_html/kn-IN/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/kn-IN/opds-Fedora_Core.xml | 2 +-
.../kn-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/kn-IN/opds.xml | 10 +-
public_html/ko-KR/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ko-KR/opds-Fedora_Core.xml | 2 +-
.../ko-KR/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ko-KR/opds.xml | 10 +-
public_html/ml-IN/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ml-IN/opds-Fedora_Core.xml | 2 +-
.../ml-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ml-IN/opds.xml | 10 +-
public_html/mr-IN/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/mr-IN/opds-Fedora_Core.xml | 2 +-
.../mr-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/mr-IN/opds.xml | 10 +-
public_html/nb-NO/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/nb-NO/opds-Fedora_Core.xml | 2 +-
.../nb-NO/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/nb-NO/opds.xml | 10 +-
public_html/nl-NL/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/nl-NL/opds-Fedora_Core.xml | 2 +-
.../nl-NL/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/nl-NL/opds.xml | 10 +-
public_html/opds.xml | 86 +-
public_html/or-IN/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/or-IN/opds-Fedora_Core.xml | 2 +-
.../or-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/or-IN/opds.xml | 10 +-
public_html/pa-IN/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/pa-IN/opds-Fedora_Core.xml | 2 +-
.../pa-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/pa-IN/opds.xml | 10 +-
public_html/pl-PL/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/pl-PL/opds-Fedora_Core.xml | 2 +-
.../pl-PL/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/pl-PL/opds.xml | 10 +-
public_html/pt-BR/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/pt-BR/opds-Fedora_Core.xml | 2 +-
.../pt-BR/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/pt-BR/opds.xml | 10 +-
public_html/pt-PT/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/pt-PT/opds-Fedora_Core.xml | 2 +-
.../pt-PT/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/pt-PT/opds.xml | 10 +-
public_html/ru-RU/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ru-RU/opds-Fedora_Core.xml | 2 +-
.../ru-RU/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ru-RU/opds.xml | 10 +-
public_html/sk-SK/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/sk-SK/opds-Fedora_Core.xml | 2 +-
.../sk-SK/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/sk-SK/opds.xml | 10 +-
public_html/sr-Latn-RS/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/sr-Latn-RS/opds-Fedora_Core.xml | 2 +-
.../sr-Latn-RS/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/sr-Latn-RS/opds.xml | 10 +-
public_html/sr-RS/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/sr-RS/opds-Fedora_Core.xml | 2 +-
.../sr-RS/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/sr-RS/opds.xml | 10 +-
public_html/sv-SE/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/sv-SE/opds-Fedora_Core.xml | 2 +-
.../sv-SE/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/sv-SE/opds.xml | 10 +-
public_html/ta-IN/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/ta-IN/opds-Fedora_Core.xml | 2 +-
.../ta-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/ta-IN/opds.xml | 10 +-
public_html/te-IN/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/te-IN/opds-Fedora_Core.xml | 2 +-
.../te-IN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/te-IN/opds.xml | 10 +-
public_html/uk-UA/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/uk-UA/opds-Fedora_Core.xml | 2 +-
.../uk-UA/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/uk-UA/opds.xml | 10 +-
public_html/zh-CN/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/zh-CN/opds-Fedora_Core.xml | 2 +-
.../zh-CN/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/zh-CN/opds.xml | 10 +-
public_html/zh-TW/opds-Fedora.xml | 4 +-
.../opds-Fedora_Contributor_Documentation.xml | 2 +-
public_html/zh-TW/opds-Fedora_Core.xml | 2 +-
.../zh-TW/opds-Fedora_Draft_Documentation.xml | 2 +-
public_html/zh-TW/opds.xml | 10 +-
321 files changed, 2825 insertions(+), 2093 deletions(-)
---
diff --git a/fedoradocs.db b/fedoradocs.db
index 965a0d6..cb3e302 100644
Binary files a/fedoradocs.db and b/fedoradocs.db differ
diff --git a/public_html/Sitemap b/public_html/Sitemap
index 7330b5d..d92536d 100644
--- a/public_html/Sitemap
+++ b/public_html/Sitemap
@@ -1496,25 +1496,25 @@
</url>
<url>
<loc>http://docs.fedoraproject.org/en-US/Fedora/15/epub/FreeIPA_Guide/Fedora-15-FreeIPA_Guide-en-US.epub</loc>
- <lastmod>2011-07-16</lastmod>
+ <lastmod>2011-07-22</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
</url>
<url>
<loc>http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/index.html</loc>
- <lastmod>2011-07-16</lastmod>
+ <lastmod>2011-07-22</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
</url>
<url>
<loc>http://docs.fedoraproject.org/en-US/Fedora/15/html-single/FreeIPA_Guide/index.html</loc>
- <lastmod>2011-07-16</lastmod>
+ <lastmod>2011-07-22</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
</url>
<url>
<loc>http://docs.fedoraproject.org/en-US/Fedora/15/pdf/FreeIPA_Guide/Fedora-15-FreeIPA_Guide-en-US.pdf</loc>
- <lastmod>2011-07-16</lastmod>
+ <lastmod>2011-07-22</lastmod>
<changefreq>monthly</changefreq>
<priority>0.8</priority>
</url>
diff --git a/public_html/as-IN/opds-Fedora.xml b/public_html/as-IN/opds-Fedora.xml
index 6142022..1160be8 100644
--- a/public_html/as-IN/opds-Fedora.xml
+++ b/public_html/as-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/as-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:45:59</updated>
+ <updated>2011-07-22T14:16:17</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>as-IN</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/as-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/as-IN/opds-Fedora_Contributor_Documentation.xml
index a6085e5..5481d38 100644
--- a/public_html/as-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/as-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/as-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:45:59</updated>
+ <updated>2011-07-22T14:16:17</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/as-IN/opds-Fedora_Core.xml b/public_html/as-IN/opds-Fedora_Core.xml
index 648bf81..bbb9e65 100644
--- a/public_html/as-IN/opds-Fedora_Core.xml
+++ b/public_html/as-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/as-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:45:59</updated>
+ <updated>2011-07-22T14:16:18</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/as-IN/opds-Fedora_Draft_Documentation.xml b/public_html/as-IN/opds-Fedora_Draft_Documentation.xml
index 19a22c5..ddde6b9 100644
--- a/public_html/as-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/as-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/as-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:45:59</updated>
+ <updated>2011-07-22T14:16:18</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/as-IN/opds.xml b/public_html/as-IN/opds.xml
index d553c14..0d5a4eb 100644
--- a/public_html/as-IN/opds.xml
+++ b/public_html/as-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/as-IN/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:45:59</updated>
+ <updated>2011-07-22T14:16:18</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/as-IN/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:45:59</updated>
+ <updated>2011-07-22T14:16:17</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/as-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:45:59</updated>
+ <updated>2011-07-22T14:16:17</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/as-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:45:59</updated>
+ <updated>2011-07-22T14:16:18</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/as-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:45:59</updated>
+ <updated>2011-07-22T14:16:18</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/bg-BG/opds-Fedora.xml b/public_html/bg-BG/opds-Fedora.xml
index abb38f8..f18320b 100644
--- a/public_html/bg-BG/opds-Fedora.xml
+++ b/public_html/bg-BG/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bg-BG/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:18</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>bg-BG</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/bg-BG/opds-Fedora_Contributor_Documentation.xml b/public_html/bg-BG/opds-Fedora_Contributor_Documentation.xml
index c3eaca4..1b7151c 100644
--- a/public_html/bg-BG/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/bg-BG/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bg-BG/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:18</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bg-BG/opds-Fedora_Core.xml b/public_html/bg-BG/opds-Fedora_Core.xml
index f69eeeb..14a15a2 100644
--- a/public_html/bg-BG/opds-Fedora_Core.xml
+++ b/public_html/bg-BG/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bg-BG/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:18</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bg-BG/opds-Fedora_Draft_Documentation.xml b/public_html/bg-BG/opds-Fedora_Draft_Documentation.xml
index 717d8b5..e4552c6 100644
--- a/public_html/bg-BG/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/bg-BG/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bg-BG/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:18</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bg-BG/opds.xml b/public_html/bg-BG/opds.xml
index ec2f6c4..68bd7cd 100644
--- a/public_html/bg-BG/opds.xml
+++ b/public_html/bg-BG/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/bg-BG/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:19</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/bg-BG/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:18</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/bg-BG/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:18</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/bg-BG/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:18</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/bg-BG/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:18</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/bn-IN/opds-Fedora.xml b/public_html/bn-IN/opds-Fedora.xml
index a06a730..372d51b 100644
--- a/public_html/bn-IN/opds-Fedora.xml
+++ b/public_html/bn-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bn-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:19</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>bn-IN</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/bn-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/bn-IN/opds-Fedora_Contributor_Documentation.xml
index 2255f62..9ba4286 100644
--- a/public_html/bn-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/bn-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bn-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:19</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bn-IN/opds-Fedora_Core.xml b/public_html/bn-IN/opds-Fedora_Core.xml
index 4b66f96..8bc9ca0 100644
--- a/public_html/bn-IN/opds-Fedora_Core.xml
+++ b/public_html/bn-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bn-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:19</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bn-IN/opds-Fedora_Draft_Documentation.xml b/public_html/bn-IN/opds-Fedora_Draft_Documentation.xml
index 4a79d83..efd8f23 100644
--- a/public_html/bn-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/bn-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bn-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:19</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bn-IN/opds.xml b/public_html/bn-IN/opds.xml
index 806c9ef..e344295 100644
--- a/public_html/bn-IN/opds.xml
+++ b/public_html/bn-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/bn-IN/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:19</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/bn-IN/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:19</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/bn-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:19</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/bn-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:19</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/bn-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:19</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/bs-BA/opds-Fedora.xml b/public_html/bs-BA/opds-Fedora.xml
index 3c27bbe..fe980d5 100644
--- a/public_html/bs-BA/opds-Fedora.xml
+++ b/public_html/bs-BA/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bs-BA/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:19</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>bs-BA</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/bs-BA/opds-Fedora_Contributor_Documentation.xml b/public_html/bs-BA/opds-Fedora_Contributor_Documentation.xml
index 0c32db4..f83aa8a 100644
--- a/public_html/bs-BA/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/bs-BA/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bs-BA/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:19</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bs-BA/opds-Fedora_Core.xml b/public_html/bs-BA/opds-Fedora_Core.xml
index 7fbdbdd..c97cfb3 100644
--- a/public_html/bs-BA/opds-Fedora_Core.xml
+++ b/public_html/bs-BA/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bs-BA/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:19</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bs-BA/opds-Fedora_Draft_Documentation.xml b/public_html/bs-BA/opds-Fedora_Draft_Documentation.xml
index 00db1e1..fcb5808 100644
--- a/public_html/bs-BA/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/bs-BA/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/bs-BA/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:19</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/bs-BA/opds.xml b/public_html/bs-BA/opds.xml
index 5ce7bf5..ee4d969 100644
--- a/public_html/bs-BA/opds.xml
+++ b/public_html/bs-BA/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/bs-BA/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:19</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/bs-BA/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:19</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/bs-BA/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:19</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/bs-BA/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:19</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/bs-BA/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:19</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/ca-ES/opds-Fedora.xml b/public_html/ca-ES/opds-Fedora.xml
index 77c9800..d34d267 100644
--- a/public_html/ca-ES/opds-Fedora.xml
+++ b/public_html/ca-ES/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ca-ES/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:19</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>ca-ES</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/ca-ES/opds-Fedora_Contributor_Documentation.xml b/public_html/ca-ES/opds-Fedora_Contributor_Documentation.xml
index af650ed..e7cd086 100644
--- a/public_html/ca-ES/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ca-ES/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ca-ES/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:20</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ca-ES/opds-Fedora_Core.xml b/public_html/ca-ES/opds-Fedora_Core.xml
index 88b9de0..6d32405 100644
--- a/public_html/ca-ES/opds-Fedora_Core.xml
+++ b/public_html/ca-ES/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ca-ES/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:20</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ca-ES/opds-Fedora_Draft_Documentation.xml b/public_html/ca-ES/opds-Fedora_Draft_Documentation.xml
index 3bd50bb..187a243 100644
--- a/public_html/ca-ES/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ca-ES/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ca-ES/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:20</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ca-ES/opds.xml b/public_html/ca-ES/opds.xml
index 4f56a59..6235bb5 100644
--- a/public_html/ca-ES/opds.xml
+++ b/public_html/ca-ES/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ca-ES/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:20</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ca-ES/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:20</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/ca-ES/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:20</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ca-ES/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:20</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ca-ES/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:20</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/cs-CZ/opds-Fedora.xml b/public_html/cs-CZ/opds-Fedora.xml
index 0642d4b..c2c6f5f 100644
--- a/public_html/cs-CZ/opds-Fedora.xml
+++ b/public_html/cs-CZ/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/cs-CZ/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:20</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>cs-CZ</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/cs-CZ/opds-Fedora_Contributor_Documentation.xml b/public_html/cs-CZ/opds-Fedora_Contributor_Documentation.xml
index 3d7fe18..4cf56b7 100644
--- a/public_html/cs-CZ/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/cs-CZ/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/cs-CZ/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:20</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/cs-CZ/opds-Fedora_Core.xml b/public_html/cs-CZ/opds-Fedora_Core.xml
index 95680c4..1c4e344 100644
--- a/public_html/cs-CZ/opds-Fedora_Core.xml
+++ b/public_html/cs-CZ/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/cs-CZ/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:20</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/cs-CZ/opds-Fedora_Draft_Documentation.xml b/public_html/cs-CZ/opds-Fedora_Draft_Documentation.xml
index 7f47b22..317496a 100644
--- a/public_html/cs-CZ/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/cs-CZ/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/cs-CZ/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:20</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/cs-CZ/opds.xml b/public_html/cs-CZ/opds.xml
index d297374..4adbe2b 100644
--- a/public_html/cs-CZ/opds.xml
+++ b/public_html/cs-CZ/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/cs-CZ/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:20</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/cs-CZ/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:20</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/cs-CZ/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:20</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/cs-CZ/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:20</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/cs-CZ/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:20</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/da-DK/opds-Fedora.xml b/public_html/da-DK/opds-Fedora.xml
index 2fd7645..5f09190 100644
--- a/public_html/da-DK/opds-Fedora.xml
+++ b/public_html/da-DK/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/da-DK/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:20</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>da-DK</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/da-DK/opds-Fedora_Contributor_Documentation.xml b/public_html/da-DK/opds-Fedora_Contributor_Documentation.xml
index 937eec3..e849d93 100644
--- a/public_html/da-DK/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/da-DK/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/da-DK/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:20</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/da-DK/opds-Fedora_Core.xml b/public_html/da-DK/opds-Fedora_Core.xml
index 7a92a87..eeb458a 100644
--- a/public_html/da-DK/opds-Fedora_Core.xml
+++ b/public_html/da-DK/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/da-DK/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:21</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/da-DK/opds-Fedora_Draft_Documentation.xml b/public_html/da-DK/opds-Fedora_Draft_Documentation.xml
index eefcb1c..5472e33 100644
--- a/public_html/da-DK/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/da-DK/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/da-DK/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:21</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/da-DK/opds.xml b/public_html/da-DK/opds.xml
index 6b88d85..633b589 100644
--- a/public_html/da-DK/opds.xml
+++ b/public_html/da-DK/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/da-DK/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:21</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/da-DK/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:20</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/da-DK/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:20</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/da-DK/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:21</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/da-DK/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:21</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/de-DE/opds-Fedora.xml b/public_html/de-DE/opds-Fedora.xml
index acc0386..e549409 100644
--- a/public_html/de-DE/opds-Fedora.xml
+++ b/public_html/de-DE/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/de-DE/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:21</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>de-DE</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/de-DE/opds-Fedora_Contributor_Documentation.xml b/public_html/de-DE/opds-Fedora_Contributor_Documentation.xml
index 9c01d42..3bfe56d 100644
--- a/public_html/de-DE/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/de-DE/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/de-DE/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:21</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/de-DE/opds-Fedora_Core.xml b/public_html/de-DE/opds-Fedora_Core.xml
index b8e05e8..1e408a7 100644
--- a/public_html/de-DE/opds-Fedora_Core.xml
+++ b/public_html/de-DE/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/de-DE/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/de-DE/opds-Fedora_Draft_Documentation.xml b/public_html/de-DE/opds-Fedora_Draft_Documentation.xml
index 80cc4fd..3f768dc 100644
--- a/public_html/de-DE/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/de-DE/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/de-DE/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/de-DE/opds.xml b/public_html/de-DE/opds.xml
index aeb5260..e6dd810 100644
--- a/public_html/de-DE/opds.xml
+++ b/public_html/de-DE/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/de-DE/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:22</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/de-DE/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:21</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/de-DE/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:21</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/de-DE/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:22</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/de-DE/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:22</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/el-GR/opds-Fedora.xml b/public_html/el-GR/opds-Fedora.xml
index fcd96f1..23e461e 100644
--- a/public_html/el-GR/opds-Fedora.xml
+++ b/public_html/el-GR/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/el-GR/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:22</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>el-GR</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/el-GR/opds-Fedora_Contributor_Documentation.xml b/public_html/el-GR/opds-Fedora_Contributor_Documentation.xml
index f0679bf..c6b3843 100644
--- a/public_html/el-GR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/el-GR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/el-GR/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/el-GR/opds-Fedora_Core.xml b/public_html/el-GR/opds-Fedora_Core.xml
index 6683048..83b4174 100644
--- a/public_html/el-GR/opds-Fedora_Core.xml
+++ b/public_html/el-GR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/el-GR/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/el-GR/opds-Fedora_Draft_Documentation.xml b/public_html/el-GR/opds-Fedora_Draft_Documentation.xml
index 2e128e7..8f83820 100644
--- a/public_html/el-GR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/el-GR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/el-GR/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/el-GR/opds.xml b/public_html/el-GR/opds.xml
index 62c726d..2d35097 100644
--- a/public_html/el-GR/opds.xml
+++ b/public_html/el-GR/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/el-GR/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:22</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/el-GR/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:22</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/el-GR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:22</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/el-GR/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:22</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/el-GR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:22</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/en-US/Fedora/15/epub/FreeIPA_Guide/Fedora-15-FreeIPA_Guide-en-US.epub b/public_html/en-US/Fedora/15/epub/FreeIPA_Guide/Fedora-15-FreeIPA_Guide-en-US.epub
index f103af2..b48fdb7 100644
Binary files a/public_html/en-US/Fedora/15/epub/FreeIPA_Guide/Fedora-15-FreeIPA_Guide-en-US.epub and b/public_html/en-US/Fedora/15/epub/FreeIPA_Guide/Fedora-15-FreeIPA_Guide-en-US.epub differ
diff --git a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/index.html b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/index.html
index f5c2c33..194c812 100644
--- a/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/index.html
+++ b/public_html/en-US/Fedora/15/html-single/FreeIPA_Guide/index.html
@@ -1,16 +1,16 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>FreeIPA: Identity/Policy Management</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><meta name="description" content="Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and cl
ients. This guide is intended for IT and systems administrators." /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>FreeIPA: Identity/Policy Management</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><meta name="description" content="Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and cl
ients. This guide is intended for IT and systems administrators." /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><div xml:lang="en-US" class="book" id="id4796758" lang="en-US"><div class="titlepage"><div><div class="producttitle"><span class="productname">Fedora</span> <span class="productnumber">15</span></div><div><h1 id="id4796758" class="title">FreeIPA: Identity/Policy Management</h1></div><div><h2 class="subtitle">Managing Identity and Authorization Policies for Linux-Based Enterprise Networks</h2></div><p class="edition">Edition 0.1</p><div><h3 class="corpauthor">
+ </script></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><div xml:lang="en-US" class="book" id="id4661107" lang="en-US"><div class="titlepage"><div><div class="producttitle"><span class="productname">Fedora</span> <span class="productnumber">15</span></div><div><h1 id="id4661107" class="title">FreeIPA: Identity/Policy Management</h1></div><div><h2 class="subtitle">Managing Identity and Authorization Policies for Linux-Based Enterprise Networks</h2></div><p class="edition">Edition 2.1</p><div><h3 class="corpauthor">
<span class="inlinemediaobject"><object data="Common_Content/images/title_logo.svg" type="image/svg+xml"> </object></span>
- </h3></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Ella Deon</span> <span class="surname">Lackey</span></h3><code class="email"><a class="email" href="mailto:dlackey at redhat.com">dlackey at redhat.com</a></code></div></div></div><hr /><div><div id="id3365014" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class="para">
+ </h3></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Ella Deon</span> <span class="surname">Lackey</span></h3><code class="email"><a class="email" href="mailto:dlackey at redhat.com">dlackey at redhat.com</a></code></div></div></div><hr /><div><div id="id3031272" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class="para">
Copyright <span class="trademark"></span>© 2011 Red Hat.
</div><div class="para">
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at <a href="http://creativecommons.org/licenses/by-sa/3.0/">http://creativecommons.org/licenses/by-sa/3.0/</a>. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
@@ -26,7 +26,7 @@
All other trademarks are the property of their respective owners.
</div></div></div><div><div class="abstract"><h6>Abstract</h6><div class="para">
Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.
- </div></div></div></div><hr /></div><div class="toc"><dl><dt><span class="preface"><a href="#Preface">Preface</a></span></dt><dd><dl><dt><span class="section"><a href="#audience">1. Audience and Purpose</a></span></dt><dt><span class="section"><a href="#Document_Conventions">2. Examples and Formatting</a></span></dt><dd><dl><dt><span class="section"><a href="#bracketsexamples">2.1. Brackets</a></span></dt><dt><span class="section"><a href="#tool-locations">2.2. Client Tool Information</a></span></dt><dt><span class="section"><a href="#guide-formatting">2.3. Text Formatting and Styles</a></span></dt></dl></dd><dt><span class="section"><a href="#feedback">3. Giving Feedback</a></span></dt><dt><span class="section"><a href="#doc-history">4. Document Change History</a></span></dt></dl></dd><dt><span class="chapter"><a href="#installing-ipa">1. Installing a FreeIPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="#Preparing_for_an_IPA_Installation">1.1. Preparin
g to Install the FreeIPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="#Preparing_for_an_IPA_Installation-Hardware_Requirements">1.1.1. Hardware Requirements</a></span></dt><dt><span class="section"><a href="#Preparing_for_an_IPA_Installation-Software_Requirements">1.1.2. Software Requirements</a></span></dt><dt><span class="section"><a href="#prerequisites">1.1.3. System Prerequisites</a></span></dt></dl></dd><dt><span class="section"><a href="#Installing_the_IPA_Server_Packages">1.2. Installing the FreeIPA Server Packages</a></span></dt><dt><span class="section"><a href="#creating-server">1.3. Creating a FreeIPA Server Instance</a></span></dt><dd><dl><dt><span class="section"><a href="#install-command">1.3.1. About ipa-server-install</a></span></dt><dt><span class="section"><a href="#install-interactive">1.3.2. Setting up a FreeIPA Server: Basic Interactive Installation</a></span></dt><dt><span class="section"><a href="#install-examples">1.3.3. Examples
of Creating the FreeIPA Server</a></span></dt><dt><span class="section"><a href="#troubleshooting-install">1.3.4. Troubleshooting Installation Problems</a></span></dt></dl></dd><dt><span class="section"><a href="#Setting_up_IPA_Replicas">1.4. Setting up FreeIPA Replicas</a></span></dt><dd><dl><dt><span class="section"><a href="#installing-replica">1.4.1. Prepping and Installing the Replica Server</a></span></dt><dt><span class="section"><a href="#creating-the-replica">1.4.2. Creating the Replica</a></span></dt><dt><span class="section"><a href="#troubleshooting-replica-install">1.4.3. Troubleshooting Replica Installation</a></span></dt></dl></dd><dt><span class="section"><a href="#Uninstalling_IPA_Servers">1.5. Uninstalling FreeIPA Servers and Replicas</a></span></dt></dl></dd><dt><span class="chapter"><a href="#setting-up-clients">2. Setting up Systems as FreeIPA Clients</a></span></dt><dd><dl><dt><span class="section"><a href="#what-happens-clients">2.1. What Happens in Cl
ient Setup</a></span></dt><dt><span class="section"><a href="#Installing_the_IPA_Client_on_Linux">2.2. Configuring a Fedora System as a FreeIPA Client</a></span></dt><dt><span class="section"><a href="#Configuring_Microsoft_Windows">2.3. Configuring a Microsoft Windows System as a FreeIPA Client</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris">2.4. Configuring a Solaris System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris_10">2.4.1. Configuring Solaris 10</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_9">2.4.2. Configuring Solaris 9</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX">2.5. Configuring an HP-UX System as a FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_NTP">2.5.1. C
onfiguring NTP</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_LDAP_Authentication">2.5.2. Configuring LDAP Authentication</a></span></dt><dt><span class="section"><a href="#Configuring_Kerberos_and_PAM-Configuring_Kerberos">2.5.3. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="#Configuring_Kerberos_and_PAM-Configuring_PAM">2.5.4. Configuring PAM</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_SSH">2.5.5. Configuring SSH</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_Access_Control">2.5.6. Configuring Access Control</a></span></dt><dt><span class="section"><a href="#hp-test">2.5.7. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX">2.6. Configuring an AIX System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a h
ref="#Configuring_an_IPA_Client_on_AIX-Prerequisites">2.6.1. Prerequisites</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication">2.6.2. Configuring the AIX Client</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X">2.7. Configuring a Macintosh OS X System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication">2.7.1. Configuring Kerberos Authentication</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_LDAP_Authorization">2.7.2. Configuring LDAP Authorization</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_the_LDAP_Authorization_Options">2.7.3. Configuring the LDAP Authorization Options</a></span></dt><dt><span class="section"><a href="#Config
uring_an_IPA_Client_on_Macintosh_OS_X-Configuring_NTP">2.7.4. Configuring NTP</a></span></dt><dt><span class="section"><a href="#testing-config-on-mac">2.7.5. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#uninstalling-clients">2.8. Uninstalling a FreeIPA Client</a></span></dt></dl></dd><dt><span class="chapter"><a href="#basic-usage">3. Basic Usage</a></span></dt><dd><dl><dt><span class="section"><a href="#running-scripts">3.1. Running FreeIPA Tools</a></span></dt><dt><span class="section"><a href="#logging-in">3.2. Logging into FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="#logging-in-kinit">3.2.1. Logging into FreeIPA</a></span></dt><dt><span class="section"><a href="#switching-users">3.2.2. Logging in When an FreeIPA User Is Different Than the System User</a></span></dt><dt><span class="section"><a href="#checking-current-creds">3.2.3. Checking the Current Logged in User</a></span></dt></dl></dd><dt><span class=
"section"><a href="#opening-the-web-ui">3.3. Opening the FreeIPA Web UI</a></span></dt><dt><span class="section"><a href="#config-browser">3.4. Configuring the Browser</a></span></dt><dt><span class="section"><a href="#Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System">3.5. Using a Browser on Another System</a></span></dt><dt><span class="section"><a href="#Enabling_UsernamePassword_Authentication_in_Your_Browser">3.6. Enabling Username/Password Authentication in Your Browser</a></span></dt><dt><span class="section"><a href="#Troubleshooting-UI">3.7. Troubleshooting UI Connection Problems</a></span></dt></dl></dd><dt><span class="chapter"><a href="#users">4. Identity: Managing Users and User Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#home-directories">4.1. Setting up User Home Directories</a></span></dt><dd><dl><dt><span class="section"><a href="#homedir-reqs">4.1.1. About Home Directories</a></span></dt><dt><span class="section"
><a href="#homedir-pammod">4.1.2. Enabling the PAM Home Directory Module</a></span></dt><dt><span class="section"><a href="#automounting-home-dirs">4.1.3. Manually Automounting Home Directories</a></span></dt></dl></dd><dt><span class="section"><a href="#adding-users">4.2. Adding Users</a></span></dt><dt><span class="section"><a href="#editing-users">4.3. Editing Users</a></span></dt><dt><span class="section"><a href="#Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts">4.4. Activating and Deactivating User Accounts</a></span></dt><dd><dl><dt><span class="section"><a href="#Activating_and_Deactivating_User_Accounts-Using_the_Command_Line">4.4.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_IPA_Users-Specifying_Default_User_Settings">4.5. Specifying Default User Settings</a></span></dt><dt><span class="section"><a href="#search-limits">4.6. Setting Default Search Limits</a></span></dt><dt><span class="section"><a
href="#Configuring_IPA_Users-Deleting_IPA_Users">4.7. Deleting FreeIPA Users</a></span></dt><dd><dl><dt><span class="section"><a href="#Deleting_IPA_Users-Using_the_Command_Line">4.7.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="#user-groups">4.8. Creating User Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_IPA_Groups-Creating_IPA_Groups">4.8.1. Creating FreeIPA Groups</a></span></dt><dt><span class="section"><a href="#Configuring_IPA_Groups-Editing_IPA_Groups">4.8.2. Editing FreeIPA Groups</a></span></dt><dt><span class="section"><a href="#Configuring_IPA_Groups-Deleting_IPA_Groups">4.8.3. Deleting FreeIPA Groups</a></span></dt></dl></dd><dt><span class="section"><a href="#user-pwdpolicy">4.9. Setting an Individual Password Policy</a></span></dt><dd><dl><dt><span class="section"><a href="#The_IPA_Password_Policy-Changing_Passwords_as_the_Directory_Manager">4.9.1. Changing Passwords as the Directory Mana
ger</a></span></dt><dt><span class="section"><a href="#The_IPA_Password_Policy-Changing_Passwords_as_the_IPA_Administrator">4.9.2. Changing Passwords as the FreeIPA Administrator</a></span></dt><dt><span class="section"><a href="#The_IPA_Password_Policy-Changing_Passwords_as_a_Regular_User">4.9.3. Changing Passwords as a Regular User</a></span></dt><dt><span class="section"><a href="#The_IPA_Password_Policy-Editing_the_Password_Policy">4.9.4. Editing the Password Policy</a></span></dt><dt><span class="section"><a href="#The_IPA_Password_Policy-Setting_Different_Password_Policies_for_Different_User_Groups">4.9.5. Setting Different Password Policies for Different User Groups</a></span></dt><dt><span class="section"><a href="#The_IPA_Password_Policy-Password_Policy_Attributes">4.9.6. Password Policy Attributes</a></span></dt><dt><span class="section"><a href="#The_IPA_Password_Policy-Notifying_Users_of_Password_Expiration">4.9.7. Notifying Users of Password Expiration</a></span
></dt><dt><span class="section"><a href="#The_IPA_Password_Policy-Using_SSH_for_Password_Authentication">4.9.8. Using SSH for Password Authentication</a></span></dt><dt><span class="section"><a href="#The_IPA_Password_Policy-Using_Local_Logins">4.9.9. Using Local Logins</a></span></dt></dl></dd><dt><span class="section"><a href="#searching">4.10. Searching for Users and Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#Searching_for_Users_and_Groups-Searching_for_Users">4.10.1. Searching for Users</a></span></dt><dt><span class="section"><a href="#Searching_for_Users_and_Groups-Searching_for_Groups">4.10.2. Searching for Groups</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#hosts">5. Identity: Managing Hosts and Host Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#host-tools">5.1. A Summary of Host and Host Group Tools</a></span></dt><dt><span class="section"><a href="#adding-host-entry">5.2. Adding Host Entries</a></
span></dt><dt><span class="section"><a href="#Extending_the_Permissions_of_IPA_Managed_Hosts">5.3. Extending the Permissions of FreeIPA Managed Hosts</a></span></dt><dd><dl><dt><span class="section"><a href="#Delegating_Service_Management">5.3.1. Delegating Service Management</a></span></dt><dt><span class="section"><a href="#Delegating_Host_Management">5.3.2. Delegating Host Management</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#kerberos">6. Identity: Using FreeIPA for a Kerberos Domain</a></span></dt><dd><dl><dt><span class="section"><a href="#about-kerberos">6.1. About Kerberos</a></span></dt><dt><span class="section"><a href="#kerb-policies">6.2. Setting Kerberos Ticket Policies</a></span></dt><dt><span class="section"><a href="#Configuring_Service_Principals-Creating_and_Using_Service_Principals">6.3. Creating and Using Service Principals</a></span></dt><dd><dl><dt><span class="section"><a href="#Creating_Service_Principals_and_Certificates_fo
r_New_Services-Creating_an_IPA_Service">6.3.1. Creating a FreeIPA Service</a></span></dt><dt><span class="section"><a href="#Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server">6.3.2. Configuring an NFS Service Principal on the FreeIPA Server</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_Authentication-Refreshing_Kerberos_Tickets">6.4. Refreshing Kerberos Tickets</a></span></dt><dt><span class="section"><a href="#rotating-keys">6.5. Rotating Keys</a></span></dt><dt><span class="section"><a href="#General_Troubleshooting_Tips-Kerberos_Errors">6.6. Kerberos Errors</a></span></dt></dl></dd><dt><span class="chapter"><a href="#automount">7. Identity: Using Automount</a></span></dt><dd><dl><dt><span class="section"><a href="#about-automount">7.1. About Automount and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Known_Issues_with_Automount">
7.1.1. Known Issues with Automount</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Assumptions">7.1.2. Assumptions</a></span></dt></dl></dd><dt><span class="section"><a href="#configuring-automount">7.2. Configuring Automount</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_autofs_on_Linux">7.2.1. Configuring autofs on Linux</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Solaris_automount">7.2.2. Solaris automount</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_Indirect_Maps">7.2.3. Configuring Indirect Maps</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Links">7.2.4. Links</a></span></dt></dl></dd></dl></dd><dt><
span class="chapter"><a href="#active-directory">8. Identity: Integrating with Microsoft Active Directory</a></span></dt><dd><dl><dt><span class="section"><a href="#about-active-directory">8.1. About Active Directory, IPA, and Identity Management</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations">8.1.1. Domain Name Considerations</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory">8.2. Setting up Active Directory</a></span></dt><dt><span class="section"><a href="#configuring-active-directory">8.3. Configuring Active Directory Synchronization</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements">8.4. Creating Synchronization Agreements</a></span></dt><dt><span
class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements">8.5. Modifying Synchronization Agreements</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Changing_the_Default_Synchronization_Subtree">8.5.1. Changing the Default Synchronization Subtree</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements">8.6. Deleting Synchronization Agreements</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures">8.7. Winsync Agreement Failures</a></span></dt></dl></dd><dt><span class="chapter"><a href="#nis">9. Identity: Integrating with NIS Domains and Netgroups<
/a></span></dt><dd><dl><dt><span class="section"><a href="#about-nis">9.1. About NIS and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-What_are_Netgroups">9.1.1. What are Netgroups?</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-The_IPA_Approach_to_Netgroups">9.1.2. The IPA Approach to Netgroups</a></span></dt><dt><span class="section"><a href="#adding-netgroups">9.1.3. Adding Netgroups</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Netgroups-IPA_Netgroup_Commands">9.1.4. IPA Netgroup Commands</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS">9.2. Configuring the Network Information Service (NIS)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise
_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS-Exposing_Automount_Maps_to_NIS_Clients">9.2.1. Exposing Automount Maps to NIS Clients</a></span></dt></dl></dd><dt><span class="section"><a href="#migrintg-from-nis">9.3. Migrating from NIS to IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Preparing_Your_Environment">9.3.1. Preparing Your Environment</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Migrating_Netgroups">9.3.2. Migrating Netgroups</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#Working_with_DNS">10. Policy: Managing DNS</a></span></dt><dd><dl><dt><span class="section"><a href="#about-dns">10.1. About DNS in FreeIPA</a></span></dt><dt><span class="section"><a href="#enabling-dns">10.2. Configuring DNS</a></span></dt><dt><span class="section"><a href="#finding-dn
s-zones">10.3. Finding and Displaying DNS Zones</a></span></dt><dt><span class="section"><a href="#Managing_DNS_Zones-Adding_DNS_Zones">10.4. Adding DNS Zones</a></span></dt><dt><span class="section"><a href="#modifying-dns-zones">10.5. Modifying DNS Zones</a></span></dt><dt><span class="section"><a href="#Adding_DNS_Zones-Using_Dynamic_DNS_Updates">10.6. Enabling Dynamic DNS Updates</a></span></dt><dt><span class="section"><a href="#enabling-zones">10.7. Enabling and Disabling Zones</a></span></dt><dt><span class="section"><a href="#Managing_DNS_Zones-Adding_Records_to_DNS_Zones">10.8. Adding Records to DNS Zones</a></span></dt><dt><span class="section"><a href="#Managing_DNS_Zones-Deleting_Records_from_DNS_Zones">10.9. Deleting Records from DNS Zones</a></span></dt><dt><span class="section"><a href="#dns-resolve">10.10. Resolving Hostnames in the FreeIPA Domain</a></span></dt></dl></dd><dt><span class="chapter"><a href="#authz">11. Policy: Configuring Authorization</a></sp
an></dt><dd><dl><dt><span class="section"><a href="#configuring-host-access">11.1. Configuring Host-Based Access Control</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups">11.2. HBAC Service Groups</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services">11.3. HBAC Services</a></span></dt></dl></dd><dt><span class="chapter"><a href="#sudo">12. Policy: Using sudo</a></span></dt><dd><dl><dt><span class="section"><a href="#about-sudo">12.1. About sudo and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Introduction-Sudo_with_LDAP">12.1.1. Sudo with LDAP</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Introduction-Limitations_of_the_Existing_Sudo_LDAP_Schema">12.1.2. Limitations of the Existing Sud
o LDAP Schema</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Introduction-Benefits_of_the_IPA_Alternative_Schema">12.1.3. Benefits of the IPA Alternative Schema</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Introduction-Compatibility_and_Managed_Entry_Plug_in_Configuration">12.1.4. Compatibility and Managed Entry Plug-in Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#configuring-sudo">12.2. Configuring sudo</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Server_Configuration_for_Sudo_Rules">12.2.1. Server Configuration for Sudo Rules</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Client_Configuration_for_Sudo_Rules">12.2.2. Client Configuration for Sudo Rules</a></span></dt></dl></dd></dl></dd><dt><span class="chapt
er"><a href="#server-config">13. Configuring the FreeIPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="#managing-access-to-ipa">13.1. Defining Access Controls within FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="#Server_side_Access_Control">13.1.1. Server-side Access Control</a></span></dt><dt><span class="section"><a href="#creating-roles">13.1.2. Creating Roles</a></span></dt><dt><span class="section"><a href="#self-service">13.1.3. Defining Self-Service Settings</a></span></dt></dl></dd><dt><span class="section"><a href="#disabling-anon-binds">13.2. Disabling Anonymous Binds</a></span></dt><dt><span class="section"><a href="#Managing-Unique_UID_and_GID_Attributes">13.3. Managing Unique UID and GID Number Assignments</a></span></dt><dd><dl><dt><span class="section"><a href="#id-ranges-at-install">13.3.1. About ID Range Assignments During Installation</a></span></dt><dt><span class="section"><a href="#Assigning_UIDs_and_GIDs-Adding_New
_Ranges">13.3.2. Adding New Ranges</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_Certificates_and_Certificate_Authorities">13.4. Configuring Certificates and Certificate Authorities</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_Certificates_and_Certificate_Authorities-Installing_Your_Own_Certificate">13.4.1. Installing Your Own Certificate</a></span></dt><dt><span class="section"><a href="#Configuring_Certificates_and_Certificate_Authorities-Using_Your_Own_Certificate_with_Firefox">13.4.2. Using Your Own Certificate with Firefox</a></span></dt><dt><span class="section"><a href="#Using_OCSP">13.4.3. Using OCSP</a></span></dt></dl></dd><dt><span class="section"><a href="#ipa-apache">13.5. Setting a FreeIPA Server as an Apache Virtual Host</a></span></dt><dt><span class="section"><a href="#ipa-cluster">13.6. Using FreeIPA in a Cluster</a></span></dt><dd><dl><dt><span class="section"><a href="#Implementing_IPA_in_a_Clustered_En
vironment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment">13.6.1. Configuring Kerberos Credentials for a Clustered Environment</a></span></dt><dt><span class="section"><a href="#Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services">13.6.2. Using the Same Service Principal for Multiple Services</a></span></dt></dl></dd><dt><span class="section"><a href="#logging">13.7. FreeIPA Server Logging</a></span></dt><dt><span class="section"><a href="#promoting-replica">13.8. Promoting a Read-Only Replica to a FreeIPA Server</a></span></dt><dt><span class="section"><a href="#upgrading-server">13.9. Testing Before Upgrading the FreeIPA Server</a></span></dt></dl></dd><dt><span class="chapter"><a href="#managing-clients">14. Managing Client Machines in the FreeIPA Domain</a></span></dt><dd><dl><dt><span class="section"><a href="#about-machine-auth">14.1. About Machine Identity and Authentication</a></span></dt><dt><span class="s
ection"><a href="#enrolling-machines">14.2. Enrolling Clients Manually</a></span></dt><dd><dl><dt><span class="section"><a href="#Enrollment_with_Separation_of_Duties">14.2.1. Performing a Split Enrollment</a></span></dt><dt><span class="section"><a href="#bulk-enrollment">14.2.2. Performing a Bulk or Kickstart Enrollment</a></span></dt></dl></dd><dt><span class="section"><a href="#renaming-machines">14.3. Renaming Machines and Reconfiguring FreeIPA Client Configuration</a></span></dt><dt><span class="section"><a href="#manually-unconfig-machines">14.4. Manually Unconfiguring Client Machines</a></span></dt><dt><span class="section"><a href="#Client_Problems">14.5. Debugging Client Connection Problems</a></span></dt><dt><span class="section"><a href="#certmongerX">14.6. Working with certmonger</a></span></dt><dd><dl><dt><span class="section"><a href="#certmonger-req">14.6.1. Requesting a Certificate with certmonger</a></span></dt><dt><span class="section"><a href="#Working_wi
th_certmonger-Using_certmonger_with_NSS">14.6.2. Storing Certificates in NSS Databases</a></span></dt><dt><span class="section"><a href="#certmonger-tracking-certs">14.6.3. Tracking Certificates with certmonger</a></span></dt></dl></dd></dl></dd><dt><span class="appendix"><a href="#chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions">A. Frequently Asked Questions</a></span></dt><dt><span class="appendix"><a href="#Migrating_from_a_Directory_Server_to_IPA">B. Migrating from a Directory Server to IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview">B.1. Overview</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Assumptions">B.1.1. Assumptions</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues">B.1.2. Known Issues</a></span></dt><dt><span
class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios">B.1.3. Possible Scenarios</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States">B.1.4. Initial and Final States</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps">B.1.5. Recommended Sequence of Steps</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details">B.1.6. Implementation Details</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration">B.2. Performing a Server-based Migration</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Ex
isting_Data_to_IPA">B.2.1. Phase 1: Migrating Existing Data to IPA</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration">B.2.2. Phase 2: Updating the Client Configuration</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">B.2.3. Phase 3: Installing and Configuring SSSD</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users">B.2.4. Phase 4: Migrating Users</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS">B.2.5. Phase 5: Decommission the DS</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide
-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration">B.3. Performing a Client-based Migration</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_Configuring_SSSD">B.3.1. Phase 1: Installing and Configuring SSSD</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA">B.3.2. Phase 2: Migrating Existing Data to IPA</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA">B.3.3. Phase 3: Migrate SSSD Clients from LDAP to IPA</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients">B.3.4. Phase 4: Reconfigure no
n-SSSD Clients</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server">B.3.5. Phase 5: Decommission the Directory Server</a></span></dt></dl></dd></dl></dd><dt><span class="glossary"><a href="#Glossary">Glossary</a></span></dt><dt><span class="index"><a href="#id3249495">Index</a></span></dt></dl></div><div xml:lang="en-US" class="preface" id="Preface" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Preface</h1></div></div></div><div class="para">
+ </div></div></div></div><hr /></div><div class="toc"><dl><dt><span class="preface"><a href="#Preface">Preface</a></span></dt><dd><dl><dt><span class="section"><a href="#audience">1. Audience and Purpose</a></span></dt><dt><span class="section"><a href="#Document_Conventions">2. Examples and Formatting</a></span></dt><dd><dl><dt><span class="section"><a href="#bracketsexamples">2.1. Brackets</a></span></dt><dt><span class="section"><a href="#tool-locations">2.2. Client Tool Information</a></span></dt><dt><span class="section"><a href="#guide-formatting">2.3. Text Formatting and Styles</a></span></dt></dl></dd><dt><span class="section"><a href="#feedback">3. Giving Feedback</a></span></dt><dt><span class="section"><a href="#doc-history">4. Document Change History</a></span></dt></dl></dd><dt><span class="chapter"><a href="#installing-ipa">1. Installing a FreeIPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="#Preparing_for_an_IPA_Installation">1.1. Preparin
g to Install the FreeIPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="#Preparing_for_an_IPA_Installation-Hardware_Requirements">1.1.1. Hardware Requirements</a></span></dt><dt><span class="section"><a href="#Preparing_for_an_IPA_Installation-Software_Requirements">1.1.2. Software Requirements</a></span></dt><dt><span class="section"><a href="#prerequisites">1.1.3. System Prerequisites</a></span></dt></dl></dd><dt><span class="section"><a href="#Installing_the_IPA_Server_Packages">1.2. Installing the FreeIPA Server Packages</a></span></dt><dt><span class="section"><a href="#creating-server">1.3. Creating a FreeIPA Server Instance</a></span></dt><dd><dl><dt><span class="section"><a href="#install-command">1.3.1. About ipa-server-install</a></span></dt><dt><span class="section"><a href="#install-interactive">1.3.2. Setting up a FreeIPA Server: Basic Interactive Installation</a></span></dt><dt><span class="section"><a href="#install-examples">1.3.3. Examples
of Creating the FreeIPA Server</a></span></dt><dt><span class="section"><a href="#troubleshooting-install">1.3.4. Troubleshooting Installation Problems</a></span></dt></dl></dd><dt><span class="section"><a href="#Setting_up_IPA_Replicas">1.4. Setting up FreeIPA Replicas</a></span></dt><dd><dl><dt><span class="section"><a href="#installing-replica">1.4.1. Prepping and Installing the Replica Server</a></span></dt><dt><span class="section"><a href="#creating-the-replica">1.4.2. Creating the Replica</a></span></dt><dt><span class="section"><a href="#troubleshooting-replica-install">1.4.3. Troubleshooting Replica Installation</a></span></dt></dl></dd><dt><span class="section"><a href="#Uninstalling_IPA_Servers">1.5. Uninstalling FreeIPA Servers and Replicas</a></span></dt></dl></dd><dt><span class="chapter"><a href="#setting-up-clients">2. Setting up Systems as FreeIPA Clients</a></span></dt><dd><dl><dt><span class="section"><a href="#what-happens-clients">2.1. What Happens in Cl
ient Setup</a></span></dt><dt><span class="section"><a href="#Installing_the_IPA_Client_on_Linux">2.2. Configuring a Fedora System as a FreeIPA Client</a></span></dt><dt><span class="section"><a href="#Configuring_Microsoft_Windows">2.3. Configuring a Microsoft Windows System as a FreeIPA Client</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris">2.4. Configuring a Solaris System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris_10">2.4.1. Configuring Solaris 10</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_9">2.4.2. Configuring Solaris 9</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX">2.5. Configuring an HP-UX System as a FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_NTP">2.5.1. C
onfiguring NTP</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_LDAP_Authentication">2.5.2. Configuring LDAP Authentication</a></span></dt><dt><span class="section"><a href="#Configuring_Kerberos_and_PAM-Configuring_Kerberos">2.5.3. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="#Configuring_Kerberos_and_PAM-Configuring_PAM">2.5.4. Configuring PAM</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_SSH">2.5.5. Configuring SSH</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_Access_Control">2.5.6. Configuring Access Control</a></span></dt><dt><span class="section"><a href="#hp-test">2.5.7. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX">2.6. Configuring an AIX System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a h
ref="#Configuring_an_IPA_Client_on_AIX-Prerequisites">2.6.1. Prerequisites</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication">2.6.2. Configuring the AIX Client</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X">2.7. Configuring a Macintosh OS X System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication">2.7.1. Configuring Kerberos Authentication</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_LDAP_Authorization">2.7.2. Configuring LDAP Authorization</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_the_LDAP_Authorization_Options">2.7.3. Configuring the LDAP Authorization Options</a></span></dt><dt><span class="section"><a href="#Config
uring_an_IPA_Client_on_Macintosh_OS_X-Configuring_NTP">2.7.4. Configuring NTP</a></span></dt><dt><span class="section"><a href="#testing-config-on-mac">2.7.5. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#troubleshooting-client-install">2.8. Troubleshooting Client Installations</a></span></dt><dt><span class="section"><a href="#uninstalling-clients">2.9. Uninstalling a FreeIPA Client</a></span></dt></dl></dd><dt><span class="chapter"><a href="#basic-usage">3. Basic Usage</a></span></dt><dd><dl><dt><span class="section"><a href="#running-scripts">3.1. Running FreeIPA Tools</a></span></dt><dt><span class="section"><a href="#logging-in">3.2. Logging into FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="#logging-in-kinit">3.2.1. Logging into FreeIPA</a></span></dt><dt><span class="section"><a href="#switching-users">3.2.2. Logging in When an FreeIPA User Is Different Than the System User</a></span></dt><dt><span class="se
ction"><a href="#checking-current-creds">3.2.3. Checking the Current Logged in User</a></span></dt></dl></dd><dt><span class="section"><a href="#opening-the-web-ui">3.3. Opening the FreeIPA Web UI</a></span></dt><dt><span class="section"><a href="#config-browser">3.4. Configuring the Browser</a></span></dt><dt><span class="section"><a href="#Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System">3.5. Using a Browser on Another System</a></span></dt><dt><span class="section"><a href="#Enabling_UsernamePassword_Authentication_in_Your_Browser">3.6. Enabling Username/Password Authentication in Your Browser</a></span></dt><dt><span class="section"><a href="#Troubleshooting-UI">3.7. Troubleshooting UI Connection Problems</a></span></dt></dl></dd><dt><span class="chapter"><a href="#users">4. Identity: Managing Users and User Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#home-directories">4.1. Setting up User Home Directories</a></span></dt><dd
><dl><dt><span class="section"><a href="#homedir-reqs">4.1.1. About Home Directories</a></span></dt><dt><span class="section"><a href="#homedir-pammod">4.1.2. Enabling the PAM Home Directory Module</a></span></dt><dt><span class="section"><a href="#automounting-home-dirs">4.1.3. Manually Automounting Home Directories</a></span></dt></dl></dd><dt><span class="section"><a href="#adding-users">4.2. Adding Users</a></span></dt><dt><span class="section"><a href="#editing-users">4.3. Editing Users</a></span></dt><dt><span class="section"><a href="#Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts">4.4. Activating and Deactivating User Accounts</a></span></dt><dd><dl><dt><span class="section"><a href="#Activating_and_Deactivating_User_Accounts-Using_the_Command_Line">4.4.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_IPA_Users-Specifying_Default_User_Settings">4.5. Specifying Default User Settings</a></span></dt><dt>
<span class="section"><a href="#search-limits">4.6. Setting Default Search Limits</a></span></dt><dt><span class="section"><a href="#Configuring_IPA_Users-Deleting_IPA_Users">4.7. Deleting FreeIPA Users</a></span></dt><dd><dl><dt><span class="section"><a href="#Deleting_IPA_Users-Using_the_Command_Line">4.7.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="#user-groups">4.8. Creating User Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_IPA_Groups-Creating_IPA_Groups">4.8.1. Creating FreeIPA Groups</a></span></dt><dt><span class="section"><a href="#Configuring_IPA_Groups-Editing_IPA_Groups">4.8.2. Editing FreeIPA Groups</a></span></dt><dt><span class="section"><a href="#Configuring_IPA_Groups-Deleting_IPA_Groups">4.8.3. Deleting FreeIPA Groups</a></span></dt></dl></dd><dt><span class="section"><a href="#user-pwdpolicy">4.9. Setting an Individual Password Policy</a></span></dt><dd><dl><dt><span class="section"><
a href="#The_IPA_Password_Policy-Changing_Passwords_as_the_Directory_Manager">4.9.1. Changing Passwords as the Directory Manager</a></span></dt><dt><span class="section"><a href="#The_IPA_Password_Policy-Changing_Passwords_as_the_IPA_Administrator">4.9.2. Changing Passwords as the FreeIPA Administrator</a></span></dt><dt><span class="section"><a href="#The_IPA_Password_Policy-Changing_Passwords_as_a_Regular_User">4.9.3. Changing Passwords as a Regular User</a></span></dt><dt><span class="section"><a href="#The_IPA_Password_Policy-Editing_the_Password_Policy">4.9.4. Editing the Password Policy</a></span></dt><dt><span class="section"><a href="#The_IPA_Password_Policy-Setting_Different_Password_Policies_for_Different_User_Groups">4.9.5. Setting Different Password Policies for Different User Groups</a></span></dt><dt><span class="section"><a href="#The_IPA_Password_Policy-Password_Policy_Attributes">4.9.6. Password Policy Attributes</a></span></dt><dt><span class="section"><a h
ref="#The_IPA_Password_Policy-Notifying_Users_of_Password_Expiration">4.9.7. Notifying Users of Password Expiration</a></span></dt><dt><span class="section"><a href="#The_IPA_Password_Policy-Using_SSH_for_Password_Authentication">4.9.8. Using SSH for Password Authentication</a></span></dt><dt><span class="section"><a href="#The_IPA_Password_Policy-Using_Local_Logins">4.9.9. Using Local Logins</a></span></dt></dl></dd><dt><span class="section"><a href="#searching">4.10. Searching for Users and Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#Searching_for_Users_and_Groups-Searching_for_Users">4.10.1. Searching for Users</a></span></dt><dt><span class="section"><a href="#Searching_for_Users_and_Groups-Searching_for_Groups">4.10.2. Searching for Groups</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#hosts">5. Identity: Managing Hosts and Host Groups</a></span></dt><dd><dl><dt><span class="section"><a href="#host-tools">5.1. A Summary of H
ost and Host Group Tools</a></span></dt><dt><span class="section"><a href="#adding-host-entry">5.2. Adding Host Entries</a></span></dt><dt><span class="section"><a href="#Extending_the_Permissions_of_IPA_Managed_Hosts">5.3. Extending the Permissions of FreeIPA Managed Hosts</a></span></dt><dd><dl><dt><span class="section"><a href="#Delegating_Service_Management">5.3.1. Delegating Service Management</a></span></dt><dt><span class="section"><a href="#Delegating_Host_Management">5.3.2. Delegating Host Management</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#kerberos">6. Identity: Using FreeIPA for a Kerberos Domain</a></span></dt><dd><dl><dt><span class="section"><a href="#about-kerberos">6.1. About Kerberos</a></span></dt><dt><span class="section"><a href="#kerb-policies">6.2. Setting Kerberos Ticket Policies</a></span></dt><dd><dl><dt><span class="section"><a href="#kerb-policies-global">6.2.1. Setting Global Ticket Policies</a></span></dt><dt><span c
lass="section"><a href="#user-ticket-policies">6.2.2. Setting User-Level Ticket Policies</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_Service_Principals-Creating_and_Using_Service_Principals">6.3. Creating and Using Service Principals</a></span></dt><dd><dl><dt><span class="section"><a href="#Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service">6.3.1. Creating a FreeIPA Service</a></span></dt><dt><span class="section"><a href="#Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server">6.3.2. Configuring an NFS Service Principal on the FreeIPA Server</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_Authentication-Refreshing_Kerberos_Tickets">6.4. Refreshing Kerberos Tickets</a></span></dt><dt><span class="section"><a href="#rotating-keys">6.5. Rotating Keys</a></span></dt><dt><span class="section"><a href="#kerberos-pwd-cache">6.6. Caching Kerberos Passwords</a><
/span></dt><dt><span class="section"><a href="#Kerberos_Errors">6.7. Troubleshooting Kerberos Errors</a></span></dt></dl></dd><dt><span class="chapter"><a href="#automount">7. Identity: Using Automount</a></span></dt><dd><dl><dt><span class="section"><a href="#about-automount">7.1. About Automount and FreeIPA</a></span></dt><dt><span class="section"><a href="#configuring-automount">7.2. Configuring Automount</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_Automount-Configuring_autofs_on_Linux">7.2.1. Configuring autofs on Fedora</a></span></dt><dt><span class="section"><a href="#Configuring_Automount-Solaris_automount">7.2.2. Configuring Automount on Solaris</a></span></dt></dl></dd><dt><span class="section"><a href="#adding-locations">7.3. Configuring Locations</a></span></dt><dt><span class="section"><a href="#Configuring_Automount-Configuring_Indirect_Maps">7.4. Configuring Indirect Maps</a></span></dt><dt><span class="section"><a href="#Configuring
_Indirect_Maps-Configuring_Direct_Maps">7.5. Configuring Direct Maps</a></span></dt></dl></dd><dt><span class="chapter"><a href="#active-directory">8. Identity: Integrating with Microsoft Active Directory</a></span></dt><dd><dl><dt><span class="section"><a href="#about-active-directory">8.1. About Active Directory, IPA, and Identity Management</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations">8.1.1. Domain Name Considerations</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory">8.2. Setting up Active Directory</a></span></dt><dt><span class="section"><a href="#configuring-active-directory">8.3. Configuring Active Directory Synchronization</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Cre
ating_Synchronization_Agreements">8.4. Creating Synchronization Agreements</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements">8.5. Modifying Synchronization Agreements</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Changing_the_Default_Synchronization_Subtree">8.5.1. Changing the Default Synchronization Subtree</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements">8.6. Deleting Synchronization Agreements</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures">8.7. Winsync Agreement Failures</a></span></dt></dl></d
d><dt><span class="chapter"><a href="#nis">9. Identity: Integrating with NIS Domains and Netgroups</a></span></dt><dd><dl><dt><span class="section"><a href="#about-nis">9.1. About NIS and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-What_are_Netgroups">9.1.1. What are Netgroups?</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-The_IPA_Approach_to_Netgroups">9.1.2. The IPA Approach to Netgroups</a></span></dt><dt><span class="section"><a href="#adding-netgroups">9.1.3. Adding Netgroups</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Netgroups-IPA_Netgroup_Commands">9.1.4. IPA Netgroup Commands</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS">9.2. Configuring the Network I
nformation Service (NIS)</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS-Exposing_Automount_Maps_to_NIS_Clients">9.2.1. Exposing Automount Maps to NIS Clients</a></span></dt></dl></dd><dt><span class="section"><a href="#migrintg-from-nis">9.3. Migrating from NIS to IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Preparing_Your_Environment">9.3.1. Preparing Your Environment</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Migrating_Netgroups">9.3.2. Migrating Netgroups</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#Working_with_DNS">10. Identity: Managing DNS</a></span></dt><dd><dl><dt><span class="section"><a href="#about-dns">10.1. About DNS in FreeIPA</a></span></dt><dt><span class="section"><a hre
f="#enabling-dns">10.2. Configuring DNS</a></span></dt><dt><span class="section"><a href="#changing-forwarder">10.3. Changing Recursive Queries Against Forwarders</a></span></dt><dt><span class="section"><a href="#finding-dns-zones">10.4. Finding and Displaying DNS Zones</a></span></dt><dt><span class="section"><a href="#Managing_DNS_Zones-Adding_DNS_Zones">10.5. Adding DNS Zones</a></span></dt><dt><span class="section"><a href="#modifying-dns-zones">10.6. Modifying DNS Zones</a></span></dt><dt><span class="section"><a href="#Adding_DNS_Zones-Using_Dynamic_DNS_Updates">10.7. Enabling Dynamic DNS Updates</a></span></dt><dt><span class="section"><a href="#enabling-zones">10.8. Enabling and Disabling Zones</a></span></dt><dt><span class="section"><a href="#Managing_DNS_Zones-Adding_Records_to_DNS_Zones">10.9. Adding Records to DNS Zones</a></span></dt><dt><span class="section"><a href="#Managing_DNS_Zones-Deleting_Records_from_DNS_Zones">10.10. Deleting Records from DNS Zones</
a></span></dt><dt><span class="section"><a href="#dns-resolve">10.11. Resolving Hostnames in the FreeIPA Domain</a></span></dt></dl></dd><dt><span class="chapter"><a href="#authz">11. Policy: Configuring Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="#configuring-host-access">11.1. Configuring Host-Based Access Control</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups">11.2. HBAC Service Groups</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services">11.3. HBAC Services</a></span></dt></dl></dd><dt><span class="chapter"><a href="#sudo">12. Policy: Using sudo</a></span></dt><dd><dl><dt><span class="section"><a href="#about-sudo">12.1. About sudo and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Introduction-Sudo_
with_LDAP">12.1.1. Sudo with LDAP</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Introduction-Limitations_of_the_Existing_Sudo_LDAP_Schema">12.1.2. Limitations of the Existing Sudo LDAP Schema</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Introduction-Benefits_of_the_IPA_Alternative_Schema">12.1.3. Benefits of the IPA Alternative Schema</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Introduction-Compatibility_and_Managed_Entry_Plug_in_Configuration">12.1.4. Compatibility and Managed Entry Plug-in Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#configuring-sudo">12.2. Configuring sudo</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Server_Configuration_for_Sudo_Rules">12.2.1. Server Configuration for Sudo Rules</a></span></dt><dt><span cla
ss="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Client_Configuration_for_Sudo_Rules">12.2.2. Client Configuration for Sudo Rules</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="#server-config">13. Configuring the FreeIPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="#managing-access-to-ipa">13.1. Defining Access Controls within FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="#Server_side_Access_Control">13.1.1. Server-side Access Control</a></span></dt><dt><span class="section"><a href="#creating-roles">13.1.2. Creating Roles</a></span></dt><dt><span class="section"><a href="#self-service">13.1.3. Defining Self-Service Settings</a></span></dt></dl></dd><dt><span class="section"><a href="#disabling-anon-binds">13.2. Disabling Anonymous Binds</a></span></dt><dt><span class="section"><a href="#Managing-Unique_UID_and_GID_Attributes">13.3. Managing Unique UID and GID Number Assignme
nts</a></span></dt><dd><dl><dt><span class="section"><a href="#id-ranges-at-install">13.3.1. About ID Range Assignments During Installation</a></span></dt><dt><span class="section"><a href="#Assigning_UIDs_and_GIDs-Adding_New_Ranges">13.3.2. Adding New Ranges</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_Certificates_and_Certificate_Authorities">13.4. Configuring Alternate Certificate Authorities</a></span></dt><dt><span class="section"><a href="#Using_OCSP">13.5. Configuring OCSP Responders</a></span></dt><dd><dl><dt><span class="section"><a href="#ocsp-interval">13.5.1. Changing the CRL Update Interval</a></span></dt><dt><span class="section"><a href="#ocsp-location">13.5.2. Changing the OCSP Responder Location</a></span></dt></dl></dd><dt><span class="section"><a href="#ipa-apache">13.6. Setting a FreeIPA Server as an Apache Virtual Host</a></span></dt><dt><span class="section"><a href="#ipa-cluster">13.7. Using FreeIPA in a Cluster</a></span></
dt><dd><dl><dt><span class="section"><a href="#Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment">13.7.1. Configuring Kerberos Credentials for a Clustered Environment</a></span></dt><dt><span class="section"><a href="#Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services">13.7.2. Using the Same Service Principal for Multiple Services</a></span></dt></dl></dd><dt><span class="section"><a href="#logging">13.8. FreeIPA Server Logging</a></span></dt><dt><span class="section"><a href="#promoting-replica">13.9. Promoting a Read-Only Replica to a FreeIPA Server</a></span></dt><dt><span class="section"><a href="#upgrading-server">13.10. Testing Before Upgrading the FreeIPA Server</a></span></dt></dl></dd><dt><span class="chapter"><a href="#managing-clients">14. Managing Client Machines in the FreeIPA Domain</a></span></dt><dd><dl><dt><span class="section"><a href="#about-machine-auth"
>14.1. About Machine Identity and Authentication</a></span></dt><dt><span class="section"><a href="#enrolling-machines">14.2. Enrolling Clients Manually</a></span></dt><dd><dl><dt><span class="section"><a href="#Enrollment_with_Separation_of_Duties">14.2.1. Performing a Split Enrollment</a></span></dt><dt><span class="section"><a href="#bulk-enrollment">14.2.2. Performing a Bulk or Kickstart Enrollment</a></span></dt></dl></dd><dt><span class="section"><a href="#renaming-machines">14.3. Renaming Machines and Reconfiguring FreeIPA Client Configuration</a></span></dt><dt><span class="section"><a href="#manually-unconfig-machines">14.4. Manually Unconfiguring Client Machines</a></span></dt><dt><span class="section"><a href="#Client_Problems">14.5. Debugging Client Connection Problems</a></span></dt><dt><span class="section"><a href="#certmongerX">14.6. Working with certmonger</a></span></dt><dd><dl><dt><span class="section"><a href="#certmonger-req">14.6.1. Requesting a Certifi
cate with certmonger</a></span></dt><dt><span class="section"><a href="#Working_with_certmonger-Using_certmonger_with_NSS">14.6.2. Storing Certificates in NSS Databases</a></span></dt><dt><span class="section"><a href="#certmonger-tracking-certs">14.6.3. Tracking Certificates with certmonger</a></span></dt></dl></dd></dl></dd><dt><span class="appendix"><a href="#chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions">A. Frequently Asked Questions</a></span></dt><dt><span class="appendix"><a href="#tools-reference">B. FreeIPA Tools Reference</a></span></dt><dd><dl><dt><span class="section"><a href="#special-chars">B.1. Using Special Characters</a></span></dt><dt><span class="section"><a href="#server-tools">B.2. Server Scripts</a></span></dt><dd><dl><dt><span class="section"><a href="#ipa-replica-install">B.2.1. ipa-replica-install</a></span></dt><dt><span class="section"><a href="#ipa-replica-prepare">B.2.2. ipa-replica-prepare</a></span></dt><dt><span class="s
ection"><a href="#ipa-server-install">B.2.3. ipa-server-install</a></span></dt></dl></dd><dt><span class="section"><a href="#client-tools">B.3. Client Scripts</a></span></dt><dd><dl><dt><span class="section"><a href="#ipa-client-install">B.3.1. ipa-client-install</a></span></dt></dl></dd></dl></dd><dt><span class="appendix"><a href="#Migrating_from_a_Directory_Server_to_IPA">C. Migrating from a Directory Server to IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview">C.1. Overview</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Assumptions">C.1.1. Assumptions</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues">C.1.2. Known Issues</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios">C
.1.3. Possible Scenarios</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States">C.1.4. Initial and Final States</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps">C.1.5. Recommended Sequence of Steps</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details">C.1.6. Implementation Details</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration">C.2. Performing a Server-based Migration</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">C.2.1. Phase 1: Migrating Existing Data to IPA</a></span></dt><dt><span class="
section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration">C.2.2. Phase 2: Updating the Client Configuration</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">C.2.3. Phase 3: Installing and Configuring SSSD</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users">C.2.4. Phase 4: Migrating Users</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS">C.2.5. Phase 5: Decommission the DS</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration">C.3. Performing a Cl
ient-based Migration</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_Configuring_SSSD">C.3.1. Phase 1: Installing and Configuring SSSD</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA">C.3.2. Phase 2: Migrating Existing Data to IPA</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA">C.3.3. Phase 3: Migrate SSSD Clients from LDAP to IPA</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients">C.3.4. Phase 4: Reconfigure non-SSSD Clients</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Manageme
nt_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server">C.3.5. Phase 5: Decommission the Directory Server</a></span></dt></dl></dd></dl></dd><dt><span class="glossary"><a href="#Glossary">Glossary</a></span></dt><dt><span class="index"><a href="#id3044115">Index</a></span></dt></dl></div><div xml:lang="en-US" class="preface" id="Preface" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Preface</h1></div></div></div><div class="para">
FreeIPA is a Fedora-based way to create a security, identity, and authentication domain. The different security and authentication protocols available to Linux and Unix systems (like Kerberos, NIS, DNS, PAM, and sudo) are complex, unrelated, and difficult to manage coherently, especially when combined with different identity stores.
</div><div class="para">
FreeIPA provides a layer that unifies all of these disparate services and simplifies the administrative tasks for managing users, systems, and security. FreeIPA breaks management down into two categories: <span class="emphasis"><em>identity</em></span> and <span class="emphasis"><em>policy</em></span>. It centralizes the functions of managing the users and entities within your IT environment (identity) and then provides a framework to define authentication and authorization for a global security framework and user-friendly tools like single sign-on (policy).
@@ -97,8 +97,87 @@
</div></li></ol></div><div class="para">
We appreciate receiving any feedback — requests for new sections, corrections, improvements, enhancements, even new ways of delivering the documentation or new styles of docs. You are welcome to contact the Fedora docs team at <a href="mailto:docs at lists.fedoraproject.org">docs at lists.fedoraproject.org</a>.
</div></div><div xml:lang="en-US" class="section" id="doc-history" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="doc-history">4. Document Change History</h2></div></div></div><div class="para">
- <div class="revhistory"><table border="0" width="100%" summary="Revision history"><tr><th align="left" valign="top" colspan="3"><b>Revision History</b></th></tr><tr><td align="left">Revision 2.1.0-1</td><td align="left">May 10, 2011</td><td align="left"><span class="author"><span class="firstname">Ella Deon</span> <span class="surname">Lackey</span></span></td></tr><tr><td align="left" colspan="3">
- <table border="0" summary="Simple list" class="simplelist"><tr><td>Beginning draft for the Fedora docs project.</td></tr></table>
+ <div class="revhistory"><table border="0" width="100%" summary="Revision history"><tr><th align="left" valign="top" colspan="3"><b>Revision History</b></th></tr><tr><td align="left">Revision 2.1.0-2</td><td align="left">July 22, 2011</td><td align="left"><span class="author"><span class="firstname">Ella Deon</span> <span class="surname">Lackey</span></span></td></tr><tr><td align="left" colspan="3">
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Completing first round of content revisions on the chapters for server installation, client installation, DNS, basic usage, managing clients, and the preface.
+ </div></li><li class="listitem"><div class="para">
+ Beginning content revisions on the chapters for users, Kerberos, automount, and managing servers.
+ </div></li><li class="listitem"><div class="para">
+ Bare initial draft of a tools appendix.
+ </div></li><li class="listitem"><div class="para">
+ Bugzilla work:
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 646226
+ </div></li><li class="listitem"><div class="para">
+ 646240
+ </div></li><li class="listitem"><div class="para">
+ 646257
+ </div></li><li class="listitem"><div class="para">
+ 646267
+ </div></li><li class="listitem"><div class="para">
+ 681731
+ </div></li><li class="listitem"><div class="para">
+ 693843
+ </div></li><li class="listitem"><div class="para">
+ 701465
+ </div></li><li class="listitem"><div class="para">
+ 709385
+ </div></li><li class="listitem"><div class="para">
+ 714603
+ </div></li><li class="listitem"><div class="para">
+ 715015
+ </div></li></ul></div>
+
+ </div></li><li class="listitem"><div class="para">
+ FreeIPA.org tickets:
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 1183
+ </div></li><li class="listitem"><div class="para">
+ 1359
+ </div></li><li class="listitem"><div class="para">
+ 1449
+ </div></li><li class="listitem"><div class="para">
+ 1058
+ </div></li><li class="listitem"><div class="para">
+ 1335
+ </div></li><li class="listitem"><div class="para">
+ 1107
+ </div></li><li class="listitem"><div class="para">
+ 1355
+ </div></li><li class="listitem"><div class="para">
+ 1430
+ </div></li><li class="listitem"><div class="para">
+ 803
+ </div></li><li class="listitem"><div class="para">
+ 991
+ </div></li><li class="listitem"><div class="para">
+ 615
+ </div></li><li class="listitem"><div class="para">
+ 969
+ </div></li><li class="listitem"><div class="para">
+ 594
+ </div></li><li class="listitem"><div class="para">
+ 593
+ </div></li></ul></div>
+
+ </div></li><li class="listitem"><div class="para">
+ freeipa-guide trac tickets:
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 18
+ </div></li><li class="listitem"><div class="para">
+ 19
+ </div></li><li class="listitem"><div class="para">
+ 16
+ </div></li><li class="listitem"><div class="para">
+ 17
+ </div></li></ul></div>
+
+ </div></li></ul></div>
+
+ </td></tr><tr><td align="left">Revision 2.1.0-1</td><td align="left">May 10, 2011</td><td align="left"><span class="author"><span class="firstname">Ella Deon</span> <span class="surname">Lackey</span></span></td></tr><tr><td align="left" colspan="3">
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Beginning draft for the Fedora docs project.
+ </div></li></ul></div>
</td></tr></table></div>
@@ -184,7 +263,7 @@
</td><td>
53
</td></tr><tr><td>
- NTP<sup>[<a id="id3382049" href="#ftn.id3382049" class="footnote">b</a>]</sup>
+ NTP<sup>[<a id="id3172036" href="#ftn.id3172036" class="footnote">b</a>]</sup>
</td><td>
123
</td></tr><tr><td>
@@ -194,7 +273,7 @@
</td></tr></tbody><tbody class="footnotes"><tr><td colspan="2"><div class="footnote" id="ft.udp-tcp"><p><sup>[<a id="ftn.ft.udp-tcp" href="#ft.udp-tcp" class="para">a</a>] </sup>
This service uses both TCP and UDP ports.
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id3382049" href="#id3382049" class="para">b</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id3172036" href="#id3172036" class="para">b</a>] </sup>
This service uses UDP ports only.
</p></div></td></tr></tbody></table></div></div><br class="table-break" /></div><div class="section" id="Preparing_for_an_IPA_Installation-DNS"><div class="titlepage"><div><div><h4 class="title" id="Preparing_for_an_IPA_Installation-DNS">1.1.3.4. DNS</h4></div></div></div><div class="para">
FreeIPA uses DNS for the FreeIPA clients to find (<span class="emphasis"><em>discover</em></span>) the FreeIPA servers. The DNS service can be managed by FreeIPA itself, or FreeIPA can use an existing DNS server. Without a properly configured and working DNS, server discovery for clients and FreeIPA services like, LDAP, Kerberos, and SSL may fail to work.
@@ -210,37 +289,43 @@
The DNS must be correctly configured to resolve forward and reverse addresses. The DNS does not need to be on the same machine as the FreeIPA server, but it does need to be fully functional.
</div><div class="para">
If you do not have a functional DNS, you can use the <code class="option">--setup-dns</code> option when you install FreeIPA to automatically configure a suitable DNS.
- </div></li></ul></div></div><div class="section" id="dns-file"><div class="titlepage"><div><div><h5 class="title" id="dns-file">1.1.3.4.2. FreeIPA-Generated DNS File</h5></div></div></div><div class="para">
+ </div></li><li class="listitem"><div class="para">
+ The installation process checks that the FreeIPA server name is a DNS A record and that its reverse and forward addresses match. This check is not performed if a FreeIPA DNS server is installed using the <code class="option">--setup-dns</code> option because the script assumes that the FreeIPA server will use itself as a DNS.
+ </div></li></ul></div></div><div class="section" id="dns-file"><div class="titlepage"><div><div><h5 class="title" id="dns-file">1.1.3.4.2. The FreeIPA-Generated DNS File</h5></div></div></div><div class="para">
To help create and configure a suitable DNS setup, the FreeIPA installation script creates a sample zone file. During the installation, FreeIPA displays a message similar to the following:
</div><pre class="screen">Sample zone file for bind has been created in /tmp/sample.zone.F_uMf4.db
</pre><div class="para">
- You should use this file in your DNS zone file.
+ Use this file in the DNS zone file.
</div></div><div class="section" id="DNS-IPA_DNS_and_NSCD"><div class="titlepage"><div><div><h5 class="title" id="DNS-IPA_DNS_and_NSCD">1.1.3.4.3. IPA, DNS, and NSCD</h5></div></div></div><div class="para">
- <span class="emphasis"><em>It is strongly recommended</em></span> that you avoid or restrict the use of <code class="systemitem">nscd</code> (Name Service Caching Daemon) in a FreeIPA deployment. The <code class="systemitem">nscd</code> service is extremely useful for reducing the load on the server, and for making clients more responsive, but drawbacks also exist. This is especially true in deployments that take advantage of SSSD, which performs its own caching.
+ <span class="emphasis"><em>It is strongly recommended</em></span> that you avoid or restrict the use of <code class="systemitem">nscd</code> (Name Service Caching Daemon) in a FreeIPA deployment. The <code class="systemitem">nscd</code> service is extremely useful for reducing the load on the server, and for making clients more responsive, but there can be problems when a system is also using SSSD, which performs its own caching.
</div><div class="para">
- <code class="systemitem">nscd</code> performs caching operations for all services that perform queries via the nsswitch interface, including <code class="command">getent</code>. Because <code class="systemitem">nscd</code> performs both positive and negative caching, if a request determines that a specific FreeIPA user does not exist, it marks this as a negative cache. Values stored in the cache remain until the cache expires, regardless of any changes that may occur on the server. The results of such caching is that new users and memberships may not be visible, and users and memberships that have been removed may still be visible.
+ <code class="systemitem">nscd</code> caches authentication and identity information for all services that perform queries through nsswitch, including <code class="command">getent</code>. Because <code class="systemitem">nscd</code> performs both positive and negative caching, if a request determines that a specific FreeIPA user does not exist, it marks this as a negative cache. Values stored in the cache remain until the cache expires, regardless of any changes that may occur on the server. The results of such caching is that new users and memberships may not be visible, and users and memberships that have been removed may still be visible.
</div><div class="para">
- To alleviate these effects, you can avoid the use of <code class="systemitem">nscd</code> altogether, or use a shorter cache time. In particular, consider changing the following values in the <code class="filename">/etc/nscd.conf</code> file to suit the usage patterns of your deployment:
+ Avoid clashes with SSSD caches and to prevent locking out users, avoid using <code class="systemitem">nscd</code> altogether. Alternatively, use a shorter cache time by resetting the time-to-live caching values in the <code class="filename">/etc/nscd.conf</code> file:
</div><pre class="programlisting">positive-time-to-live group 3600
negative-time-to-live group 60
positive-time-to-live hosts 3600
negative-time-to-live hosts 20
</pre></div><div class="section" id="DNS-DNS_and_Kerberos"><div class="titlepage"><div><div><h5 class="title" id="DNS-DNS_and_Kerberos">1.1.3.4.4. DNS and Kerberos</h5></div></div></div><div class="para">
- The Kerberos server requires a valid DNS A record, and reverse DNS needs to work correctly. It is safe to use CNAMEs if they point to the A name that corresponds to the principal name used to create SPNs (Service Principal Names) for the host. You should avoid the use of DDNS names, however, as this can cause major problems later on.
+ The Kerberos server requires a valid DNS A record, and reverse DNS needs to work correctly. It is safe to use CNAMEs if they point to the A name that corresponds to the principal name used to create SPNs (service principal names) for the host. Avoid the use of DDNS names, however.
</div><div class="para">
If necessary, add the hostname to the <code class="filename">/etc/hosts</code> file, as long as the fully qualified hostname must be listed first. For example:
<pre class="programlisting">10.0.0.1 ipa.example.com ipa</pre>
- The realm name does not have to match any or all of the domain name. You can use the domain name <code class="systemitem">example.com</code> and the realm <code class="systemitem">TESTIPA</code>. It is only a convention that they match. FreeIPA adds the appropriate domain to realm mapping in the <code class="filename">/etc/krb5.conf</code> file.
- </div><div class="para">
- A typical resolver looks in the <code class="filename">/etc/hosts</code> file first and DNS second. If <code class="systemitem">nscd</code> is running this may also cause issues because it caches lookups. The FreeIPA installer does not kill <code class="systemitem">nscd</code> until after the installation process has started, so beware of cached entries if you modify <code class="filename">/etc/hosts</code> (killing <code class="systemitem">nscd</code> is recommended if you do).
+ The realm name does not have to match any or all of the domain name. For example, the domain name can be <code class="systemitem">example.com</code> and the realm name can be <code class="systemitem">TESTIPA</code>. It is only a convention that they match. FreeIPA adds the appropriate domain to realm mapping in the <code class="filename">/etc/krb5.conf</code> file.
</div><div class="para">
- The FreeIPA installation process includes checks to ensure that the FreeIPA server name is a DNS A record and that its reverse and forward addresses match. This check is not performed if you are installing a FreeIPA DNS server (that is, if you are using the <code class="option">--setup-dns</code> option), as it is assumed that the FreeIPA server will use itself as a DNS from that point forward.
+ A typical resolver looks in the <code class="filename">/etc/hosts</code> file first and DNS second. If <code class="systemitem">nscd</code> is running this may also cause issues because it caches lookups. The FreeIPA installer does not kill <code class="systemitem">nscd</code> until after the installation process has started, so there can be cached entries that interfere with any changes to the <code class="filename">/etc/hosts</code>. If you need to edit the <code class="filename">/etc/hosts</code> file, kill the <code class="systemitem">nscd</code> daemon first.
+ </div></div><div class="section" id="dns-and-forwarders"><div class="titlepage"><div><div><h5 class="title" id="dns-and-forwarders">1.1.3.4.5. FreeIPA DNS and DNS Forwarders</h5></div></div></div><div class="para">
+ There is an option to configure DNS <span class="emphasis"><em>forwarders</em></span> as part of the FreeIPA DNS configuration. This is beneficial if there is limited direct access to root name servers, such as an organization's main DNS server or even an externam DNS server.
</div><div class="para">
- The FreeIPA DNS set-up procedure allows for the configuration of <em class="firstterm">forwarders</em>. In some instances, for example within some companies, you may not have direct access to root name servers, so the implementation of forwarders is necessary. These could be the company main DNS servers.
- <div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
- DNS forwarders must be specified as IP addresses, not as hostnames.
- </div></div></div>
-
+ Either interactively or through the install argument, forwarders can be listed as a comma-separated list of IP addresses.
+ </div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+ DNS forwarders must be specified as IP addresses, not as hostnames.
+ </div></div></div><div class="para">
+ By default, any host is permitted to issue recursive queries against configured forwarders. The client installation script automatically adds a line to the <code class="filename">/etc/named.conf</code> file to allow these recursive queries.
+ </div><pre class="screen"> forward first;
+ forwarders { 10.16.36.29; };
+ <strong class="userinput"><code>allow-recursion { any; };</code></strong></pre><div class="para">
+ This default behavior can be changed by changing the <code class="command">allow-recursion</code> statement. The name server documentation has more details on editing configuration statements.
</div></div></div><div class="section" id="Preparing_for_an_IPA_Installation-Configuring_Networking"><div class="titlepage"><div><div><h4 class="title" id="Preparing_for_an_IPA_Installation-Configuring_Networking">1.1.3.5. Networking</h4></div></div></div><div class="section" id="Configuring_Networking-Configuring_Networking_Services"><div class="titlepage"><div><div><h5 class="title" id="Configuring_Networking-Configuring_Networking_Services">1.1.3.5.1. Configuring Networking Services</h5></div></div></div><div class="para">
The default networking service used by Fedora is NetworkManager, and due to the way this service works, it can cause problems with FreeIPA and the KDC. Consequently, it is highly recommended that you use the <code class="systemitem">network</code> service to manage the networking requirements in a FreeIPA environment and disable the NetworkManager service.
</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
@@ -295,202 +380,64 @@ negative-time-to-live hosts 20
</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
The port numbers and directory locations used by FreeIPA are all defined automatically, as defined in <a class="xref" href="#prereq-ports">Section 1.1.3.3, “System Ports”</a> and . These ports and directories <span class="emphasis"><em>cannot</em></span> be changed or customized.
</div></div></div><div class="section" id="install-command"><div class="titlepage"><div><div><h3 class="title" id="install-command">1.3.1. About ipa-server-install</h3></div></div></div><div class="para">
- A FreeIPA server instance is created by running the <code class="command">ipa-server-install</code> script. This script can accept user-defined settings for services, like DNS nad Kerberos, that are used by the FreeIPA instance, or it can supply predefined values for minimal input from the administrator.
+ A FreeIPA server instance is created by running the <code class="command">ipa-server-install</code> script. This script can accept user-defined settings for services, like DNS and Kerberos, that are used by the FreeIPA instance, or it can supply predefined values for minimal input from the administrator.
</div><div class="para">
While <code class="command">ipa-server-install</code> can be run without any options, so that it prompts for the required information, it has numerous arguments which allow the configuration process to be easily scripted or to supply additional information which is not requested during an interactive installation.
</div><div class="para">
- <a class="xref" href="#tab.ipa-server-install-param">Table 1.3, “ipa-server-install Options”</a> lists the possible arguments with <code class="command">ipa-server-install</code>, while <a class="xref" href="#install-examples">Section 1.3.3, “Examples of Creating the FreeIPA Server”</a> has examples of some common installation scenarios. In real life, the <code class="command">ipa-server-install</code> options are versatile enough to be customized to the specific deployment environment.
- </div><div class="table" id="tab.ipa-server-install-param"><h6>Table 1.3. ipa-server-install Options</h6><div class="table-contents"><table summary="ipa-server-install Options" border="1"><colgroup><col width="33%" /><col width="33%" /><col width="33%" /></colgroup><thead><tr><th>
+ <a class="xref" href="#tab.ipa-server-install-param">Table 1.3, “ipa-server-install Options”</a> lists some common arguments with <code class="command">ipa-server-install</code>, while <a class="xref" href="#install-examples">Section 1.3.3, “Examples of Creating the FreeIPA Server”</a> has examples of some common installation scenarios. The full list of options are in <a class="xref" href="#ipa-server-install">Section B.2.3, “ipa-server-install”</a>. In real life, the <code class="command">ipa-server-install</code> options are versatile enough to be customized to the specific deployment environment.
+ </div><div class="table" id="tab.ipa-server-install-param"><h6>Table 1.3. ipa-server-install Options</h6><div class="table-contents"><table summary="ipa-server-install Options" border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
Argument
</th><th>
- Alternate Argument
- </th><th>
Description
- </th></tr></thead><tbody><tr><td colspan="3">
- <span class="bold bold"><strong>Required Options</strong></span><sup>[<a id="id3228361" href="#ftn.id3228361" class="footnote">a</a>]</sup>
- </td></tr><tr><td>
+ </th></tr></thead><tbody><tr><td>
-a <span class="emphasis"><em>ipa_admin_password</em></span>
</td><td>
- --admin-password=<span class="emphasis"><em>ipa_admin_password</em></span>
- </td><td>
The password for the FreeIPA administrator. This is used for the admin user to authenticate to the Kerberos realm.
</td></tr><tr><td>
--hostname=<span class="emphasis"><em>hostname</em></span>
</td><td>
-
- </td><td>
The fully-qualified domain name of the FreeIPA server machine.
</td></tr><tr><td>
-n <span class="emphasis"><em>domain_name</em></span>
</td><td>
- --domain=<span class="emphasis"><em>domain_name</em></span>
- </td><td>
The name of the LDAP server domain to use for the FreeIPA domain. This is usually based on the FreeIPA server's hostname.
</td></tr><tr><td>
-p <span class="emphasis"><em>directory_manager_password</em></span>
</td><td>
- --ds-password=<span class="emphasis"><em>directory_manager_password</em></span>
- </td><td>
The password for the superuser, <code class="command">cn=Directory Manager</code>, for the LDAP service.
</td></tr><tr><td>
-r <span class="emphasis"><em>realm_name</em></span>
</td><td>
- --realm=<span class="emphasis"><em>realm_name</em></span>
- </td><td>
The name of the Kerberos realm to create for the FreeIPA domain.
- </td></tr><tr><td colspan="3">
- <span class="bold bold"><strong>Certificate Authority Options</strong></span>
- </td></tr><tr><td>
- --external-ca
- </td><td>
-
- </td><td>
- Instructs the installation script to generate a certificate request that can be submitted to an external or third-party CA.
- </td></tr><tr><td>
- --external_ca_file=<span class="emphasis"><em>CA_cert_chain_file</em></span>
- </td><td>
-
- </td><td>
- Points to the PKCS#10 file which contains the CA certificate chain of the external CA. This is required to validate the certificate issued by the CA for the FreeIPA server. If an external CA is used, this is required in a second invocation of <code class="command">ipa-server-install</code> to complete the setup process.
- </td></tr><tr><td>
- --external_cert_file=<span class="emphasis"><em>certificate_file</em></span>
- </td><td>
-
- </td><td>
- Points to the PKCS#10 file which contains the certificate that was generated by an external CA. If an external CA is used, this is required in a second invocation of <code class="command">ipa-server-install</code> to complete the setup process.
- </td></tr><tr><td>
- --selfsign
- </td><td>
-
- </td><td>
- Uses a self-signed certificate instead of a certificate issued by the internal Dogtag Certificate System or by an external CA. If this option is selected, then no Dogtag Certificate System instance is configured as part of the setup process, and the FreeIPA server itself functionally serves as a CA for clients in the domain. This is not recommended for production environments, but can be used in test or development environments.
</td></tr><tr><td>
--subject=<span class="emphasis"><em>subject_DN</em></span>
</td><td>
-
- </td><td>
Sets the base element for the subject DN of the issued certificates. This defaults to <code class="command">O=</code><span class="emphasis"><em>realm</em></span>.
- </td></tr><tr><td colspan="3">
- <span class="bold bold"><strong>DNS Options</strong></span>
</td></tr><tr><td>
--forwarder=<span class="emphasis"><em>forwarder</em></span>
</td><td>
-
- </td><td>
Gives a comma-separated list of DNS forwarders to use with the DNS service.
</td></tr><tr><td>
--no-forwarders
</td><td>
-
- </td><td>
Uses root servers with the DNS service instead of forwarders.
</td></tr><tr><td>
--no-reverse
</td><td>
-
- </td><td>
Uses root servers with the DNS service instead of forwarders.
</td></tr><tr><td>
--setup-dns
</td><td>
-
- </td><td>
Tells the installation script to set up a DNS service within the FreeIPA domain. Using an integrated DNS service is optional, so if this option is not passed with the installation script, then no DNS is configured.
</td></tr><tr><td>
- --zonemgr=<span class="emphasis"><em>email_address</em></span>
- </td><td>
-
- </td><td>
- Gives the email address to use for the DNS zone manager. If none is given, this defaults to root.
- </td></tr><tr><td colspan="3">
- <span class="bold bold"><strong>Kerberos Options</strong></span>
- </td></tr><tr><td>
- --ip-address=<span class="emphasis"><em>ip_address</em></span>
- </td><td>
-
- </td><td>
- Gives the IP address of the Kerberos master KDC. This can be used if there are multiple FreeIPA servers in the same realm.
- </td></tr><tr><td>
- -P <span class="emphasis"><em>kerberos_master_password</em></span>
- </td><td>
- --master-password=<span class="emphasis"><em>kerberos_master_password</em></span>
- </td><td>
- The password for the KDC account. This is randomly generated if no value is given.
- </td></tr><tr><td colspan="3">
- <span class="bold bold"><strong>NTP Options</strong></span>
- </td></tr><tr><td>
- -N, --no-ntp
- </td><td>
-
- </td><td>
- Does <span class="emphasis"><em>not</em></span> configure the NTP service for the FreeIPA server. This is normally done by default.
- <div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
- If the FreeIPA server is running as a virtual guest, it should not run an NTP service.
- </div></div></div>
-
- </td></tr><tr><td colspan="3">
- <span class="bold bold"><strong>FreeIPA Server Configuration Options</strong></span>
- </td></tr><tr><td>
--idmax=<span class="emphasis"><em>number</em></span>
</td><td>
-
- </td><td>
Sets the upper bound for IDs which can be assigned by the FreeIPA server. The default value is the ID start value plus 199999.
</td></tr><tr><td>
--idstart=<span class="emphasis"><em>number</em></span>
</td><td>
-
- </td><td>
Sets the lower bound (starting value) for IDs which can be assigned by the FreeIPA server. The default value is randomly selected.
- </td></tr><tr><td>
- --no_hbac_allow
- </td><td>
-
- </td><td>
- Disables the <code class="command">allow_all</code> rule for host-based access control in the FreeIPA domain.
- </td></tr><tr><td colspan="3">
- <span class="bold bold"><strong>Other Setup Options</strong></span>
- </td></tr><tr><td>
- --no-host-dns
- </td><td>
-
- </td><td>
- Does <span class="emphasis"><em>not</em></span> use DNS to look up the hostname of the FreeIPA server machine during the installation process.
- </td></tr><tr><td>
- -U
- </td><td>
- --unattended
- </td><td>
- Runs the <code class="command">ipa-server-install</code> command without any interactive prompts.
- </td></tr><tr><td>
- --uninstall
- </td><td>
-
- </td><td>
- Uninstalls an existing FreeIPA server.
- </td></tr><tr><td colspan="3">
- <span class="bold bold"><strong>General Tool Options</strong></span>
- </td></tr><tr><td>
- -d
- </td><td>
- --debug
- </td><td>
- Runs the <code class="command">ipa-server-install</code> command in debug mode and outputs debugging information.
- </td></tr><tr><td>
- -h
- </td><td>
- --help
- </td><td>
- Prints the help information for the <code class="command">ipa-server-install</code> command.
- </td></tr><tr><td>
- --version
- </td><td>
-
- </td><td>
- Prints the version number of the <code class="command">ipa-server-install</code> command.
- </td></tr></tbody><tbody class="footnotes"><tr><td colspan="3"><div class="footnote"><p><sup>[<a id="ftn.id3228361" href="#id3228361" class="para">a</a>] </sup>
- The installation script will prompt for these options if they are not passed with the script.
- </p></div></td></tr></tbody></table></div></div><br class="table-break" /></div><div class="section" id="install-interactive"><div class="titlepage"><div><div><h3 class="title" id="install-interactive">1.3.2. Setting up a FreeIPA Server: Basic Interactive Installation</h3></div></div></div><div class="para">
+ </td></tr></tbody></table></div></div><br class="table-break" /></div><div class="section" id="install-interactive"><div class="titlepage"><div><div><h3 class="title" id="install-interactive">1.3.2. Setting up a FreeIPA Server: Basic Interactive Installation</h3></div></div></div><div class="para">
All that is required to set up a FreeIPA server is to run the <code class="command">ipa-server-install</code> script. This launchs the script interactively, which prompts for the required information to set up a server, but without more advanced configuration like DNS and CA options.
</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
Run the <code class="command">ipa-server-install</code> script.
@@ -666,7 +613,7 @@ Setup <span class="perl_Reserved">complete</span></pre></li><li class="listitem"
Some kind of forwarder information is required. If no external forwarders will be used with the FreeIPA DNS service, then use the <code class="option">--no-forwarders</code> option to indicate that only root servers will be used.
</div><div class="para">
The script always assumes that reverse DNS is configured along with DNS, so it is not necessary to use any options to <span class="emphasis"><em>enable</em></span> reverse DNS. To disable reverse DNS, use the <code class="option">--no-reverse</code> option.
- </div><pre class="programlisting"><span class="perl_Comment"># ipa-server-install ... --setup-dns --no-reverse</span></pre></div></div><br class="example-break" /></div></div><div class="section" id="troubleshooting-install"><div class="titlepage"><div><div><h3 class="title" id="troubleshooting-install">1.3.4. Troubleshooting Installation Problems</h3></div></div></div><div class="formalpara"><h5 class="formalpara" id="id3179617">GSS Failures When Running IPA Commands</h5>
+ </div><pre class="programlisting"><span class="perl_Comment"># ipa-server-install ... --setup-dns --no-reverse</span></pre></div></div><br class="example-break" /></div></div><div class="section" id="troubleshooting-install"><div class="titlepage"><div><div><h3 class="title" id="troubleshooting-install">1.3.4. Troubleshooting Installation Problems</h3></div></div></div><div class="formalpara"><h5 class="formalpara" id="id3335512">GSS Failures When Running IPA Commands</h5>
Immediately after installation, there can be Kerberos problems when trying to run an <code class="command">ipa-*</code> command. For example:
</div><pre class="programlisting">ipa: ERROR: Kerberos error: ('Unspecified GSS failure. Minor code may provide more information', 851968)/('Decrypt integrity check failed', -1765328353)</pre><div class="para">
There are two potential causes for this:
@@ -674,7 +621,7 @@ Setup <span class="perl_Reserved">complete</span></pre></li><li class="listitem"
DNS is not properly configured.
</div></li><li class="listitem"><div class="para">
Active Directory is in the same domain as the FreeIPA server.
- </div></li></ul></div><div class="formalpara"><h5 class="formalpara" id="id3243870">named Daemon Fails to Start</h5>
+ </div></li></ul></div><div class="formalpara"><h5 class="formalpara" id="id3161542">named Daemon Fails to Start</h5>
If a FreeIPA server is configured to manage DNS and is set up successfully, but the <code class="systemitem">named</code> service fails to start, this can indicate that there is a package conflict. Check the <code class="filename">/var/log/messages</code> file for error messages related to the <code class="command">named</code> service and the <code class="filename">ldap.so</code> library:
</div><pre class="screen">ipaserver named[6886]: failed to dynamically load driver 'ldap.so': libldap-2.4.so.2: cannot open shared object file: No such file or directory</pre><div class="para">
This usually means that the <span class="package">bind-chroot</span> package is installed and is preventing the <code class="systemitem">named</code> service from starting. To resolve this issue, remove the <span class="package">bind-chroot</span> package and then restart the FreeIPA server.
@@ -723,6 +670,8 @@ Copying additional files
Finalizing configuration
Packaging the replica into replica-info-ipareplica.example.com
</pre><div class="para">
+ For more options with <code class="command">ipa-replica-prepare</code>, see <a class="xref" href="#ipa-replica-prepare">Section B.2.2, “ipa-replica-prepare”</a>.
+ </div><div class="para">
Each replica information file is created in the <code class="filename">/var/lib/ipa/</code> directory as a GPG-encrypted file. Each file is named specifically for the replica server for which it is intended, such as <code class="filename">replica-info-ipareplica.example.com.gpg</code>.
</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
A replica information file cannot be used to create multiple replicas. It can only be used for the specific replica and machine for which it was created.
@@ -731,11 +680,9 @@ Packaging the replica into replica-info-ipareplica.example.com
</div></div></div></li><li class="listitem"><div class="para">
Copy the replica information file to the replica server:
</div><pre class="programlisting"><span class="perl_Comment"># scp /var/lib/ipa/replica-info-ipareplica.example.com.gpg root at ipareplica:/var/lib/ipa/</span></pre></li><li class="listitem"><div class="para">
- On the replica server, run the replica installation script, referencing the replication information file:
- </div><div class="para">
-
-<pre class="programlisting"> <span class="perl_Comment"># ipa-replica-install /var/lib/ipa/replica-info-ipareplica.example.com.gpg</span></pre>
-
+ On the replica server, run the replica installation script, referencing the replication information file. There are other options for setting up DNS, much like the server installation script. For example:
+ </div><pre class="programlisting"> <span class="perl_Comment"># ipa-replica-install --setup-dns /var/lib/ipa/replica-info-ipareplica.example.com.gpg</span></pre><div class="para">
+ Additional options for the replica installation script are listed in <a class="xref" href="#ipa-replica-install">Section B.2.1, “ipa-replica-install”</a>.
</div><div class="para">
The replica installation script runs a test to ensure that the replica file being installed matches the current hostname. If they do not match, the script returns a warning message and asks for confirmation. This could occur on a multi-homed machine, for example, where mismatched hostnames may not be an issue.
</div></li><li class="listitem"><div class="para">
@@ -775,7 +722,7 @@ comparetAndWaitEntries ou=people,o=ipaca not found, let's wait</pre>
To uninstall both a FreeIPA server and a FreeIPA replica, pass the <code class="option">--uninstall</code> option to the <code class="command">ipa-server-install</code> command:
<pre class="programlisting"><span class="perl_Comment"># ipa-server-install --uninstall</span></pre>
- </div></div></div><div xml:lang="en-US" class="chapter" id="setting-up-clients" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 2. Setting up Systems as FreeIPA Clients</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#what-happens-clients">2.1. What Happens in Client Setup</a></span></dt><dt><span class="section"><a href="#Installing_the_IPA_Client_on_Linux">2.2. Configuring a Fedora System as a FreeIPA Client</a></span></dt><dt><span class="section"><a href="#Configuring_Microsoft_Windows">2.3. Configuring a Microsoft Windows System as a FreeIPA Client</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris">2.4. Configuring a Solaris System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris_10">2.4.1. Configuring Solaris 10</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris-Configurin
g_an_IPA_Client_on_Solaris_9">2.4.2. Configuring Solaris 9</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX">2.5. Configuring an HP-UX System as a FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_NTP">2.5.1. Configuring NTP</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_LDAP_Authentication">2.5.2. Configuring LDAP Authentication</a></span></dt><dt><span class="section"><a href="#Configuring_Kerberos_and_PAM-Configuring_Kerberos">2.5.3. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="#Configuring_Kerberos_and_PAM-Configuring_PAM">2.5.4. Configuring PAM</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_SSH">2.5.5. Configuring SSH</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_Access_Control">2.5.6
. Configuring Access Control</a></span></dt><dt><span class="section"><a href="#hp-test">2.5.7. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX">2.6. Configuring an AIX System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX-Prerequisites">2.6.1. Prerequisites</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication">2.6.2. Configuring the AIX Client</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X">2.7. Configuring a Macintosh OS X System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication">2.7.1. Configuring Kerberos Authentication</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_
OS_X-Configuring_LDAP_Authorization">2.7.2. Configuring LDAP Authorization</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_the_LDAP_Authorization_Options">2.7.3. Configuring the LDAP Authorization Options</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_NTP">2.7.4. Configuring NTP</a></span></dt><dt><span class="section"><a href="#testing-config-on-mac">2.7.5. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#uninstalling-clients">2.8. Uninstalling a FreeIPA Client</a></span></dt></dl></div><div class="para">
+ </div></div></div><div xml:lang="en-US" class="chapter" id="setting-up-clients" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 2. Setting up Systems as FreeIPA Clients</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#what-happens-clients">2.1. What Happens in Client Setup</a></span></dt><dt><span class="section"><a href="#Installing_the_IPA_Client_on_Linux">2.2. Configuring a Fedora System as a FreeIPA Client</a></span></dt><dt><span class="section"><a href="#Configuring_Microsoft_Windows">2.3. Configuring a Microsoft Windows System as a FreeIPA Client</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris">2.4. Configuring a Solaris System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris_10">2.4.1. Configuring Solaris 10</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Solaris-Configurin
g_an_IPA_Client_on_Solaris_9">2.4.2. Configuring Solaris 9</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX">2.5. Configuring an HP-UX System as a FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_NTP">2.5.1. Configuring NTP</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_LDAP_Authentication">2.5.2. Configuring LDAP Authentication</a></span></dt><dt><span class="section"><a href="#Configuring_Kerberos_and_PAM-Configuring_Kerberos">2.5.3. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="#Configuring_Kerberos_and_PAM-Configuring_PAM">2.5.4. Configuring PAM</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_SSH">2.5.5. Configuring SSH</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_HP_UX-Configuring_Access_Control">2.5.6
. Configuring Access Control</a></span></dt><dt><span class="section"><a href="#hp-test">2.5.7. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX">2.6. Configuring an AIX System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX-Prerequisites">2.6.1. Prerequisites</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication">2.6.2. Configuring the AIX Client</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X">2.7. Configuring a Macintosh OS X System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication">2.7.1. Configuring Kerberos Authentication</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_
OS_X-Configuring_LDAP_Authorization">2.7.2. Configuring LDAP Authorization</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_the_LDAP_Authorization_Options">2.7.3. Configuring the LDAP Authorization Options</a></span></dt><dt><span class="section"><a href="#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_NTP">2.7.4. Configuring NTP</a></span></dt><dt><span class="section"><a href="#testing-config-on-mac">2.7.5. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#troubleshooting-client-install">2.8. Troubleshooting Client Installations</a></span></dt><dt><span class="section"><a href="#uninstalling-clients">2.9. Uninstalling a FreeIPA Client</a></span></dt></dl></div><div class="para">
A <span class="emphasis"><em>client</em></span> is any system which is a member of the FreeIPA domain. While this is frequently a Fedora system (and FreeIPA has special tools to make configuring Fedora clients very simple), machines with other operating systems can also be added to the FreeIPA domain.
</div><div class="para">
One important aspect of a FreeIPA client is that <span class="emphasis"><em>only</em></span> the system configuration determines whether the system is part of the domain. (The configuration includes things like belonging to the Kerberos domain, DNS domain, and having the proper authentication and certificate setup.) FreeIPA does not require any sort of agent or daemon running on a client.
@@ -837,7 +784,11 @@ example.com = EXAMPLE.COM
If the FreeIPA server is configured as the DNS server and is in the same domain as the client, add the server's IP address as the first entry in the client's <code class="filename">/etc/resolv.conf</code> file.
</div></li><li class="listitem"><div class="para">
Run the client setup command.
- </div><pre class="programlisting"><span class="perl_Comment"># ipa-client-install</span></pre></li><li class="listitem"><div class="para">
+ </div><pre class="programlisting"><span class="perl_Comment"># ipa-client-install --enable-dns-updates</span></pre><div class="para">
+ The <code class="option">--enable-dns-updates</code> option updates DNS with the client machine's IP address. Other options for <code class="command">ipa-client-install</code> are listed in <a class="xref" href="#ipa-client-install">Section B.3.1, “ipa-client-install”</a>.
+ </div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+ There is an <code class="option">--on-master</code> option that is used as part of configuring an FreeIPA server (which also is an FreeIPA client, since it is within the domain). This option should <span class="emphasis"><em>never</em></span> be used when configuring a regular FreeIPA client, because it results in slightly different client configuration which may not work on a non-FreeIPA server machine.
+ </div></div></div></li><li class="listitem"><div class="para">
If prompted, enter the domain name for the FreeIPA's DNS domain.
</div><pre class="programlisting">DNS discovery failed to determine your DNS domain
Please provide the domain name of your IPA server <span class="perl_Keyword">(</span>ex: example.com<span class="perl_Keyword">)</span>: example.com</pre></li><li class="listitem"><div class="para">
@@ -847,7 +798,7 @@ Please provide your IPA server name <span class="perl_Keyword">(</span>ex: ipa.e
The client script then prompts for a Kerberos identity to use to contact and then join the Kerberos realm. When these credentials are supplied, then the client is able to join the FreeIPA Kerberos domain and then complete the configuration:
</div><pre class="screen">
Continue to configure the system with these values? [no]: yes
-Enrollment principal: admin
+User authorized to enroll computers: admin
Password for admin at EXAMPLE.COM:
Enrolled in FreeIPA realm EXAMPLE.COM
Created /etc/ipa/default.conf
@@ -1653,8 +1604,30 @@ Valid starting Expires Service principal
Kerberos 4 ticket cache: /tmp/tkt10678
klist: You have no tickets cached</pre>
- </div></li></ol></div></div></div><div class="section" id="uninstalling-clients"><div class="titlepage"><div><div><h2 class="title" id="uninstalling-clients">2.8. Uninstalling a FreeIPA Client</h2></div></div></div><div class="para">
- For Fedora clients, the <code class="command">ipa-client-install</code> utility can be used to uninstall the client and remove it from the FreeIPA domaine. To remove the client, use the <code class="option">--uninstall</code> option.
+ </div></li></ol></div></div></div><div class="section" id="troubleshooting-client-install"><div class="titlepage"><div><div><h2 class="title" id="troubleshooting-client-install">2.8. Troubleshooting Client Installations</h2></div></div></div><a id="id3027891" class="indexterm"></a><a id="id3027906" class="indexterm"></a><div class="para">
+ These are some issues and workarounds for client installation problems.
+ </div><div class="formalpara"><h5 class="formalpara" id="id3143258">The client can't resolve reverse hostnames when using an external DNS.</h5>
+ While FreeIPA can host its own DNS server as part of the domain services, it can also use external DNS name server. However, because of some of the limitations of reverse DNS, there can be problems with resolving reverse lookups if the external DNS is listed in the client's <code class="filename">/etc/resolv.conf</code> file or if there are other resources on the network with SRV records, like Active Directory.
+ </div><div class="para">
+ The problem is that the external DNS name server returns the wrong hostname for the FreeIPA server.
+ </div><a id="id3143287" class="indexterm"></a><a id="id3143298" class="indexterm"></a><div class="para">
+ One way this exhibits is errors with finding the FreeIPA server in the Kerberos database:
+ </div><pre class="screen">Jun 30 11:11:48 server1 krb5kdc[1279](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.60.135: NEEDED_PREAUTH: admin EXAMPLE COM for krbtgt/EXAMPLE COM EXAMPLE COM, Additional pre-authentication required
+Jun 30 11:11:48 server1 krb5kdc[1279](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.60.135: ISSUE: authtime 1309425108, etypes {rep=18 tkt=18 ses=18}, admin EXAMPLE COM for krbtgt/EXAMPLE COM EXAMPLE COM
+Jun 30 11:11:49 server1 krb5kdc[1279](info): TGS_REQ (4 etypes {18 17 16 23}) 192.168.60.135: UNKNOWN_SERVER: authtime 0, admin EXAMPLE COM for HTTP/server1.wrong.example.com at EXAMPLE.COM, Server not found in Kerberos database</pre><div class="para">
+ There are several ways to work around this issue:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Edit the <code class="filename">/etc/resolv.conf</code> file to remove the external DNS name server references.
+ </div></li><li class="listitem"><div class="para">
+ Add reverse lookup records for each FreeIPA server.
+ </div></li><li class="listitem"><div class="para">
+ Give the FreeIPA client or domain a subnet and forward all requests for that subnet.
+ </div></li></ul></div><div class="formalpara"><h5 class="formalpara" id="id3322348">A ticket is not being generated by Kerberos on Windows</h5><a id="id3322355" class="indexterm"></a><a id="id3322367" class="indexterm"></a><a id="id3322380" class="indexterm"></a>
+ Windows can use multiple ticket caches with MIT Kerberos. This can create odd scenarios, where it is possible to authenticate against FreeIPA's domain in the command line, but not to open the web UI.
+ </div><div class="para">
+ MIT Kerberos for Windows provides some debugging tools which can be used to troubleshoot Windows Kerberos problems, available at <a href="http://web.mit.edu/Kerberos/dist/index.html#kfw-3.2">http://web.mit.edu/Kerberos/dist/index.html#kfw-3.2</a>.
+ </div></div><div class="section" id="uninstalling-clients"><div class="titlepage"><div><div><h2 class="title" id="uninstalling-clients">2.9. Uninstalling a FreeIPA Client</h2></div></div></div><a id="id3223800" class="indexterm"></a><a id="id3223812" class="indexterm"></a><div class="para">
+ For Fedora clients, the <code class="command">ipa-client-install</code> utility can be used to uninstall the client and remove it from the FreeIPA domain. To remove the client, use the <code class="option">--uninstall</code> option.
</div><pre class="programlisting"><span class="perl_Comment"># ipa-client-install --uninstall</span></pre><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
There is an uninstall option with the <code class="command">ipa-join</code> command. This is called by <code class="command">ipa-client-install --uninstall</code> as part of the uninstallation process. However, while the <code class="command">ipa-join</code> option removes the client from the domain, it does not actually uninstall the client or properly remove all of the FreeIPA-related configuration. Do not run <code class="command">ipa-join -u</code> to attempt to uninstall the FreeIPA client. The only way to uninstall a client completely is to use <code class="command">ipa-client-install --uninstall</code>.
</div></div></div></div></div><div xml:lang="en-US" class="chapter" id="basic-usage" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 3. Basic Usage</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#running-scripts">3.1. Running FreeIPA Tools</a></span></dt><dt><span class="section"><a href="#logging-in">3.2. Logging into FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="#logging-in-kinit">3.2.1. Logging into FreeIPA</a></span></dt><dt><span class="section"><a href="#switching-users">3.2.2. Logging in When an FreeIPA User Is Different Than the System User</a></span></dt><dt><span class="section"><a href="#checking-current-creds">3.2.3. Checking the Current Logged in User</a></span></dt></dl></dd><dt><span class="section"><a href="#opening-the-web-ui">3.3. Opening the FreeIPA Web UI</a></span></dt><dt><span class="section"><a href="#config-browser">3.4. Configuring the Browser</a></span></dt><dt><span cl
ass="section"><a href="#Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System">3.5. Using a Browser on Another System</a></span></dt><dt><span class="section"><a href="#Enabling_UsernamePassword_Authentication_in_Your_Browser">3.6. Enabling Username/Password Authentication in Your Browser</a></span></dt><dt><span class="section"><a href="#Troubleshooting-UI">3.7. Troubleshooting UI Connection Problems</a></span></dt></dl></div><div class="para">
@@ -2498,12 +2471,14 @@ Keytab successfully retrieved and stored in: /tmp/test.keytab</pre>
<code class="command"># ipa-getkeytab -s `hostname` -k /tmp/panther.keytab -p host/panther.example.com</code>
Keytab successfully retrieved and stored in: /tmp/panther.keytab</pre>
- </div></li></ol></div></div></div></div><div xml:lang="en-US" class="chapter" id="kerberos" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 6. Identity: Using FreeIPA for a Kerberos Domain</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#about-kerberos">6.1. About Kerberos</a></span></dt><dt><span class="section"><a href="#kerb-policies">6.2. Setting Kerberos Ticket Policies</a></span></dt><dt><span class="section"><a href="#Configuring_Service_Principals-Creating_and_Using_Service_Principals">6.3. Creating and Using Service Principals</a></span></dt><dd><dl><dt><span class="section"><a href="#Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service">6.3.1. Creating a FreeIPA Service</a></span></dt><dt><span class="section"><a href="#Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server">6.3.2. Configuring an NFS Service Principal on the FreeIPA Server</a
></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_Authentication-Refreshing_Kerberos_Tickets">6.4. Refreshing Kerberos Tickets</a></span></dt><dt><span class="section"><a href="#rotating-keys">6.5. Rotating Keys</a></span></dt><dt><span class="section"><a href="#General_Troubleshooting_Tips-Kerberos_Errors">6.6. Kerberos Errors</a></span></dt></dl></div><div class="section" id="about-kerberos"><div class="titlepage"><div><div><h2 class="title" id="about-kerberos">6.1. About Kerberos</h2></div></div></div><div class="para">
- The Kerberos server is a part of FreeIPA. When you run the <code class="command">kinit</code> command you invoke a client that connects to the Kerberos server. As a result of the authentication the client receives a <em class="firstterm">ticket</em>. This ticket is a temporary pass; or a better description might be a pass-book. The best example from real life might be a pass to a movie festival. A single pass to such a festival would allow someone to attend different movies at their discretion. Kerberos is very similar. When a user tries to access any resource that is protected by Kerberos, that resource requires the user to present a valid ticket, the same as in the movies.
+ </div></li></ol></div></div></div></div><div xml:lang="en-US" class="chapter" id="kerberos" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 6. Identity: Using FreeIPA for a Kerberos Domain</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#about-kerberos">6.1. About Kerberos</a></span></dt><dt><span class="section"><a href="#kerb-policies">6.2. Setting Kerberos Ticket Policies</a></span></dt><dd><dl><dt><span class="section"><a href="#kerb-policies-global">6.2.1. Setting Global Ticket Policies</a></span></dt><dt><span class="section"><a href="#user-ticket-policies">6.2.2. Setting User-Level Ticket Policies</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_Service_Principals-Creating_and_Using_Service_Principals">6.3. Creating and Using Service Principals</a></span></dt><dd><dl><dt><span class="section"><a href="#Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Servi
ce">6.3.1. Creating a FreeIPA Service</a></span></dt><dt><span class="section"><a href="#Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server">6.3.2. Configuring an NFS Service Principal on the FreeIPA Server</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_Authentication-Refreshing_Kerberos_Tickets">6.4. Refreshing Kerberos Tickets</a></span></dt><dt><span class="section"><a href="#rotating-keys">6.5. Rotating Keys</a></span></dt><dt><span class="section"><a href="#kerberos-pwd-cache">6.6. Caching Kerberos Passwords</a></span></dt><dt><span class="section"><a href="#Kerberos_Errors">6.7. Troubleshooting Kerberos Errors</a></span></dt></dl></div><div class="section" id="about-kerberos"><div class="titlepage"><div><div><h2 class="title" id="about-kerberos">6.1. About Kerberos</h2></div></div></div><a id="id3016789" class="indexterm"></a><div class="para">
+ Kerberos authentication is the core of the FreeIPA server. For a full discussion of how Kerberos works, configuration, and other aspects of Kerberos, see the MIT Kerberos project documentation at <a href="http://web.mit.edu/kerberos/www/">http://web.mit.edu/kerberos/www/</a>.
+ </div><div class="para">
+ The Kerberos server is a part of FreeIPA. When you run the <code class="command">kinit</code> command you invoke a client that connects to the Kerberos server. As a result of the authentication the client receives a <span class="emphasis"><em>ticket</em></span>. This ticket is a temporary pass; or a better description might be a pass-book. The best example from real life might be a pass to a movie festival. A single pass to such a festival would allow someone to attend different movies at their discretion. Kerberos is very similar. When a user tries to access any resource that is protected by Kerberos, that resource requires the user to present a valid ticket, the same as in the movies.
</div><div class="para">
- To obtain such a ticket the user needs to prove their identity; that they are who they claim to be. Asking the user to constantly authenticate with their password would soon prove to be too annoying and hard to manage. This is why a multi-tier process exists, where the user first authenticates and obtains a so-called <em class="firstterm">ticket-granting ticket</em> (TGT). This ticket can then be presented to the Kerberos server at any time and a new ticket specific to the resource that the user wants to access can be acquired. All of these tickets have a configurable expiration time, so the user occasionally needs to re-authenticate, but it is much less of a burden.
+ To obtain such a ticket the user needs to prove their identity; that they are who they claim to be. Asking the user to constantly authenticate with their password would soon prove to be too annoying and hard to manage. This is why a multi-tier process exists, where the user first authenticates and obtains a so-called <span class="emphasis"><em>ticket-granting ticket</em></span> (TGT). This ticket can then be presented to the Kerberos server at any time and a new ticket specific to the resource that the user wants to access can be acquired. All of these tickets have a configurable expiration time, so the user occasionally needs to re-authenticate, but it is much less of a burden.
</div><div class="para">
- <code class="systemitem">Kerberos</code> is a network authentication protocol which allows users to authenticate to services with the help of a KDC. <code class="systemitem">Kerberos</code> authentication requires that both the user and the service be known to the KDC and that each has previously shared a set of encryption keys with the KDC. A user's keys are derived from the user's password, and while a service's keys can also be derived from a password, it is more likely that they are randomly generated. Users and services are known to the KDC by what are referred to as their <em class="firstterm">principal names</em>, and those users and services are often referred to simply as <em class="firstterm">principals</em>.
+ Kerberos is a network authentication protocol which allows users to authenticate to services with the help of a KDC. Kerberos authentication requires that both the user and the service be known to the KDC and that each has previously shared a set of encryption keys with the KDC. A user's keys are derived from the user's password, and while a service's keys can also be derived from a password, it is more likely that they are randomly generated. Users and services are known to the KDC by what are referred to as their <span class="emphasis"><em>principal names</em></span>, and those users and services are often referred to simply as <span class="emphasis"><em>principals</em></span>.
</div><div class="para">
A service principal consists of three components:
<div class="itemizedlist"><ul><li class="listitem"><div class="para">
@@ -2515,7 +2490,7 @@ Keytab successfully retrieved and stored in: /tmp/panther.keytab</pre>
</div></li></ul></div>
</div><div class="para">
- The service name is an arbitrary case-sensitive string, such as <code class="systemitem">host</code>, <code class="systemitem">HTTP</code>, <code class="systemitem">ldap</code>, or <code class="systemitem">DNS</code>. By convention, daemons use a specific service; sometimes this service name is obvious, but not always. The <code class="systemitem">sshd</code> daemon, for example, uses the <code class="systemitem">host</code> service principal.
+ The service name is an arbitrary case-sensitive string, such as host, HTTP, LDAP, or DNS. By convention, daemons use a specific service; sometimes this service name is obvious, but not always. The <code class="systemitem">sshd</code> daemon, for example, uses the host service principal.
</div><div class="para">
The syntax, or structure, of a service principal is as follows: <code class="systemitem">service/FQDN at REALM</code>. For example, the host service principal for a machine named <code class="systemitem">test.example.com</code> in the Kerberos realm <code class="systemitem">EXAMPLE.COM</code> would be <code class="systemitem">host/test.example.com at EXAMPLE.COM</code>. By convention, this principal is stored in <code class="filename">/etc/krb5.keytab</code>.
</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
@@ -2525,9 +2500,9 @@ Keytab successfully retrieved and stored in: /tmp/panther.keytab</pre>
</div><div class="para">
Service principals are typically released per service, although it is possible for one service principal to be used for more than one service.
</div><div class="formalpara" id="Service_Principals_and_Key_Tables_keytabs-The_Importance_of_Service_Principals_and_keytabs"><h5 class="formalpara">The Importance of Service Principals and keytabs</h5>
- Service principals and their associated keys play a critical role in a <code class="systemitem">Kerberos</code>-aware environment. This is especially true when services are accessed by multiple users. As long as a valid ticket exists for a specific service, users can access that service using their <code class="systemitem">Kerberos</code> credentials.
+ Service principals and their associated keys play a critical role in a Kerberos-aware environment. This is especially true when services are accessed by multiple users. As long as a valid ticket exists for a specific service, users can access that service using their Kerberos credentials.
</div><div class="para">
- For example, if a user tries to mount an <code class="systemitem">NFS</code> directory using <code class="systemitem">Kerberos</code>, then both the <code class="systemitem">NFS</code> server and the user require their own valid principal, and share their own secret key with the <abbr class="abbrev">KDC</abbr>. The NFS server key is established during the FreeIPA <code class="systemitem">NFS</code> configuration on the server. If the secret key is replaced on the server, for example, by getting a new keytab, then you need to export this new keytab to the KDC, which will then distribute it to the clients.
+ For example, if a user tries to mount an NFS directory using Kerberos, then both the NFS server and the user require their own valid principal, and share their own secret key with the <abbr class="abbrev">KDC</abbr>. The NFS server key is established during the FreeIPA NFS configuration on the server. If the secret key is replaced on the server, for example, by getting a new keytab, then you need to export this new keytab to the KDC, which will then distribute it to the clients.
</div><div class="formalpara" id="Service_Principals_and_Key_Tables_keytabs-Protecting_keytab_Files"><h5 class="formalpara">Protecting keytab Files</h5>
To protect your keytab files, consider the following general rules with respect to their permissions and ownership:
<div class="itemizedlist"><ul><li class="listitem"><div class="para">
@@ -2535,47 +2510,51 @@ Keytab successfully retrieved and stored in: /tmp/panther.keytab</pre>
</div></li><li class="listitem"><div class="para">
Mode: 0600
</div></li></ul></div>
- For example, set the owner of the <span class="application"><strong>Apache</strong></span> keytab (<code class="filename">/etc/httpd/conf/ipa.keytab</code>) to <code class="literal">httpd</code> and the mode to <code class="literal">0600</code>.
+ For example, set the owner of the Apache keytab (<code class="filename">/etc/httpd/conf/ipa.keytab</code>) to <code class="literal">httpd</code> and the mode to <code class="literal">0600</code>.
</div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
- Clients attempting to mount <code class="systemitem">NFS</code> exports rely on the existence of a valid principal and secret key on both the <code class="systemitem">NFS</code> server and the client host. Clients themselves should not have access to the <code class="systemitem">NFS</code> keytab. The ticket for the <code class="systemitem">NFS</code> connection will be given to clients from the KDC.
+ Clients attempting to mount NFS exports rely on the existence of a valid principal and secret key on both the NFS server and the client host. Clients themselves should not have access to the NFS keytab. The ticket for the NFS connection will be given to clients from the KDC.
</div><div class="para">
Failure to export an updated keytab can cause problems that are difficult to isolate. For example, existing service connections may continue to function, but no new connections may be possible.
</div><div class="para">
Due to the critical role that keytabs play in authenticating users and services, and the issues that can arise if they are compromised, ensure that all keytab files are appropriately secured, and have suitable file ownership and permissions established.
- </div></div></div></div><div class="section" id="kerb-policies"><div class="titlepage"><div><div><h2 class="title" id="kerb-policies">6.2. Setting Kerberos Ticket Policies</h2></div></div></div><div class="para">
- Kerberos tickets are issued subject to the restraints of the <em class="firstterm">Kerberos ticket policy</em>. This policy defines the maximum ticket lifetime and also the maximum renewal age, the period during which the ticket is renewable. You can use the <code class="command">ipa krbtpolicy-mod</code> command to modify the policy to suit your environment. You can also use the <code class="command">ipa krbtpolicy-reset</code> command to reset the policy to the default values.
- </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
- Any change to the global Kerberos ticket policy requires a restart of the KDC for the changes to take effect. Use the following command to restart the KDC:
-<pre class="screen"><code class="command"># service krb5kdc restart</code></pre>
-
- </div></div></div><div class="para">
- Kerberos authentication is the core of the FreeIPA server. For a full discussion of how Kerberos works, configuration, and other aspects of Kerberos, see the MIT Kerberos project documentation at <a href="http://web.mit.edu/kerberos/www/">http://web.mit.edu/kerberos/www/</a>.
+ </div></div></div></div><div class="section" id="kerb-policies"><div class="titlepage"><div><div><h2 class="title" id="kerb-policies">6.2. Setting Kerberos Ticket Policies</h2></div></div></div><a id="id4139226" class="indexterm"></a><a id="id4139234" class="indexterm"></a><div class="para">
+ The Kerberos <span class="emphasis"><em>ticket policy</em></span> sets basic restructions on managing tickets within the Kerberos realm, such as the maximum ticket lifetime and the maximum renewal age (the period during which the ticket is renewable).
</div><div class="para">
- FreeIPA uses a single Kerberos ticket policy. This policy defines the maximum ticket lifetime and the maximum renewal age; that is, the period during which the ticket is renewable. You can also create a per-user ticket policy by specifying the user login.
- </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
- Changes to the global policy require a restart of the KDC service to take effect, as follows:
-<pre class="screen"><code class="command"># service krb5kdc restart</code></pre>
-
+ The Kerberos ticket policy is set globally so that it applies to every ticket issued within the realm. FreeIPA also has the ability to set user-level ticket policies which override the global policies. This can be used, for example, to set extended expiration times for administrators or to set shorter expiration times for some employees.
+ </div><div class="section" id="kerb-policies-global"><div class="titlepage"><div><div><h3 class="title" id="kerb-policies-global">6.2.1. Setting Global Ticket Policies</h3></div></div></div><a id="id3245115" class="indexterm"></a><div class="para">
+ The <code class="command">ipa krbtpolicy-mod</code> command modifies the policy, while the <code class="command">ipa krbtpolicy-reset</code> command resets the policy to the default values.
</div><div class="para">
- Changes to per-user policies take effect immediately for newly-requested tickets, for example, when the user next runs <code class="command">kinit</code>.
- </div></div></div></div><div class="section" id="Configuring_Service_Principals-Creating_and_Using_Service_Principals"><div class="titlepage"><div><div><h2 class="title" id="Configuring_Service_Principals-Creating_and_Using_Service_Principals">6.3. Creating and Using Service Principals</h2></div></div></div><div class="para">
+ For example:
+ </div><pre class="screen"># ipa krbtpolicy-mod --maxlife=3600 --maxrenew=18000
+ Max life: 3600
+ Max renew: 18000</pre><div class="important"><div class="admonition_header"><h2>IMPORTANT</h2></div><div class="admonition"><div class="para">
+ Any change to the global Kerberos ticket policy requires a restart of the KDC for the changes to take effect. Restart the KDC:
+<pre class="screen"># service krb5kdc restart</pre>
+
+ </div></div></div></div><div class="section" id="user-ticket-policies"><div class="titlepage"><div><div><h3 class="title" id="user-ticket-policies">6.2.2. Setting User-Level Ticket Policies</h3></div></div></div><a id="id3150846" class="indexterm"></a><div class="para">
+ User-level Kerberos ticket policies are set using the same commands as global policies, but the user is specified in the command.
+ </div><div class="para">
+ For example:
+ </div><pre class="screen"># ipa krbtpolicy-mod jsmith --maxlife=3600
+ Max life: 3600</pre><div class="important"><div class="admonition_header"><h2>IMPORTANT</h2></div><div class="admonition"><div class="para">
+ User-level policies take effect immediately on the next requested ticket (such as running <code class="command">kinit</code>), without having to restart the KDC service.
+ </div></div></div></div></div><div class="section" id="Configuring_Service_Principals-Creating_and_Using_Service_Principals"><div class="titlepage"><div><div><h2 class="title" id="Configuring_Service_Principals-Creating_and_Using_Service_Principals">6.3. Creating and Using Service Principals</h2></div></div></div><a id="id3350088" class="indexterm"></a><a id="id3350095" class="indexterm"></a><div class="para">
You can use the web interface to create service principals and also to search for existing service principals. For security and other reasons, however, it is not possible to retrieve a keytab using the web interface. This has to be done either on the command line on the system where the service is accessed, or on the FreeIPA server itself, and the keytab then exported to the client host.
</div><div class="para">
- The following example demonstrates creating a service principal and keytab on a client host for the <code class="systemitem">HTTP</code> service. In this example, the client host is <code class="systemitem">ipaclient.example.com</code> and the FreeIPA server is <code class="systemitem">ipaserver.example.com</code>:
-<pre class="screen"><code class="command"># kinit admin</code>
-<code class="command"># ipa host-add ipaclient.example.com</code>
-<code class="command"># ipa service-add HTTP/ipaclient.example.com at EXAMPLE.COM</code>
-<code class="command"># ipa-getkeytab -s ipaserver.example.com -p HTTP/ipaclient.example.com /</code>
-<code class="command">-k /etc/httpd/conf/ipa.keytab</code></pre>
+ The following example demonstrates creating a service principal and keytab on a client host for the HTTP service. In this example, the client host is <code class="systemitem">ipaclient.example.com</code> and the FreeIPA server is <code class="systemitem">ipaserver.example.com</code>:
+<pre class="screen"># kinit admin
+# ipa host-add ipaclient.example.com
+# ipa service-add HTTP/ipaclient.example.com at EXAMPLE.COM
+# ipa-getkeytab -s ipaserver.example.com -p HTTP/ipaclient.example.com -k /etc/httpd/conf/ipa.keytab</pre>
</div><div class="para">
- Note the location of the keytab. By default, <span class="application"><strong>FreeIPA</strong></span> saves its <code class="systemitem">HTTP</code> keytab to <code class="filename">/etc/httpd/conf/ipa.keytab</code>. This keytab is used in the webUI, and so you should be aware that if a key were stored in <code class="filename">ipa.keytab</code> and you later deleted that keytab file, the FreeIPA interface would stop working, because the original key would also be deleted.
+ Note the location of the keytab. By default, FreeIPA saves its HTTP keytab to <code class="filename">/etc/httpd/conf/ipa.keytab</code>. This keytab is used in the webUI, and so you should be aware that if a key were stored in <code class="filename">ipa.keytab</code> and you later deleted that keytab file, the FreeIPA interface would stop working, because the original key would also be deleted.
</div><div class="para">
Similar locations can be specified for each service that needs to be made Kerberos aware. There is no specific location that must be used, but, when using <code class="command">ipa-getkeytab</code>, you should avoid using <code class="filename">/etc/krb5.keytab</code>. This file should not contain service-specific keytabs; each service should have its keytab saved in a specific location and the access privileges (and possibly SELinux rules) should be configured so that only this service has access to the keytab.
</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- The realm name is optional. The FreeIPA server automatically appends the <code class="systemitem">Kerberos</code> realm for which it is configured. You cannot specify a different realm.
+ The realm name is optional. The FreeIPA server automatically appends the Kerberos realm for which it is configured. You cannot specify a different realm.
</div></li><li class="listitem"><div class="para">
- The hostname must resolve to a <code class="systemitem">DNS</code> A record for it to work with <code class="systemitem">Kerberos</code>. You can use the <code class="option">--force</code> flag to force the creation of a principal should this prove necessary.
+ The hostname must resolve to a DNS A record for it to work with Kerberos. You can use the <code class="option">--force</code> flag to force the creation of a principal should this prove necessary.
</div></li><li class="listitem"><div class="para">
The <code class="command">ipa-getkeytab</code> command is part of the <span class="package">freeipa-client</span> package, which is only available for Fedora 15 or later. For other clients, you need to use this procedure on the server and manually copy the keytab to the client.
</div></li><li class="listitem"><div class="para">
@@ -2586,7 +2565,7 @@ Keytab successfully retrieved and stored in: /tmp/panther.keytab</pre>
FreeIPA provides a range of tools and commands to facilitate the creation and administration of services and the service principals and certificates required to use them. Some of this can be automated, but there will always be a certain amount of manual intervention required to create services and certificates after the initial joining of a host to a realm. These requirements and procedures are discussed in the following sections.
</div><div class="section" id="Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service"><div class="titlepage"><div><div><h3 class="title" id="Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service">6.3.1. Creating a FreeIPA Service</h3></div></div></div><div class="formalpara" id="Creating_an_IPA_Service-Prerequisites"><h5 class="formalpara">Prerequisites</h5>
Before you can create a service for a FreeIPA host, you need to ensure that the host exists. This should be true if it has already joined the realm. Use the following command to determine if the host exists:
-<pre class="screen"><code class="command"># ipa host-show myserver.mydomain.net</code></pre>
+<pre class="screen"># ipa host-show myserver.mydomain.net</pre>
</div><div class="para">
If the host does <span class="emphasis"><em>not</em></span> exist in the realm, you will see an error message similar to the following:
@@ -2594,7 +2573,7 @@ Keytab successfully retrieved and stored in: /tmp/panther.keytab</pre>
</div><div class="formalpara" id="Creating_an_IPA_Service-To_create_an_IPA_service"><h5 class="formalpara">To create a FreeIPA service:</h5>
Use the following command to create a service for that host:
-<pre class="screen"><code class="command"># ipa service-add test/myserver.mydomain.net</code></pre>
+<pre class="screen"># ipa service-add test/myserver.mydomain.net</pre>
</div><div class="para">
This will produce output similar to the following:
@@ -2605,13 +2584,13 @@ Added service "test/myserver.mydomain.net at MYDOMAIN.NET"
Principal: test/myserver.mydomain.net at MYDOMAIN.NET
Managed by: myserver.mydomain.net</pre><div class="section" id="Creating_an_IPA_Service-Requesting_a_Certificate_for_a_Service"><div class="titlepage"><div><div><h4 class="title" id="Creating_an_IPA_Service-Requesting_a_Certificate_for_a_Service">6.3.1.1. Requesting a Certificate for a Service</h4></div></div></div><div class="para">
Use the following command to request a certificate for the new service. The certificate request is contained in the <code class="filename">example.csr</code> file.
-<pre class="screen"><code class="command"># ipa cert-request --principal=test/myserver.mydomain.net example.csr </code></pre>
+<pre class="screen"># ipa cert-request --principal=test/myserver.mydomain.net example.csr</pre>
</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
You can use the <code class="option">--add</code> option to create the service when requesting the certificate.
</div></div></div><div class="para">
If necessary, create the CSR file using openssl. The following is an example session creating such a file:
- </div><pre class="screen"><code class="command"># openssl req -out example.csr -new -newkey rsa:2048 -nodes -keyout private.key</code>
+ </div><pre class="screen"># openssl req -out example.csr -new -newkey rsa:2048 -nodes -keyout private.key
Generating a 2048 bit RSA private key
.........................................................+++
.............................+++
@@ -2637,24 +2616,24 @@ to be sent with your certificate request
A challenge password []:
An optional company name []:</pre></div><div class="section" id="Creating_an_IPA_Service-Using_certmonger_to_Manage_Certificate_Requests"><div class="titlepage"><div><div><h4 class="title" id="Creating_an_IPA_Service-Using_certmonger_to_Manage_Certificate_Requests">6.3.1.2. Using certmonger to Manage Certificate Requests</h4></div></div></div><div class="para">
You can also use <span class="application"><strong>certmonger</strong></span> to manage the certificate request process for you. Use the following command to request a certificate:
-<pre class="screen"><code class="command"># ipa-getcert request -d /etc/pki/nssdb -n Server-Cert</code></pre>
+<pre class="screen"># ipa-getcert request -d /etc/pki/nssdb -n Server-Cert</pre>
</div><div class="para">
The <code class="filename">/etc/pki/nssdb</code> file is the global NSS database, and <code class="literal">Server-Cert</code> is the nickname of this certificate. There is nothing special about this name; it can be anything, but it does need to be unique within this database. Use the <code class="command">ipa-getcert list</code> command to display the current status of certificates managed by <span class="application"><strong>certmonger</strong></span>.
</div><div class="para">
If you use <span class="application"><strong>certmonger</strong></span> to request a certificate for a service, you need to use the <code class="option">-K <principal></code> option. Without this option, <span class="application"><strong>certmonger</strong></span> assumes it is requesting a certificate for the host service (host/fqdn at REALM). For example:
- </div><pre class="screen"><code class="command"># ipa-getcert request -d /etc/httpd/alias -n Server-Cert -K</code>
-<code class="command">HTTP/myserver.mydomain.net at MYDOMAIN.NET -N 'CN=myserver.mydomain.net,O=MYDOMAIN.NET'</code></pre><div class="para">
+ </div><pre class="screen"># ipa-getcert request -d /etc/httpd/alias -n Server-Cert -K
+HTTP/myserver.mydomain.net at MYDOMAIN.NET -N 'CN=myserver.mydomain.net,O=MYDOMAIN.NET'</pre><div class="para">
You need to use the <code class="option">-N</code> option to specify the subject when using the <code class="option">-K</code> option. The subject format is as follows: CN=<fqdn>,O=<subject base>
</div><div class="para">
You can configure the FreeIPA subject base as part of the FreeIPA server installation process; the default value is the same as the default value for the realm name, which is derived from the hostname by default. Use the following command to determine the subject base:
-<pre class="screen"><code class="command">$ ipa config-show | grep -i subject</code></pre>
+<pre class="screen">$ ipa config-show | grep -i subject</pre>
FreeIPA will reject requests with invalid subject base values.
</div></div><div class="section" id="Creating_an_IPA_Service-Using_NSS"><div class="titlepage"><div><div><h4 class="title" id="Creating_an_IPA_Service-Using_NSS">6.3.1.3. Using NSS</h4></div></div></div><div class="para">
If you need to create an NSS database in which to store your key, use the <code class="command">certutil</code> command as follows:
-<pre class="screen"><code class="command">$ certutil -N -d /path/to/database/dir</code>
-<code class="command">$ certutil -R -s "CN=myserver.mydomain.net, O=MYDOMAIN.NET" \</code>
-<code class="command">-d /path/to/database/dir -a > example.csr</code></pre>
+<pre class="screen">$ certutil -N -d /path/to/database/dir
+
+$ certutil -R -s "CN=myserver.mydomain.net, O=MYDOMAIN.NET" -d /path/to/database/dir -a > example.csr</pre>
</div><div class="formalpara" id="Using_NSS-CSR_File_Formats"><h5 class="formalpara">CSR File Formats</h5>
The format of the CSR is partly dependent upon the CA back end you are using.
@@ -2662,16 +2641,16 @@ An optional company name []:</pre></div><div class="section" id="Creating_an_IPA
If you are using Dogtag, then the Common Name (CN) is the only part of the request subject that is used; all other components are ignored.
</div><div class="para">
If you are using the selfsigned CA back end, then the subject must match the configured certificate subject base. You can find this with:
- </div><pre class="screen"><code class="command">$ ipa config-show | grep -i subject</code>
+ </div><pre class="screen">$ ipa config-show | grep -i subject
Certificate Subject base: O=MYDOMAIN.NET</pre><div class="para">
This means you need to use MYDOMAIN.NET for the organization. FreeIPA will reject requests whose subject base differs from this value.
</div></div></div><div class="section" id="Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server"><div class="titlepage"><div><div><h3 class="title" id="Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server">6.3.2. Configuring an NFS Service Principal on the FreeIPA Server</h3></div></div></div><div class="para">
- The following procedure describes how to configure <code class="systemitem">NFS</code> on the FreeIPA server and to set up an <code class="systemitem">NFS</code> service principal.
- </div><div class="procedure" id="Configuring_an_NFS_Service_Principal_on_the_IPA_Server-Configuring_NFS_on_the_IPA_Server"><h6>Procedure 6.1. Configuring <code class="systemitem">NFS</code> on the FreeIPA Server</h6><ol class="1"><li class="step"><div class="para">
+ The following procedure describes how to configure NFS on the FreeIPA server and to set up an NFS service principal.
+ </div><div class="procedure" id="Configuring_an_NFS_Service_Principal_on_the_IPA_Server-Configuring_NFS_on_the_IPA_Server"><h6>Procedure 6.1. Configuring NFS on the FreeIPA Server</h6><ol class="1"><li class="step"><div class="para">
Configure the export directory.
-<pre class="screen"><code class="command"># mkdir /export</code>
-<code class="command"># chmod 777 /export</code></pre>
+<pre class="screen"># mkdir /export
+# chmod 777 /export</pre>
</div></li><li class="step"><div class="para">
Configure the <code class="filename">/etc/exports</code> file as follows:
@@ -2684,17 +2663,17 @@ Certificate Subject base: O=MYDOMAIN.NET</pre><div class="para">
</pre>
</div></li><li class="step"><div class="para">
- To enable secure <code class="systemitem">NFS</code>, add the following line to <code class="filename">/etc/sysconfig/nfs</code>
+ To enable secure NFS, add the following line to <code class="filename">/etc/sysconfig/nfs</code>:
</div><div class="para">
<pre class="programlisting">SECURE_NFS=yes
</pre>
</div></li><li class="step"><div class="para">
- Add a service principal and keytab for <code class="systemitem">NFS</code>.
-<pre class="screen"><code class="command"># ipa service-add nfs/ipaserver.example.com</code>
-<code class="command"># ipa-getkeytab -s ipaserver.example.com -p nfs/ipaserver.example.com \</code>
- <code class="command">-k /etc/nfs/conf/nfs.keytab</code></pre>
+ Add a service principal and keytab for NFS.
+<pre class="screen"># ipa service-add nfs/ipaserver.example.com
+
+# ipa-getkeytab -s ipaserver.example.com -p nfs/ipaserver.example.com -k /etc/nfs/conf/nfs.keytab</pre>
</div><div class="note"><div class="admonition_header"><h2>NFS Encryption Support</h2></div><div class="admonition"><div class="para">
Some versions of the Linux NFS implementation have limited encryption type support. If your NFS server is hosted on an older Fedora machine, you may need to use the <code class="option">-e des-cbc-crc</code> option to the <code class="command">ipa-getkeytab</code> command for any nfs/<FQDN> service keytabs you want to set up, both on the server and on all clients. This instructs the KDC to generate only DES keys.
@@ -2702,10 +2681,10 @@ Certificate Subject base: O=MYDOMAIN.NET</pre><div class="para">
If you use this option to generate DES keys, then all clients and servers that rely on this encryption type need to have the <code class="option">allow_weak_crypto</code> option enabled in the [libdefaults] section of the <code class="filename">/etc/krb5.conf</code> file. Without these configuration changes, NFS clients and servers will be unable to authenticate to each other, and attempts to mount NFS filesystems may fail. The client's <code class="systemitem">rpc.gssd</code> and the server's <code class="systemitem">rpc.svcgssd</code> daemons may log errors indicating that DES encryption types are not permitted.
</div></div></div></li><li class="step"><div class="para">
Run the following commands to reload the NFS configuration and restart the required services:
-<pre class="screen"><code class="command"># exportfs -a</code>
-<code class="command"># restart services</code>
-<code class="command"># service nfs restart</code>
-<code class="command"># service rpcgssd restart -k /etc/nfs/conf/nfs.keytab</code></pre>
+<pre class="screen"># exportfs -a
+# restart services
+# service nfs restart
+# service rpcgssd restart -k /etc/nfs/conf/nfs.keytab</pre>
</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
Note the use of the <code class="option">-k</code> option when restarting <code class="systemitem">rpcgssd</code>. This is necessary to update the NFS configuration with the path to the NFS keytab.
@@ -2715,28 +2694,26 @@ Certificate Subject base: O=MYDOMAIN.NET</pre><div class="para">
Manually refreshing Kerberos tickets is a two step process: you first need to find all of the keytabs that are older than a certain date, and then obtain a new keytab for the host or service in question. This process is described in detail below.
</div><div class="procedure" id="Refreshing_Kerberos_Tickets-How_to_manually_refresh_Kerberos_keytabs"><h6>Procedure 6.2. How to manually refresh Kerberos keytabs</h6><ol class="1"><li class="step"><div class="para">
Find all keytabs, both for host services and for any other services, issued before today. Use the following queries (update the dates as necessary):
-<pre class="screen"><code class="command"># ldapsearch -x -b "cn=computers,cn=accounts,dc=example,dc=com"</code> <code class="command">"(&(krblastpwdchange<=20110110000000)(krblastpwdchange>=19710101000000))" dn krbprincipalname</code></pre>
+<pre class="screen"># ldapsearch -x -b "cn=computers,cn=accounts,dc=example,dc=com" "(&(krblastpwdchange<=20110110000000)(krblastpwdchange>=19710101000000))" dn krbprincipalname</pre>
-<pre class="screen"><code class="command"># ldapsearch -x -b "cn=services,cn=accounts,dc=example,dc=com"</code> <code class="command">"(&(krblastpwdchange<=20110110000000)(krblastpwdchange>=19710101000000))" dn krbprincipalname</code></pre>
+<pre class="screen"># ldapsearch -x -b "cn=services,cn=accounts,dc=example,dc=com" "(&(krblastpwdchange<=20110110000000)(krblastpwdchange>=19710101000000))" dn krbprincipalname</pre>
<div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
Dates are expressed in YYYYMMDD format, and times in HHMMSS format (GMT).
</div></div></div>
</div></li><li class="step"><div class="para">
Log into each machine and obtain a new keytab for the given service. To do this, you need to know the location of the keytab on the target system. For example, the default location for the <code class="systemitem">host/</code> principal is <code class="filename">/etc/krb5.keytab</code>. Use the <code class="command">ipa-getkeytab</code> command to retrieve a new <code class="systemitem">host/</code>principal:
-<pre class="screen"><code class="command"># ipa-getkeytab -p host/client.example.com at EXAMPLE.COM \</code>
- <code class="command">-s ipa.example.com -k /etc/krb5.keytab</code></pre>
+<pre class="screen"># ipa-getkeytab -p host/client.example.com at EXAMPLE.COM -s ipa.example.com -k /etc/krb5.keytab</pre>
</div><div class="para">
- To retrieve a new keytab for the <code class="systemitem">HTTP</code> service, run the following command instead:
-<pre class="screen"><code class="command"># ipa-getkeytab -p HTTP/client.example.com at EXAMPLE.COM \</code>
-<code class="command">-s ipa.example.com -k /etc/httpd/conf/ipa.keytab</code></pre>
+ To retrieve a new keytab for the HTTP service, run the following command instead:
+<pre class="screen"># ipa-getkeytab -p HTTP/client.example.com at EXAMPLE.COM -s ipa.example.com -k /etc/httpd/conf/ipa.keytab</pre>
</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
The <code class="command">ipa-getkeytab</code> command does not delete the old keytab in case it already exists in the file.
</div></div></div></li></ol></div><div class="para">
You can use the <code class="command">klist</code> command to view the new key version number (KVNO):
-<pre class="screen"><code class="command"># klist -kt /path/to/keytab</code></pre>
+<pre class="screen"># klist -kt /path/to/keytab</pre>
</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
Some services, such as NFSv4, only support a limited set of encryption types. Ensure that you pass the appropriate arguments to the <code class="command">ipa-getkeytab</code> command.
@@ -2744,11 +2721,11 @@ Certificate Subject base: O=MYDOMAIN.NET</pre><div class="para">
Kerberos keys are similar to passwords, and in the interests of security they should occasionally be changed. The frequency of these changes may be determined by company or other policies. Each key has an associated version number, which are stored in the <em class="parameter"><code>KVNO</code></em> parameter.
</div><div class="formalpara" id="Rotating_Kerberos_Keys-Obtaining_a_new_service_principal_Kerberos_key"><h5 class="formalpara">Obtaining a new service principal Kerberos key</h5>
Use the <code class="command">ipa-getkeytab</code> command to create a new Kerberos key. For example, use the following command to refresh your FreeIPA keytab:
-<pre class="screen"><code class="command"># ipa-getkeytab -s ipa.example.com -k /etc/dirsrv/ds.keytab -p ldap/ipa.example.com at EXAMPLE.COM</code></pre>
+<pre class="screen"># ipa-getkeytab -s ipa.example.com -k /etc/dirsrv/ds.keytab -p ldap/ipa.example.com at EXAMPLE.COM</pre>
This will add a new set of keys to your existing keytab. That is, you should now have two identical sets of principals, each with a separate <em class="parameter"><code>KVNO</code></em>.
</div><div class="para">
Use the <code class="command">klist</code> command to view the existing keys:
-<pre class="screen"><code class="command"># klist -kt /etc/dirsrv/ds.keytab</code>
+<pre class="screen"># klist -kt /etc/dirsrv/ds.keytab
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin at EXAMPLE.COM
@@ -2760,7 +2737,7 @@ Valid starting Expires Service principal
</div><div class="para">
Use the <code class="command">kvno</code> command to display the version number of a service ticket that you have been issued:
-<pre class="screen"><code class="command"># kvno -c /tmp/krb5cc_0 ldap/ipa.example.com at EXAMPLE.COM</code></pre>
+<pre class="screen"># kvno -c /tmp/krb5cc_0 ldap/ipa.example.com at EXAMPLE.COM</pre>
The <code class="option">-c</code> option specifies which credentials cache to use. The credentials cache (Ticket cache) is included in the output of the <code class="command">klist</code> command, above.
</div><div class="para">
Tickets issued against the old service will continue to work as expected but new tickets will be issued using the highest <em class="parameter"><code>KVNO</code></em>. This is to avoid any disruption to system operations. No service restart should be needed.
@@ -2768,58 +2745,67 @@ Valid starting Expires Service principal
You should maintain the old records for at least the amount of time that valid tickets are issues (8 hours by default) so that any clients that have a ticket encrypted with the old key will continue to work. However, there is no real need to remove old keys.
</div><div class="para">
FreeIPA does not currently provide an automated method of performing this task for all service tickets. Use the following queries to display a list of all services that have been issued keytabs:
-<pre class="screen"><code class="command"># ldapsearch -LLL -x -b 'cn=services,cn=accounts,dc=example,dc=com' \</code>
- <code class="command">'(krblastpwdchange=*)' krbprincipalname</code>
-<code class="command"># ldapsearch -LLL -x -b 'cn=computers,cn=accounts,dc=example,dc=com' \</code>
- <code class="command">'(krblastpwdchange=*)' krbprincipalname</code></pre>
+<pre class="screen"># ldapsearch -LLL -x -b 'cn=services,cn=accounts,dc=example,dc=com' '(krblastpwdchange=*)' krbprincipalname
+
+# ldapsearch -LLL -x -b 'cn=computers,cn=accounts,dc=example,dc=com' '(krblastpwdchange=*)' krbprincipalname</pre>
</div><div class="para">
This will display service and host keytab information. It is not possible to determine if it has a key directly, but you can infer that a keytab was issued by looking at the last change date.
- </div></div><div class="section" id="General_Troubleshooting_Tips-Kerberos_Errors"><div class="titlepage"><div><div><h2 class="title" id="General_Troubleshooting_Tips-Kerberos_Errors">6.6. Kerberos Errors</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="kerberos-pwd-cache"><div class="titlepage"><div><div><h2 class="title" id="kerberos-pwd-cache">6.6. Caching Kerberos Passwords</h2></div></div></div><a id="id3069655" class="indexterm"></a><a id="id3069667" class="indexterm"></a><div class="para">
+ A machine may not always be on the same network as the FreeIPA domain; for example, a machine may need to be logged into a VPN before it can access the FreeIPA domain. If a user logs into a system when it is offline and then later attempts to connect to FreeIPA services, then the user is blocked because there is no FreeIPA Kerberos ticket for that user. FreeIPA works around that limitation by using SSSD to store the Kerberos passwords in the SSSD cache.
+ </div><div class="para">
+ This is configured by default by the <code class="command">ipa-client-install</code> script. A configuration parameter is added to the <code class="filename">/etc/sssd/sssd.conf</code> file which specifically instructs SSSD to store those Kerberos passwords for the FreeIPA domain:
+ </div><pre class="programlisting"><span class="perl_String">[</span><span class="perl_Reserved">domain</span><span class="perl_String">/example.com]</span><span class="perl_String"></span>
+<span class="perl_String"></span><span class="perl_String">cache_credentials = True</span><span class="perl_String"></span>
+<span class="perl_String"></span><span class="perl_String">ipa_domain = example.com</span><span class="perl_String"></span>
+<span class="perl_String"></span><span class="perl_String">id_provider = ipa</span><span class="perl_String"></span>
+<span class="perl_String"></span><span class="perl_String">auth_provider = ipa</span><span class="perl_String"></span>
+<span class="perl_String"></span><span class="perl_String">access_provider = ipa</span><span class="perl_String"></span>
+<span class="perl_String"></span><span class="perl_String">chpass_provider = ipa</span><span class="perl_String"></span>
+<span class="perl_String"></span><span class="perl_String">ipa_server = _srv_, server.example.com</span><span class="perl_String"></span>
+<span class="perl_String"></span><span class="perl_String">krb5_store_password_if_offline = true</span></pre><a id="id3129589" class="indexterm"></a><div class="para">
+ This default behavior can be disabled during the client installation by using the <code class="option">--no-krb5-offline-passwords</code> option.
+ </div><div class="para">
+ This behavior can also be disabled by editing the <code class="filename">/etc/sssd/sssd.conf</code> file and removing the <code class="option">krb5_store_password_if_offline</code> line or changing its value to false.
+ </div></div><div class="section" id="Kerberos_Errors"><div class="titlepage"><div><div><h2 class="title" id="Kerberos_Errors">6.7. Troubleshooting Kerberos Errors</h2></div></div></div><div class="para">
If <code class="command">kinit</code> fails or you see an unusual Kerberos error back in the framework, inspect the following files for possible causes:
<div class="itemizedlist"><ul><li class="listitem"><div class="para">
- On the server: <code class="filename">/var/log/krb5kdc.log</code>
+ On the server, look at the KDC log in <code class="filename">/var/log/krb5kdc.log</code>.
</div></li><li class="listitem"><div class="para">
- If you were using the framework also look in <code class="filename">/var/log/httpd/error_log</code>
+ For FreeIPA errors, also look in <code class="filename">/var/log/httpd/error_log</code>.
</div></li></ul></div>
- </div></div></div><div xml:lang="en-US" class="chapter" id="automount" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 7. Identity: Using Automount</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#about-automount">7.1. About Automount and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Known_Issues_with_Automount">7.1.1. Known Issues with Automount</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Assumptions">7.1.2. Assumptions</a></span></dt></dl></dd><dt><span class="section"><a href="#configuring-automount">7.2. Configuring Automount</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_autofs_on_Linux">7.2.1. Configuring autofs on Linux</a></span></dt><dt><span class="section"><a href="#sect-
Enterprise_Identity_Management_Guide-Configuring_Automount-Solaris_automount">7.2.2. Solaris automount</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_Indirect_Maps">7.2.3. Configuring Indirect Maps</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Links">7.2.4. Links</a></span></dt></dl></dd></dl></div><div class="section" id="about-automount"><div class="titlepage"><div><div><h2 class="title" id="about-automount">7.1. About Automount and IPA</h2></div></div></div><div class="para">
- This chapter describes how to configure <code class="command">automount</code> on <code class="systemitem">Linux</code> and <code class="systemitem">Solaris</code> for use with IPA. It details the procedures and configuration changes necessary to set up <code class="command">automount</code>, the <code class="filename">auto.master</code> file and other map files used by <code class="command">autofs</code>.
- </div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Known_Issues_with_Automount"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Known_Issues_with_Automount">7.1.1. Known Issues with Automount</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Known_Issues_with_Automount-Additional_Schema_Required_for_Some_Systems"><h5 class="formalpara">Additional Schema Required for Some Systems</h5>
- If you are supporting <code class="systemitem">Solaris</code> clients, you need to use the 2307bis-style <code class="command">automount</code> schema, although Sun's version is NOT identical to the one at <a href="http://people.redhat.com/nalin/schema/autofs.schema">http://people.redhat.com/nalin/schema/autofs.schema</a>.
- </div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Assumptions"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Assumptions">7.1.2. Assumptions</h3></div></div></div><div class="para">
- In order to illustrate the <code class="command">automount</code> configuration procedures, this chapter assumes that:
- <div class="itemizedlist"><ul><li class="listitem"><div class="para">
- The IPA server is correctly installed and operational.
- </div></li><li class="listitem"><div class="para">
- The domain is <code class="systemitem">example.com</code>.
- </div></li><li class="listitem"><div class="para">
- The NFS server is also configured as an IPA client.
- </div></li><li class="listitem"><div class="para">
- You have root access to the server where you want <code class="command">autofs</code> to work. For the purposes of this exercise, this server is called <code class="systemitem">nfsserver.example.com</code>
- </div></li><li class="listitem"><div class="para">
- The <code class="systemitem">nfsserver.example.com</code> server can communicate with the <code class="systemitem">LDAP</code> server for users and groups.
- </div></li><li class="listitem"><div class="para">
- The <code class="systemitem">NFS</code> service is running on <code class="systemitem">nfsserver.example.com</code>
- </div></li></ul></div>
-
- </div><div class="para">
- This chapter also assumes that the user has at least a basic understanding of <code class="systemitem">NFS</code> and automount.
- </div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Assumptions-NFS_Configuration"><h5 class="formalpara">NFS Configuration</h5>
- Configuring <code class="systemitem">NFS</code> is beyond the scope of this document. Refer to the <a href="http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/96/html/Storage_Administration_Guide/ch-nfs.html">http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/96/html/Storage_Administration_Guide/ch-nfs.html</a> for information on how to configure <code class="systemitem">NFS</code>.
- </div><div class="para">
- The following is an example of a suitable entry in the <code class="filename">/etc/exports</code> file:
- </div><pre class="programlisting">/home 192.168.1.0/16 (rw,fsid=0,insecure,no_subtree_check,sync,anonuid=65534,anongid=65534)
-</pre><div class="para">
- You should test that you can mount the <code class="filename">/home</code> directory from the command line before proceeding with the <code class="command">automount</code> configuration. This makes troubleshooting easier if the configuration does not work.
- </div></div></div><div class="section" id="configuring-automount"><div class="titlepage"><div><div><h2 class="title" id="configuring-automount">7.2. Configuring Automount</h2></div></div></div><div class="para">
- IPA natively supports automount and so only minimal configuration is required. IPA 2.0 also introduces the concept of a <em class="firstterm">location</em>, which allows for different sets of maps for different purposes, or locations.
- <div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
- You can direct different clients to use different map sets. These map sets use a tree structure, which means that you cannot share maps between locations.
- </div></div></div>
- Any extra steps required for configuring automount on Linux or Solaris are described below. Refer to the <code class="command">ipa help automount</code> help page for more information and a list of available commands.
- </div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_autofs_on_Linux"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_autofs_on_Linux">7.2.1. Configuring autofs on Linux</h3></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_autofs_on_Linux-To_configure_autofs_on_Linux"><h6>Procedure 7.1. To configure autofs on Linux:</h6><ol class="1"><li class="step"><div class="para">
- Edit the <code class="filename">/etc/sysconfig/autofs</code> file as follows. This specifies the attributes that <code class="command">autofs</code> searches for:
+ </div></div></div><div xml:lang="en-US" class="chapter" id="automount" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 7. Identity: Using Automount</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#about-automount">7.1. About Automount and FreeIPA</a></span></dt><dt><span class="section"><a href="#configuring-automount">7.2. Configuring Automount</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_Automount-Configuring_autofs_on_Linux">7.2.1. Configuring autofs on Fedora</a></span></dt><dt><span class="section"><a href="#Configuring_Automount-Solaris_automount">7.2.2. Configuring Automount on Solaris</a></span></dt></dl></dd><dt><span class="section"><a href="#adding-locations">7.3. Configuring Locations</a></span></dt><dt><span class="section"><a href="#Configuring_Automount-Configuring_Indirect_Maps">7.4. Configuring Indirect Maps</a></span></dt><dt><span class="section"><a href="#Configuring_Indir
ect_Maps-Configuring_Direct_Maps">7.5. Configuring Direct Maps</a></span></dt></dl></div><div class="para">
+ Automount is a way of making directories on different servers available, automatically, when requested by a user. This works exceptionally well within an FreeIPA domain since it allows directories on clients within the domain to be shared easily. This is especially important with user home directories (<a class="xref" href="#home-directories">Section 4.1, “Setting up User Home Directories”</a>).
+ </div><div class="para">
+ In FreeIPA, automount works with the internal LDAP directory and, if it is configured, DNS services.
+ </div><div class="section" id="about-automount"><div class="titlepage"><div><div><h2 class="title" id="about-automount">7.1. About Automount and FreeIPA</h2></div></div></div><div class="para">
+ Automount is a way to manage, organize, and access directories across multiple systems. Automount automatically mounts a directory whenever that resource is requested. Automount also provides a coherent structure to the way that this directories are organized. Every single directory, or <span class="emphasis"><em>mount point</em></span> is called a <span class="emphasis"><em>key</em></span>. Multiple keys that are grouped together are a <span class="emphasis"><em>map</em></span>, and maps are associated according to their physical or conceptual <span class="emphasis"><em>location</em></span>.
+ </div><div class="para">
+ The base configuration file for autofs is the <code class="filename">auto.master</code> file in the <code class="filename">/etc/</code> directory. There can be multiple <code class="filename">auto.master</code> configuration files in separate server locations, if necessary.
+ </div><div class="para">
+ When <code class="command">autofs</code> is configured on a server and that server is a client in a FreeIPA domain, then all of the configuration information for automount is stored in the FreeIPA directory. Rather than being stored in separate text files, the autofs configuration — maps, locations, and keys — are stored as LDAP entries. For example, the default map file, <code class="filename">auto.master</code>, is stored as:
+ </div><pre class="screen">dn: automountmapname=auto.master,cn=default,cn=automount,dc=example,dc=com
+objectClass: automountMap
+objectClass: top
+automountMapName: auto.master</pre><div class="para">
+ Each new location is added as a container entry under <code class="command">cn=automount,dc=example,dc=com</code>, and each map and each key are stored beneath that location.
+ </div><div class="para">
+ As with other FreeIPA domain services, automount works with FreeIPA natively. The automount configuration can be managed by FreeIPA tools:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Locations</em></span>, using <code class="command">ipa automountlocation*</code> commands
+ </div></li><li class="listitem"><div class="para">
+ Both direct and indirect <span class="emphasis"><em>maps</em></span>, using <code class="command">ipa automountmap*</code> commands
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Keys</em></span>, using <code class="command">ipa automountkey*</code> commands
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+ Solaris uses a different schema for autofs configuration than the schema used by FreeIPA. FreeIPA uses the 2307bis-style automount schema which is defined for 389 Directory Server.
+ </div></div></div><div class="para">
+ For automount to work within the FreeIPA domain, the NFS server must be configured as a FreeIPA client. Configuring NFS itself is covered in the <a href="http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/ch-nfs.html">Red Hat Enterprise Linux Storage Administration Guide</a>.
+ </div></div><div class="section" id="configuring-automount"><div class="titlepage"><div><div><h2 class="title" id="configuring-automount">7.2. Configuring Automount</h2></div></div></div><div class="note"><div class="admonition_header"><h2>TIP</h2></div><div class="admonition"><div class="para">
+ Test that the <code class="filename">/home</code> directory can be mounted from the command line successfully before changing the automount configuration. Making sure that NFS is already working properly makes it easier to troubleshoot any potential FreeIPA automount configuration errors later.
+ </div></div></div><div class="section" id="Configuring_Automount-Configuring_autofs_on_Linux"><div class="titlepage"><div><div><h3 class="title" id="Configuring_Automount-Configuring_autofs_on_Linux">7.2.1. Configuring autofs on Fedora</h3></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Edit the <code class="filename">/etc/sysconfig/autofs</code> file to specify the schema attributes that autofs searches for:
</div><pre class="programlisting">#
# Other common LDAP naming
#
@@ -2828,105 +2814,114 @@ ENTRY_OBJECT_CLASS="automount"
MAP_ATTRIBUTE="automountMapName"
ENTRY_ATTRIBUTE="automountKey"
VALUE_ATTRIBUTE="automountInformation"
-</pre></li><li class="step"><div class="para">
- You also need to specify which <code class="systemitem">LDAP</code> server to use, and the <em class="parameter"><code>basedn</code></em> for <code class="systemitem">LDAP</code> searches:
+</pre></li><li class="listitem"><div class="para">
+ Specify the LDAP configuration. There are two ways to do this. The simplest is to let the automount service discover the LDAP server and locations on its own:
+ </div><pre class="programlisting">LDAP_URI="ldap:///dc=example,dc=com"
+</pre><div class="para">
+ Alternatively, explicitly set which LDAP server to use and the base DN for LDAP searches:
</div><pre class="programlisting">LDAP_URI="ldap://ipa.example.com"
-SEARCH_BASE="cn=<location>,cn=automount,dc=example,dc=com"
+SEARCH_BASE="cn=<em class="replaceable"><code>location</code></em>,cn=automount,dc=example,dc=com"
</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
- The default value for <em class="parameter"><code>location</code></em> is <code class="literal">default</code>.
- </div></div></div></li><li class="step"><div class="para">
- Save the file and restart <code class="systemitem">autofs</code>:
- </div><div class="para">
-
-<pre class="screen"><code class="command"># service autofs restart</code></pre>
-
- </div></li></ol></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_autofs_on_Linux-Testing_the_Configuration"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_autofs_on_Linux-Testing_the_Configuration">7.2.1.1. Testing the Configuration</h4></div></div></div><div class="para">
- Test the configuration by attempting to list a user's <code class="filename">/home</code> directory:
- </div><div class="para">
-
-<pre class="screen"><code class="command"># ls /home/<username></code></pre>
-
+ The default value for <span class="emphasis"><em>location</em></span> is <code class="literal">default</code>. If additional locations are added (<a class="xref" href="#adding-locations">Section 7.3, “Configuring Locations”</a>), then the client can be pointed to use those locations, instead.
+ </div></div></div></li><li class="listitem"><div class="para">
+ Edit the <code class="filename">/etc/autofs_ldap_auth.conf</code> file so that autofs allows client authentication with the FreeIPA LDAP server. Change <em class="parameter"><code>authrequired</code></em> to yes and set the principal to the Kerberos host principal:
+ </div><pre class="programlisting"><span class="perl_Keyword"><autofs_ldap_sasl_conf</span>
+<span class="perl_Others"> usetls=</span><span class="perl_String">"no"</span>
+<span class="perl_Others"> tlsrequired=</span><span class="perl_String">"no"</span>
+<span class="perl_Others"> authrequired=</span><span class="perl_String">"yes"</span>
+<span class="perl_Others"> authtype=</span><span class="perl_String">"GSSAPI"</span>
+<span class="perl_Others"> clientprinc=</span><span class="perl_String">"host/server.example.com at EXAMPLE COM"</span>
+ <span class="perl_Keyword">/></span></pre><div class="para">
+ If necessary, run <code class="command">klist -k</code> to get the exact host principal information.
+ </div></li><li class="listitem"><div class="para">
+ Check the <code class="filename">/etc/nssswitch.conf</code> file, so that LDAP is listed as a source for automount configuration:
+ </div><pre class="screen">automount: files <strong class="userinput"><code>ldap</code></strong></pre></li><li class="listitem"><div class="para">
+ Restart autofs:
+ </div><pre class="screen"># service autofs restart</pre></li><li class="listitem"><div class="para">
+ Test the configuration by listing a user's <code class="filename">/home</code> directory:
+ </div><pre class="screen"># ls /home/<em class="replaceable"><code>userName</code></em></pre><div class="para">
+ If this does not mount the remote file system, check the <code class="filename">/var/log/messages</code> file for errors. If necessary, increase the debug level in the <code class="filename">/etc/sysconfig/autofs</code> file by setting the <em class="parameter"><code>LOGGING</code></em> parameter to <code class="literal">debug</code>.
+ </div></li></ol></div><div class="note"><div class="admonition_header"><h2>TIP</h2></div><div class="admonition"><div class="para">
+ If there are problems with automount, then cross-reference the automount attempts with the 389 Directory Server access logs, which will show the attempted access, user, and search base.
</div><div class="para">
- If this does not mount the remote file system, check the <code class="filename">/var/log/messages</code> file for errors or other indications of what the problem might be. You can also increase the debug level in the <code class="filename">/etc/sysconfig/autofs</code> file by setting the <em class="parameter"><code>LOGGING</code></em> parameter to <code class="literal">debug</code>.
- </div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Solaris_automount"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Solaris_automount">7.2.2. Solaris automount</h3></div></div></div><div class="para">
- The following procedure describes the steps required to configure <code class="command">automount</code> for <code class="systemitem">Solaris</code>.
- </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
- If the <code class="systemitem">NFS</code> server is running on <code class="systemitem">Linux</code>, you need to specify on the <code class="systemitem">Solaris</code> machine that NFSv3 is the maximum supported version. Edit the <code class="filename">/etc/default/nfs</code> file and set the following parameter:
+ It is also simple to run automount in the foreground with debug logging on.
+<pre class="screen">automount -f -d</pre>
+ This prints the debug log information directly, without having to cross-check the LDAP access log with automount's log.
+ </div></div></div></div><div class="section" id="Configuring_Automount-Solaris_automount"><div class="titlepage"><div><div><h3 class="title" id="Configuring_Automount-Solaris_automount">7.2.2. Configuring Automount on Solaris</h3></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ If the NFS server is running on Fedora, specify on the Solaris machine that NFSv3 is the maximum supported version. Edit the <code class="filename">/etc/default/nfs</code> file and set the following parameter:
</div><pre class="programlisting">NFS_CLIENT_VERSMAX=3
-</pre></li><li class="step"><div class="para">
- IPA does not configure automount by default, so you need to use the <code class="command">ldapclient</code> command to manually configure your host to use LDAP:
- </div><pre class="programlisting">ldapclient -v manual -a authenticationMethod=none \
--a defaultSearchBase=dc=example,dc=com \
--a defaultServerList=ipa.example.com \
--a serviceSearchDescriptor=passwd:cn=users,cn=accounts,dc=example,dc=com \
--a serviceSearchDescriptor=group:cn=groups,cn=compat,dc=example,dc=com \
--a serviceSearchDescriptor=auto_master:automountMapName=auto.master, \
- cn=<location>,cn=automount,dc=example,dc=com?one \
--a serviceSearchDescriptor=auto_home:automountMapName=auto_home, \
- cn=<location>,cn=automount,dc=example,dc=com?one \
--a objectClassMap=shadow:shadowAccount=posixAccount \
--a searchTimelimit=15 \
--a bindTimeLimit=5
-</pre></li><li class="step"><div class="para">
- Enable <code class="command">automount</code> as follows:
- </div><div class="para">
-
-<pre class="screen"><code class="command"># svcadm enable svc:/system/filesystem/autofs</code></pre>
+</pre></li><li class="listitem"><div class="para">
+ Use the <code class="command">ldapclient</code> command to configure the host to use LDAP:
+ </div><pre class="programlisting">ldapclient -v manual -a authenticationMethod=none
+ -a defaultSearchBase=dc=example,dc=com
+ -a defaultServerList=ipa.example.com
+ -a serviceSearchDescriptor=passwd:cn=users,cn=accounts,dc=example,dc=com
+ -a serviceSearchDescriptor=group:cn=groups,cn=compat,dc=example,dc=com
+ -a serviceSearchDescriptor=auto_master:automountMapName=auto.master,cn=<em class="replaceable"><code>location</code></em>,cn=automount,dc=example,dc=com?one
+ -a serviceSearchDescriptor=auto_home:automountMapName=auto_home,cn=<em class="replaceable"><code>location</code></em>,cn=automount,dc=example,dc=com?one
+ -a objectClassMap=shadow:shadowAccount=posixAccount
+ -a searchTimelimit=15
+ -a bindTimeLimit=5
+</pre></li><li class="listitem"><div class="para">
+ Enable <code class="command">automount</code>:
+ </div><pre class="screen"># svcadm enable svc:/system/filesystem/autofs</pre></li><li class="listitem"><div class="para">
+ Test the configuration.
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Check the LDAP configuration:
+<pre class="screen"># ldapclient -l auto_master
- </div></li></ol></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Solaris_automount-Testing_the_Configuration"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Solaris_automount-Testing_the_Configuration">7.2.2.1. Testing the Configuration</h4></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Testing_the_Configuration-_To_test_the_automount_configuration_run_the_following_commands_"><h6>Procedure 7.2. To test the <code class="command">automount</code> configuration, run the following commands: </h6><ol class="1"><li class="step"><div class="para">
-
-<pre class="screen"><code class="command"># ldapclient -l auto_master</code>
-dn: automountkey=/home,automountmapname=auto.master,cn=<location>,cn=automount,dc=example,dc=com
+dn: automountkey=/home,automountmapname=auto.master,cn=<em class="replaceable"><code>location</code></em>,cn=automount,dc=example,dc=com
objectClass: automount
objectClass: top
automountKey: /home
automountInformation: auto.home
</pre>
- </div></li><li class="step"><div class="para">
- Attempt to list a user's <code class="filename">/home</code> directory:
- </div><div class="para">
-
-<pre class="screen"><code class="command"># ls /home/<username></code></pre>
+ </div></li><li class="listitem"><div class="para">
+ List a user's <code class="filename">/home</code> directory:
+ </div><div class="para">
+
+<pre class="screen"># ls /home/<em class="replaceable"><code>userName</code></em></pre>
+
+ </div></li></ol></div></li></ol></div></div></div><div class="section" id="adding-locations"><div class="titlepage"><div><div><h2 class="title" id="adding-locations">7.3. Configuring Locations</h2></div></div></div><div class="para">
+ When a new location is created, two maps are automatically created for it, <code class="filename">auto.master</code> and <code class="filename">auto.direct</code>. <code class="filename">auto.master</code> is the root map for all automount maps for the location. <code class="filename">auto.direct</code> is the default map for direct mounts and is mounted on <code class="filename">/-</code>.
+ </div></div><div class="section" id="Configuring_Automount-Configuring_Indirect_Maps"><div class="titlepage"><div><div><h2 class="title" id="Configuring_Automount-Configuring_Indirect_Maps">7.4. Configuring Indirect Maps</h2></div></div></div><div class="para">
+ An indirect map defines a container for mount points. For example, if you create an indirect map <code class="filename">/share</code>, then all automount keys are relative to that map. If you define an automount key <code class="systemitem">ipauser</code>, the map would appear as <code class="filename">/share/ipauser</code>. In other words, indirect maps specify relative paths. Compare this to the absolute paths specified by direct maps.
+ </div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+ Different clients can use different map sets. Map sets use a tree structure, so maps <span class="emphasis"><em>cannot</em></span> be shared between locations.
+ </div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Create a new location:
+ </div><pre class="screen">$ ipa automountlocation-add baltimore
+
+ Location: baltimore</pre></li><li class="listitem"><div class="para">
+ Create a map for man pages:
+ </div><pre class="screen">$ ipa automountmap-add baltimore auto.man
+
+ Map: auto.man</pre></li><li class="listitem"><div class="para">
+ Add this map to the location's auto.master on the mount point /usr/man:
+ </div><pre class="screen">$ ipa automountkey-add baltimore auto.master --key=/usr/man --info=auto.man
- </div></li></ol></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_Indirect_Maps"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_Indirect_Maps">7.2.3. Configuring Indirect Maps</h3></div></div></div><div class="para">
- An indirect map defines a container for mount points. For example, if you create an indirect map <code class="filename">/share</code>, then all automount keys are relative to that map. If you define an automount key <code class="systemitem">ipauser</code>, the map would appear as <code class="filename">/share/ipauser</code>. In other words, indirect maps specify relative paths. Compare this to the absolute paths specified by direct maps.
- </div><div class="para">
- The following example creates an indirect map for <code class="filename">/usr/man</code> using the built-in IPA commands. This creates a single indirect map, <code class="filename">/usr/man/man1</code>, which:
- </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- Creates a new <code class="command">automount</code> map called <code class="filename">auto.man</code>
- </div></li><li class="listitem"><div class="para">
- Adds <code class="filename">auto.man</code> to <code class="filename">auto.master</code> on the mount point <code class="filename">/usr/man</code>
- </div></li><li class="listitem"><div class="para">
- Adds an indirect mount of <code class="filename">man1</code> to <code class="filename">auto.man</code>
- </div></li></ul></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-How_to_create_an_indirect_map"><h6>Procedure 7.3. How to create an indirect map:</h6><ol class="1"><li class="step"><div class="para">
- Create a new location:
- </div><pre class="screen"><code class="command">$ ipa automountlocation-add baltimore</code>
- Location: baltimore</pre></li><li class="step"><div class="para">
- Create a map for man pages:
- </div><pre class="screen"><code class="command">$ ipa automountmap-add baltimore auto.man</code>
- Map: auto.man</pre></li><li class="step"><div class="para">
- Add this map to the location's auto.master on the mount point /usr/man:
- </div><pre class="screen"><code class="command">$ ipa automountkey-add baltimore auto.master --key=/usr/man --info=auto.man</code>
Key: /usr/man
Mount information: auto.man</pre></li></ol></div><div class="para">
- Use the following command to export information on the automount configuration for a specific location. This is useful if you perform file-based automount. For example:
- </div><pre class="screen"><code class="command">$ ipa automountlocation-tofiles baltimore</code>
+ Use the following command to export information on the automount configuration for a specific location. This is useful if you perform file-based automount. For example:
+ </div><pre class="screen"><code class="command">$ ipa automountlocation-tofiles baltimore</code>
/etc/auto.master:
/- /etc/auto.direct
/usr/man /etc/auto.man
---------------------------
/etc/auto.direct:
---------------------------
-/etc/auto.man:</pre><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-Configuring_an_Indirect_Map_on_Solaris"><h5 class="formalpara">Configuring an Indirect Map on Solaris</h5>
- On <code class="systemitem">Solaris</code>, use the following arguments with the <code class="command">ldapclient</code> command:
- </div><pre class="programlisting">-a serviceSearchDescriptor=auto_man:automountMapName=auto.man, \
+/etc/auto.man:</pre><div class="para">
+ On <code class="systemitem">Solaris</code>, use the following arguments with the <code class="command">ldapclient</code> command:
+ </div><pre class="programlisting">-a serviceSearchDescriptor=auto_man:automountMapName=auto.man, \
cn=<location>,cn=automount,dc=example,dc=com?one \
-</pre><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-Configuring_Direct_Maps"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-Configuring_Direct_Maps">7.2.3.1. Configuring Direct Maps</h4></div></div></div><div class="para">
- Direct maps list exact locations to mount specified maps, for example <code class="filename">/usr/local/bin</code> or <code class="filename">/mnt</code>. That is, they specify absolute paths as mount points. Compare this to the relative paths specified by indirect maps.
- </div><div class="para">
- To add a direct map configuration, IPA requires a number of modifications to the <code class="filename">auto.direct</code> file. The following two entries are created during the installation process:
- </div><pre class="programlisting">dn: automountkey=/-,automountmapname=auto.master,cn=default,cn=automount,dc=example,dc=com
+</pre></div><div class="section" id="Configuring_Indirect_Maps-Configuring_Direct_Maps"><div class="titlepage"><div><div><h2 class="title" id="Configuring_Indirect_Maps-Configuring_Direct_Maps">7.5. Configuring Direct Maps</h2></div></div></div><div class="para">
+ Direct maps list exact locations to mount specified maps, for example <code class="filename">/usr/local/bin</code> or <code class="filename">/mnt</code>. That is, they specify absolute paths as mount points. Compare this to the relative paths specified by indirect maps.
+ </div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+ Different clients can use different map sets. Map sets use a tree structure, so maps <span class="emphasis"><em>cannot</em></span> be shared between locations.
+ </div></div></div><div class="para">
+ To add a direct map configuration, FreeIPA requires a number of modifications to the <code class="filename">auto.direct</code> file. The following two entries are created during the installation process:
+ </div><pre class="programlisting">dn: automountkey=/-,automountmapname=auto.master,cn=default,cn=automount,dc=example,dc=com
objectClass: automount
automountKey: '/-'
automountInformation: auto.direct
@@ -2934,32 +2929,17 @@ automountInformation: auto.home
objectClass: automountMap
automountMapName: auto.direct
</pre><div class="para">
- Use the following procedure to add a mount to this direct map for the <code class="filename">/share</code> directory:
- </div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_Direct_Maps-How_to_create_a_direct_map"><h6>Procedure 7.4. How to create a direct map:</h6><ol class="1"><li class="step"><div class="para">
- Create a new location:
- </div><pre class="screen"><code class="command">$ ipa automountlocation-add brisbane</code>
- Location: brisbane</pre></li><li class="step"><div class="para">
- Add the map to the location's <code class="filename">auto.direct</code> file on the mount point <code class="filename">/share</code>:
- </div><pre class="screen"><code class="command">$ ipa automountkey-add brisbane auto.direct --key=/share \</code>
- <code class="command">--info="-ro,soft, ipaserver.ipadocs.org:/home/share"</code>
+ Use the following procedure to add a mount to this direct map for the <code class="filename">/share</code> directory:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Create a new location:
+ </div><pre class="screen"><code class="command">$ ipa automountlocation-add brisbane</code>
+ Location: brisbane</pre></li><li class="listitem"><div class="para">
+ Add the map to the location's <code class="filename">auto.direct</code> file on the mount point <code class="filename">/share</code>:
+ </div><pre class="screen">$ ipa automountkey-add brisbane auto.direct --key=/share --info="-ro,soft, ipaserver.ipadocs.org:/home/share"
Key: /share
Mount information: -ro,soft, ipaserver.ipadocs.org:/home/share</pre></li></ol></div><div class="para">
- On <code class="systemitem">Solaris</code>, use the following arguments with the <code class="command">ldapclient</code> command:
- </div><pre class="programlisting">-a serviceSearchDescriptor=auto_direct:automountMapName=auto.direct, \
- cn=<location>,cn=automount,dc=example,dc=com?one \
-</pre></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Links"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Links">7.2.4. Links</h3></div></div></div><div class="para">
- The following pages were used as references for this work:
- </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- <a href="http://efod.se/blog/archive/2006/06/27/autofs-and-ldap">http://efod.se/blog/archive/2006/06/27/autofs-and-ldap</a>
- </div></li><li class="listitem"><div class="para">
- <a href="http://www.linuxjournal.com/article/6266">http://www.linuxjournal.com/article/6266</a>
- </div></li><li class="listitem"><div class="para">
- <a href="http://forums.fedoraforum.org/showthread.php?t=138992">http://forums.fedoraforum.org/showthread.php?t=138992</a>
- </div></li><li class="listitem"><div class="para">
- <a href="http://forums.fedoraforum.org/forum/showthread.php?t=135635&highlight=autofs+ldap">http://forums.fedoraforum.org/forum/showthread.php?t=135635&highlight=autofs+ldap</a>
- </div></li><li class="listitem"><div class="para">
- <a href="http://blogs.sun.com/rohanpinto/entry/nis_to_ldap_migration_guide">http://blogs.sun.com/rohanpinto/entry/nis_to_ldap_migration_guide</a>
- </div></li></ul></div></div></div></div><div xml:lang="en-US" class="chapter" id="active-directory" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 8. Identity: Integrating with Microsoft Active Directory</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#about-active-directory">8.1. About Active Directory, IPA, and Identity Management</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations">8.1.1. Domain Name Considerations</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory">8.2. Setting up Active Directory</a></span></dt><dt><span class="section"><a href="#configuring-active-directory">8.3. Configuring Active Directory Synchronization</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_S
ynchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements">8.4. Creating Synchronization Agreements</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements">8.5. Modifying Synchronization Agreements</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Changing_the_Default_Synchronization_Subtree">8.5.1. Changing the Default Synchronization Subtree</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements">8.6. Deleting Synchronization Agreements</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures">8.7.
Winsync Agreement Failures</a></span></dt></dl></div><div class="para">
+ On <code class="systemitem">Solaris</code>, use the following arguments with the <code class="command">ldapclient</code> command:
+ </div><pre class="programlisting">-a serviceSearchDescriptor=auto_direct:automountMapName=auto.direct,cn=<location>,cn=automount,dc=example,dc=com?one</pre></div></div><div xml:lang="en-US" class="chapter" id="active-directory" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 8. Identity: Integrating with Microsoft Active Directory</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#about-active-directory">8.1. About Active Directory, IPA, and Identity Management</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations">8.1.1. Domain Name Considerations</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory">8.2. Setting up Active Directory</a></span></dt><dt><span class="section"><a href="#configuring-active-directory">8.3. Configuring Active
Directory Synchronization</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements">8.4. Creating Synchronization Agreements</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements">8.5. Modifying Synchronization Agreements</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Changing_the_Default_Synchronization_Subtree">8.5.1. Changing the Default Synchronization Subtree</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements">8.6. Deleting Synchronization Agreements</a></span></dt><dt><sp
an class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures">8.7. Winsync Agreement Failures</a></span></dt></dl></div><div class="para">
To synchronize user identity information between 389 Directory Server and Windows Active Directory, IPA employs a plug-in that extends the functionality of the 389 Directory Server Windows Sync utility. This plug-in allows IPA to perform the data manipulation necessary to achieve synchronization between 389 Directory Server and Windows Active Directory. The IPA Windows Sync plug-in uses the <em class="parameter"><code>ipaWinSyncUserAttr</code></em> parameter to specify which attributes and values to add to new users that are synchronized from Active Directory.
</div><div class="section" id="about-active-directory"><div class="titlepage"><div><div><h2 class="title" id="about-active-directory">8.1. About Active Directory, IPA, and Identity Management</h2></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations">8.1.1. Domain Name Considerations</h3></div></div></div><div class="para">
IPA clients find, or discover, IPA servers using a process known as <em class="firstterm">Service Discovery</em>. This can occur automatically, using DNS, or manually, by entering the IPA server details during the client configuration phase. If your Active Directory installation is in the same domain as the IPA server, it is possible that when you install IPA clients they will not discover the IPA server, but rather the Active Directory DNS. This means that IPA commands run on the client will fail because the client cannot contact the IPA server.
@@ -3321,7 +3301,7 @@ EOF
Refer to the IPA CLI help system for more details. Use the <code class="command">ipa help</code> command to display a list of available topics.
</div></li></ol></div></li><li class="listitem"><div class="orderedlist"><ol><li class="listitem"><div class="para">
Use the UI to manually create a new structure of netgroups.
- </div></li></ol></div></li></ol></div></div></div></div><div xml:lang="en-US" class="chapter" id="Working_with_DNS" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 10. Policy: Managing DNS</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#about-dns">10.1. About DNS in FreeIPA</a></span></dt><dt><span class="section"><a href="#enabling-dns">10.2. Configuring DNS</a></span></dt><dt><span class="section"><a href="#finding-dns-zones">10.3. Finding and Displaying DNS Zones</a></span></dt><dt><span class="section"><a href="#Managing_DNS_Zones-Adding_DNS_Zones">10.4. Adding DNS Zones</a></span></dt><dt><span class="section"><a href="#modifying-dns-zones">10.5. Modifying DNS Zones</a></span></dt><dt><span class="section"><a href="#Adding_DNS_Zones-Using_Dynamic_DNS_Updates">10.6. Enabling Dynamic DNS Updates</a></span></dt><dt><span class="section"><a href="#enabling-zones">10.7. Enabling and Disabling Zones</a></span></d
t><dt><span class="section"><a href="#Managing_DNS_Zones-Adding_Records_to_DNS_Zones">10.8. Adding Records to DNS Zones</a></span></dt><dt><span class="section"><a href="#Managing_DNS_Zones-Deleting_Records_from_DNS_Zones">10.9. Deleting Records from DNS Zones</a></span></dt><dt><span class="section"><a href="#dns-resolve">10.10. Resolving Hostnames in the FreeIPA Domain</a></span></dt></dl></div><div class="para">
+ </div></li></ol></div></li></ol></div></div></div></div><div xml:lang="en-US" class="chapter" id="Working_with_DNS" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 10. Identity: Managing DNS</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#about-dns">10.1. About DNS in FreeIPA</a></span></dt><dt><span class="section"><a href="#enabling-dns">10.2. Configuring DNS</a></span></dt><dt><span class="section"><a href="#changing-forwarder">10.3. Changing Recursive Queries Against Forwarders</a></span></dt><dt><span class="section"><a href="#finding-dns-zones">10.4. Finding and Displaying DNS Zones</a></span></dt><dt><span class="section"><a href="#Managing_DNS_Zones-Adding_DNS_Zones">10.5. Adding DNS Zones</a></span></dt><dt><span class="section"><a href="#modifying-dns-zones">10.6. Modifying DNS Zones</a></span></dt><dt><span class="section"><a href="#Adding_DNS_Zones-Using_Dynamic_DNS_Updates">10.7. Enabling Dynamic DN
S Updates</a></span></dt><dt><span class="section"><a href="#enabling-zones">10.8. Enabling and Disabling Zones</a></span></dt><dt><span class="section"><a href="#Managing_DNS_Zones-Adding_Records_to_DNS_Zones">10.9. Adding Records to DNS Zones</a></span></dt><dt><span class="section"><a href="#Managing_DNS_Zones-Deleting_Records_from_DNS_Zones">10.10. Deleting Records from DNS Zones</a></span></dt><dt><span class="section"><a href="#dns-resolve">10.11. Resolving Hostnames in the FreeIPA Domain</a></span></dt></dl></div><div class="para">
If the FreeIPA server was installed with DNS configured, then all of the DNS entries for the domain — host entries, locations, records — can be managed using the FreeIPA tools.
</div><div class="section" id="about-dns"><div class="titlepage"><div><div><h2 class="title" id="about-dns">10.1. About DNS in FreeIPA</h2></div></div></div><div class="para">
DNS is one of the services that can be configured and maintained by the FreeIPA domain. DNS is critical to the performance of the FreeIPA domain; DNS is used for the Kerberos services and SSL connections for all servers and clients and for connections to domain services like LDAP.
@@ -3380,7 +3360,21 @@ objectclass: idnsrecord</pre><div class="para">
<code class="option">--no-forwarders</code> means that there are no forwarders used with the DNS service, only root servers. Alternatively, a comma-separated list of forwarders can be given, using the <code class="option">--forwarders</code> option.
</div></li><li class="listitem"><div class="para">
Reverse DNS is configured automatically. It is possible to disable reverse DNS by using the <code class="option">--no-reverse</code> option.
- </div></li></ul></div></div><div class="section" id="finding-dns-zones"><div class="titlepage"><div><div><h2 class="title" id="finding-dns-zones">10.3. Finding and Displaying DNS Zones</h2></div></div></div><div class="para">
+ </div></li></ul></div></div><div class="section" id="changing-forwarder"><div class="titlepage"><div><div><h2 class="title" id="changing-forwarder">10.3. Changing Recursive Queries Against Forwarders</h2></div></div></div><div class="para">
+ The <code class="command">ipa-client-install</code> script sets a configuration statement in the <code class="filename">/etc/named.conf</code> file that allows name resolution against hosts that are outside the FreeIPA DNS domain. (This requires that the FreeIPA server be set up with DNS configured and with forwarders configured.) What this means is that any host is permitted to issue recursive queries against configured forwarders.
+ </div><div class="para">
+ This behavior can be changed by changed the <code class="command">allow-recursion</code> statement.
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Open the <code class="filename">/etc/named.conf</code> file.
+ </div></li><li class="listitem"><div class="para">
+ Reset the <code class="command">allow-recursion</code> statement. This is set to <code class="command">any</code> by default, which allows all hosts to resolve names against all forwarders.
+ </div><pre class="screen"> forward first;
+ forwarders { 10.16.36.29; };
+ <strong class="userinput"><code>allow-recursion { any; };</code></strong></pre></li><li class="listitem"><div class="para">
+ Restart the <code class="command">named</code> service.
+ </div><pre class="screen">service named restart</pre></li></ol></div><div class="para">
+ The name server documentation has more details on editing configuration statements.
+ </div></div><div class="section" id="finding-dns-zones"><div class="titlepage"><div><div><h2 class="title" id="finding-dns-zones">10.4. Finding and Displaying DNS Zones</h2></div></div></div><div class="para">
The first part of managing a DNS domain is simply knowing what the domain configuration is. This is done by finding and displaying DNS zone records.
</div><div class="para">
Finding and displaying records can be done using the <code class="command">dnszone-find</code> command. This command can be used either to return a list of all zones or to find a specific record based on any of the attirbutes in the zone entry. Using either the <code class="command">dnszone-find</code> or the <code class="command">dnszone-show</code> command lists the full start of authority (SOA) record for the DNS zone.
@@ -3413,7 +3407,7 @@ Number of entries returned 2
Alternatively, the DNS zones can be filtered by searching for a particular attribute in the SOA record. For example, this searches for the <code class="command">example.com</code> zone by the hostname:
</div><pre class="screen">$ ipa dnszone-find --name-server=server1.example.com</pre><div class="para">
The <code class="command">dnszone-show</code> command is equivalent to the <code class="command">dnszone-find --name</code> command because it only displays the record for the specific zone by its fully-qualified domain name.
- </div><pre class="screen">$ ipa dnszone-show example.com</pre></div><div class="section" id="Managing_DNS_Zones-Adding_DNS_Zones"><div class="titlepage"><div><div><h2 class="title" id="Managing_DNS_Zones-Adding_DNS_Zones">10.4. Adding DNS Zones</h2></div></div></div><div class="para">
+ </div><pre class="screen">$ ipa dnszone-show example.com</pre></div><div class="section" id="Managing_DNS_Zones-Adding_DNS_Zones"><div class="titlepage"><div><div><h2 class="title" id="Managing_DNS_Zones-Adding_DNS_Zones">10.5. Adding DNS Zones</h2></div></div></div><a id="id3155460" class="indexterm"></a><div class="para">
The <code class="command">ipa dnszone-add</code> command add a new zone to the DNS domain. At a minimum, this requires the name of the new subdomain:
</div><pre class="screen">$ ipa dnszone-add <em class="replaceable"><code>domainName</code></em></pre><div class="para">
If the name is not given, the script prompts for it. Other command-line options can also be passed with the <code class="command">ipa dnszone-add</code> command; these are described in .
@@ -3427,7 +3421,7 @@ Number of entries returned 2
Reload the <code class="systemitem">named</code> service to load the new zone into the DNS domain configuration. If the service is not restarted, the DNS server will not respond to queries for records in the new zone.
<pre class="screen"># service named reload</pre>
- </div></li></ol></div></div><div class="section" id="modifying-dns-zones"><div class="titlepage"><div><div><h2 class="title" id="modifying-dns-zones">10.5. Modifying DNS Zones</h2></div></div></div><div class="para">
+ </div></li></ol></div></div><div class="section" id="modifying-dns-zones"><div class="titlepage"><div><div><h2 class="title" id="modifying-dns-zones">10.6. Modifying DNS Zones</h2></div></div></div><div class="para">
A zone is created with a certain amount of configuration, set to default values:
</div><pre class="screen"> dn: idnsname=example.com,cn=dns,dc=example,dc=com
idnsname: example.com
@@ -3554,11 +3548,11 @@ Number of entries returned 2
--ip-address
</td><td>
Adds the DNS name server by its IP address.
- </td></tr></tbody></table></div></div><br class="table-break" /></div><div class="section" id="Adding_DNS_Zones-Using_Dynamic_DNS_Updates"><div class="titlepage"><div><div><h2 class="title" id="Adding_DNS_Zones-Using_Dynamic_DNS_Updates">10.6. Enabling Dynamic DNS Updates</h2></div></div></div><div class="para">
+ </td></tr></tbody></table></div></div><br class="table-break" /></div><div class="section" id="Adding_DNS_Zones-Using_Dynamic_DNS_Updates"><div class="titlepage"><div><div><h2 class="title" id="Adding_DNS_Zones-Using_Dynamic_DNS_Updates">10.7. Enabling Dynamic DNS Updates</h2></div></div></div><a id="id3255325" class="indexterm"></a><div class="para">
Dynamic DNS updates are not enabled by default for new DNS zones in FreeIPA. If dynamic updates are not allowed, then it may not be possible for the <code class="command">ipa-client-install</code> script to join a client to the domain because it cannot add a DNS record pointing to the new client.
</div><div class="para">
To allow dynamic updates to the DNS zones, set the <code class="option">--allow-dynupdate</code> option.
- </div><pre class="screen">$ ipa dnszone-mod server.example.com --allow-dynupdate</pre></div><div class="section" id="enabling-zones"><div class="titlepage"><div><div><h2 class="title" id="enabling-zones">10.7. Enabling and Disabling Zones</h2></div></div></div><div class="para">
+ </div><pre class="screen">$ ipa dnszone-mod server.example.com --allow-dynupdate</pre></div><div class="section" id="enabling-zones"><div class="titlepage"><div><div><h2 class="title" id="enabling-zones">10.8. Enabling and Disabling Zones</h2></div></div></div><a id="id2992418" class="indexterm"></a><div class="para">
Active zones can have clients added to them, are available for lookups, and are used by FreeIPA services like Kerberos. Deleting a DNS zone removes the zone entry and all the associated configuration.
</div><div class="para">
There can be situations when it is necessary to remove a zone from activity without permanently removing the zone. This can be done by using the <code class="command">dnszone-disable</code> command.
@@ -3566,9 +3560,9 @@ Number of entries returned 2
For example:
</div><pre class="screen">$ ipa dnszone-disable server.example.com</pre><div class="para">
When the zone needs to be brought back online, it can be re-enabled using the <code class="command">dnszone-enable</code> command.
- </div></div><div class="section" id="Managing_DNS_Zones-Adding_Records_to_DNS_Zones"><div class="titlepage"><div><div><h2 class="title" id="Managing_DNS_Zones-Adding_Records_to_DNS_Zones">10.8. Adding Records to DNS Zones</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="Managing_DNS_Zones-Adding_Records_to_DNS_Zones"><div class="titlepage"><div><div><h2 class="title" id="Managing_DNS_Zones-Adding_Records_to_DNS_Zones">10.9. Adding Records to DNS Zones</h2></div></div></div><a id="id3343484" class="indexterm"></a><a id="id3343496" class="indexterm"></a><a id="id3343504" class="indexterm"></a><div class="para">
FreeIPA supports several different types of DNS records, listed in <a class="xref" href="#tab.record-types">Table 10.3, “DNS Record Types”</a>.
- </div><div class="table" id="tab.record-types"><h6>Table 10.3. DNS Record Types</h6><div class="table-contents"><table summary="DNS Record Types" border="1"><colgroup><col width="33%" /><col width="33%" /><col width="33%" /></colgroup><tbody><tr><td>
+ </div><a id="id3153398" class="indexterm"></a><a id="id3153410" class="indexterm"></a><div class="table" id="tab.record-types"><h6>Table 10.3. DNS Record Types</h6><div class="table-contents"><table summary="DNS Record Types" border="1"><colgroup><col width="33%" /><col width="33%" /><col width="33%" /></colgroup><tbody><tr><td>
A
</td><td>
DS
@@ -3636,21 +3630,21 @@ Number of entries returned 2
</td></tr></tbody></table></div></div><br class="table-break" /><div class="para">
The <code class="command">ipa dnsrecord-add</code> command adds records to DNS zones, based on the type. Adding a record has the same basic command format:
- </div><pre class="screen">$ ipa dnsrecord-add <em class="replaceable"><code>domainName urlLabel</code></em> --<em class="replaceable"><code>recordType</code></em>--rec <em class="replaceable"><code>record</code></em></pre><div class="para">
+ </div><a id="id3293548" class="indexterm"></a><a id="id3293560" class="indexterm"></a><pre class="screen">$ ipa dnsrecord-add <em class="replaceable"><code>domainName urlLabel</code></em> --<em class="replaceable"><code>recordType</code></em>--rec <em class="replaceable"><code>record</code></em></pre><div class="para">
The <span class="emphasis"><em>recordType</em></span> is an identifier, such as <code class="command">a</code> for A or IPv4 records. The <span class="emphasis"><em>record</em></span> value is the actual entry, which has a value corresponding to the record type.
</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
The <code class="command">ipa dnsrecord-add</code> command only creates forward entries, not reverse entries.
- </div></div></div><div class="example" id="ex.ipv4-record"><h6>Example 10.1. IPv4 Record</h6><div class="example-contents"><div class="para">
+ </div></div></div><a id="id3158416" class="indexterm"></a><a id="id3158428" class="indexterm"></a><div class="example" id="ex.ipv4-record"><h6>Example 10.1. IPv4 Record</h6><div class="example-contents"><div class="para">
Type A resource records map hostnames to IPv4 addresses. The <span class="emphasis"><em>record</em></span> value for these commands, then, is a standard IPv4 address. The URL label is usually www.
<pre class="screen">$ ipa dnsrecord-add example.com www --a-rec 10.64.14.165</pre>
This creates the record <code class="uri">www.example.com</code> with the IP address 10.64.14.165.
</div><div class="para">
More information about A records is in <a href="http://tools.ietf.org/html/rfc1035">RFC 1035</a>.
- </div></div></div><br class="example-break" /><div class="example" id="ex.ipv6-record"><h6>Example 10.2. IPv6 Record</h6><div class="example-contents"><div class="para">
+ </div></div></div><br class="example-break" /><a id="id3339901" class="indexterm"></a><a id="id3339913" class="indexterm"></a><div class="example" id="ex.ipv6-record"><h6>Example 10.2. IPv6 Record</h6><div class="example-contents"><div class="para">
Type AAAA resource records (<em class="firstterm">quad-A records)</em> map hostnames to IPv6 addresses. The <span class="emphasis"><em>record</em></span> value for these commands is an IPv6 address. As with Type A records, the URL label is usually www.
<pre class="screen">$ ipa dnsrecord-add example.com www --aaaa-rec fe80::20c:29ff:fe02:a1b3</pre>
This creates the record <code class="uri">www.example.com</code> with the IP address fe80::20c:29ff:fe02:a1b3. More information about AAAA records is in <a href="http://tools.ietf.org/html/rfc3596">RFC 3596</a>.
- </div></div></div><br class="example-break" /><div class="example" id="ex.srv-record"><h6>Example 10.3. SRV Record</h6><div class="example-contents"><div class="para">
+ </div></div></div><br class="example-break" /><a id="id2990519" class="indexterm"></a><a id="id2990530" class="indexterm"></a><div class="example" id="ex.srv-record"><h6>Example 10.3. SRV Record</h6><div class="example-contents"><div class="para">
<em class="firstterm">Service (SRV) resource records</em> map service names to the DNS name of the server that is providing that particular service. For example, this record type can map a service like an LDAP directory to the DNS server which manages it.
</div><div class="para">
As with Type A and Type AAAA records, SRV records specify a way to connect to and identify the service, but the record format is different.
@@ -3662,7 +3656,19 @@ Number of entries returned 2
$ ipa dnsrecord-add server.example.com _ldap._tcp --srv-rec="1 100 389 server2.example.com"</pre><div class="para">
More information about SRV records is in <a href="http://tools.ietf.org/html/rfc2782">RFC 2782</a>.
- </div></div></div><br class="example-break" /></div><div class="section" id="Managing_DNS_Zones-Deleting_Records_from_DNS_Zones"><div class="titlepage"><div><div><h2 class="title" id="Managing_DNS_Zones-Deleting_Records_from_DNS_Zones">10.9. Deleting Records from DNS Zones</h2></div></div></div><div class="para">
+ </div></div></div><br class="example-break" /><a id="id3279232" class="indexterm"></a><a id="id3279244" class="indexterm"></a><div class="example" id="ex.ptr-record"><h6>Example 10.4. PTR Record</h6><div class="example-contents"><div class="para">
+ A pointer record type (PTR) record adds a <span class="emphasis"><em>reverse</em></span> DNS record, which maps an IP address to a domain name, rather than the other way around.
+ </div><div class="para">
+ All reverse DNS lookups for OPv4 addresses user reverse entries that are defined in the <code class="command">in-addr.arpa.</code> domain. The reverse address, in human-readable form, is the exact reverse of the regular IP address, with the <code class="command">in-addr.arpa.</code> domain appended to it. For example, for the IP address <code class="systemitem">192.0.1.2</code>, the reverse address is <code class="systemitem">2.1.0.192..in-addr.arpa</code>.
+ </div><div class="para">
+ When adding the reverse DNS record, the format of the <code class="command">dnsrecord-add</code> command is also reverse, compared to the usage for adding regular DNS entries:
+ </div><pre class="screen">$ ipa dnsrecord-add <em class="replaceable"><code>reverseIpAddress recordId</code></em> --ptr-rec <em class="replaceable"><code>FQDN</code></em></pre><div class="para">
+ The <span class="emphasis"><em>recordId</em></span> is the numeric identifier to use for the entry in the zone.
+ </div><div class="para">
+ For example, this adds a record with an ID of 4 for <code class="command">server2.example.com</code>:
+ </div><pre class="screen">$ ipa dnsrecord-add 2.1.0.192..in-addr.arpa 4 --ptr-rec server2.example.com.</pre><div class="para">
+ More information about PTR records is in <a href="http://tools.ietf.org/html/rfc1035#page-12">RFC 1035</a>.
+ </div></div></div><br class="example-break" /></div><div class="section" id="Managing_DNS_Zones-Deleting_Records_from_DNS_Zones"><div class="titlepage"><div><div><h2 class="title" id="Managing_DNS_Zones-Deleting_Records_from_DNS_Zones">10.10. Deleting Records from DNS Zones</h2></div></div></div><a id="id3174360" class="indexterm"></a><a id="id3174371" class="indexterm"></a><div class="para">
Records are removed from the zone using the <code class="command">ipa dnsrecord-del</code> command. As with adding records, records are deleted using an option that specifies the type of record (<code class="option">--</code><span class="emphasis"><em>recordType</em></span><code class="option">-rec</code>) and the record value.
</div><div class="para">
For example, to remove the A type record:
@@ -3670,7 +3676,7 @@ $ ipa dnsrecord-add server.example.com _ldap._tcp --srv-rec="1 100 389 server2.e
</div><div class="para">
Alternatively, using the <code class="option">--del-all</code> option removes all associated records for the zone.
- </div></div><div class="section" id="dns-resolve"><div class="titlepage"><div><div><h2 class="title" id="dns-resolve">10.10. Resolving Hostnames in the FreeIPA Domain</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="dns-resolve"><div class="titlepage"><div><div><h2 class="title" id="dns-resolve">10.11. Resolving Hostnames in the FreeIPA Domain</h2></div></div></div><div class="para">
It is possible to check the DNS entries for FreeIPA domain members using the <code class="command">dns-resolve</code> command. If the record exists and is properly formatted in the DNS configuration, then the command returns the DNS record. If not, the command returns an error, that the hostname is not recognized within the DNS service.
</div><pre class="screen">$ipa dns-resolve server1.example.com</pre><div class="para">
This can be helpful with troubleshooting connection problems between servers, clients, and services.
@@ -3933,7 +3939,7 @@ uri ldap://ipaserver.ipadocs.org
The IPA LDAP implementation provides the schema to support NIS as defined in <a href="http://tools.ietf.org/html/rfc2307">RFC 2307</a>. NIS objects are automatically created inside of LDAP and NSS_LDAP, or SSSD fetches them using an encrypted LDAP connection.
</div><div class="para">
Utilizing SSSD or NSS_LDAP, a client system can enumerate the necessary NIS information using authenticated and encrypted queries to the back end LDAP service provided by the IPA Server. This eliminates the need for NIS client configuration for systems that can support NIS using LDAP when utilizing IPA.
- </div></div></div></div></div><div xml:lang="en-US" class="chapter" id="server-config" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 13. Configuring the FreeIPA Server</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#managing-access-to-ipa">13.1. Defining Access Controls within FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="#Server_side_Access_Control">13.1.1. Server-side Access Control</a></span></dt><dt><span class="section"><a href="#creating-roles">13.1.2. Creating Roles</a></span></dt><dt><span class="section"><a href="#self-service">13.1.3. Defining Self-Service Settings</a></span></dt></dl></dd><dt><span class="section"><a href="#disabling-anon-binds">13.2. Disabling Anonymous Binds</a></span></dt><dt><span class="section"><a href="#Managing-Unique_UID_and_GID_Attributes">13.3. Managing Unique UID and GID Number Assignments</a></span></dt><dd><dl><dt><span class="section"><a href="#id-ran
ges-at-install">13.3.1. About ID Range Assignments During Installation</a></span></dt><dt><span class="section"><a href="#Assigning_UIDs_and_GIDs-Adding_New_Ranges">13.3.2. Adding New Ranges</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_Certificates_and_Certificate_Authorities">13.4. Configuring Certificates and Certificate Authorities</a></span></dt><dd><dl><dt><span class="section"><a href="#Configuring_Certificates_and_Certificate_Authorities-Installing_Your_Own_Certificate">13.4.1. Installing Your Own Certificate</a></span></dt><dt><span class="section"><a href="#Configuring_Certificates_and_Certificate_Authorities-Using_Your_Own_Certificate_with_Firefox">13.4.2. Using Your Own Certificate with Firefox</a></span></dt><dt><span class="section"><a href="#Using_OCSP">13.4.3. Using OCSP</a></span></dt></dl></dd><dt><span class="section"><a href="#ipa-apache">13.5. Setting a FreeIPA Server as an Apache Virtual Host</a></span></dt><dt><span class="se
ction"><a href="#ipa-cluster">13.6. Using FreeIPA in a Cluster</a></span></dt><dd><dl><dt><span class="section"><a href="#Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment">13.6.1. Configuring Kerberos Credentials for a Clustered Environment</a></span></dt><dt><span class="section"><a href="#Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services">13.6.2. Using the Same Service Principal for Multiple Services</a></span></dt></dl></dd><dt><span class="section"><a href="#logging">13.7. FreeIPA Server Logging</a></span></dt><dt><span class="section"><a href="#promoting-replica">13.8. Promoting a Read-Only Replica to a FreeIPA Server</a></span></dt><dt><span class="section"><a href="#upgrading-server">13.9. Testing Before Upgrading the FreeIPA Server</a></span></dt></dl></div><div class="section" id="managing-access-to-ipa"><div class="titlepage"><div><div><h2 class="title" id="mana
ging-access-to-ipa">13.1. Defining Access Controls within FreeIPA</h2></div></div></div><div class="para">
+ </div></div></div></div></div><div xml:lang="en-US" class="chapter" id="server-config" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 13. Configuring the FreeIPA Server</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#managing-access-to-ipa">13.1. Defining Access Controls within FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="#Server_side_Access_Control">13.1.1. Server-side Access Control</a></span></dt><dt><span class="section"><a href="#creating-roles">13.1.2. Creating Roles</a></span></dt><dt><span class="section"><a href="#self-service">13.1.3. Defining Self-Service Settings</a></span></dt></dl></dd><dt><span class="section"><a href="#disabling-anon-binds">13.2. Disabling Anonymous Binds</a></span></dt><dt><span class="section"><a href="#Managing-Unique_UID_and_GID_Attributes">13.3. Managing Unique UID and GID Number Assignments</a></span></dt><dd><dl><dt><span class="section"><a href="#id-ran
ges-at-install">13.3.1. About ID Range Assignments During Installation</a></span></dt><dt><span class="section"><a href="#Assigning_UIDs_and_GIDs-Adding_New_Ranges">13.3.2. Adding New Ranges</a></span></dt></dl></dd><dt><span class="section"><a href="#Configuring_Certificates_and_Certificate_Authorities">13.4. Configuring Alternate Certificate Authorities</a></span></dt><dt><span class="section"><a href="#Using_OCSP">13.5. Configuring OCSP Responders</a></span></dt><dd><dl><dt><span class="section"><a href="#ocsp-interval">13.5.1. Changing the CRL Update Interval</a></span></dt><dt><span class="section"><a href="#ocsp-location">13.5.2. Changing the OCSP Responder Location</a></span></dt></dl></dd><dt><span class="section"><a href="#ipa-apache">13.6. Setting a FreeIPA Server as an Apache Virtual Host</a></span></dt><dt><span class="section"><a href="#ipa-cluster">13.7. Using FreeIPA in a Cluster</a></span></dt><dd><dl><dt><span class="section"><a href="#Implementing_IPA_in_a_
Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment">13.7.1. Configuring Kerberos Credentials for a Clustered Environment</a></span></dt><dt><span class="section"><a href="#Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services">13.7.2. Using the Same Service Principal for Multiple Services</a></span></dt></dl></dd><dt><span class="section"><a href="#logging">13.8. FreeIPA Server Logging</a></span></dt><dt><span class="section"><a href="#promoting-replica">13.9. Promoting a Read-Only Replica to a FreeIPA Server</a></span></dt><dt><span class="section"><a href="#upgrading-server">13.10. Testing Before Upgrading the FreeIPA Server</a></span></dt></dl></div><div class="section" id="managing-access-to-ipa"><div class="titlepage"><div><div><h2 class="title" id="managing-access-to-ipa">13.1. Defining Access Controls within FreeIPA</h2></div></div></div><div class="para">
Access control is a mechanism which defines user access. That is, it defines the rights that users and other objects have been granted in order to perform operations on other users or objects. When the FreeIPA directory server receives a request, it uses the authentication information provided by the user in the bind operation together with <em class="firstterm">access control instructions (ACIs)</em> defined in the server to allow or deny access to directory information. The server can allow or deny permissions for actions, such as read, write, search, and compare, on directory server entries. The permission level granted to a user may depend on the authentication information provided.
</div><div class="para">
FreeIPA implements a number of different methods for controlling access to the various objects, commands and processes that exist within a FreeIPA domain. This includes a Kerberos Ticket Policy, a Password Policy, Host-based Access Control and SUDO Command Policies for controlling client access to services and commands; that is, outside of the FreeIPA server, and a separate Access Control Model for controlling server-side objects; that is, LDAP entries within the FreeIPA server.
@@ -4166,39 +4172,68 @@ changetype: modify
add: dnaNextRange
dnaNextRange: 123400000-123500000</pre><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
This command only adds the specified range of values; it does not check that the values in that range are actually available. This check is performed when an attempt is made to allocate those values. If a range is added that contains mostly values that were already allocated, the system will cycle through the entire range searching for unallocated values, and then the operation ultimately fails if none are available.
- </div></div></div></div></div><div class="section" id="Configuring_Certificates_and_Certificate_Authorities"><div class="titlepage"><div><div><h2 class="title" id="Configuring_Certificates_and_Certificate_Authorities">13.4. Configuring Certificates and Certificate Authorities</h2></div></div></div><div class="para">
- FreeIPA creates a self-signed Certificate Authority (<abbr class="abbrev">CA</abbr>) during the installation process. If you have your own or a preferred <abbr class="abbrev">CA</abbr>, however, and want to use your own certificates, FreeIPA provides the necessary tools to import certificates for use by 389 Directory Server and the <code class="systemitem">HTTP</code> server. While not a prerequisite for the correct operation of FreeIPA, it is recommended that you save an <acronym class="acronym">ASCII</acronym> copy of your <abbr class="abbrev">CA</abbr> certificate as <code class="filename">/usr/share/ipa/html/ca.crt</code> to ensure that users download the correct certificate.
- </div><div class="section" id="Configuring_Certificates_and_Certificate_Authorities-Installing_Your_Own_Certificate"><div class="titlepage"><div><div><h3 class="title" id="Configuring_Certificates_and_Certificate_Authorities-Installing_Your_Own_Certificate">13.4.1. Installing Your Own Certificate</h3></div></div></div><div class="para">
- Use the <code class="command">ipa-server-certinstall</code> command to install your own certificate. You can install the certificate for use by 389 Directory Server, <code class="systemitem">HTTP</code> Server, or both.
- </div><pre class="screen"># /usr/sbin/ipa-server-certinstall -d /path/to/pkcs12.p12</pre></div><div class="section" id="Configuring_Certificates_and_Certificate_Authorities-Using_Your_Own_Certificate_with_Firefox"><div class="titlepage"><div><div><h3 class="title" id="Configuring_Certificates_and_Certificate_Authorities-Using_Your_Own_Certificate_with_Firefox">13.4.2. Using Your Own Certificate with Firefox</h3></div></div></div><div class="para">
- To continue using the Firefox auto-configuration feature, you need an object-signing certificate, and you need to regenerate the <code class="filename">/usr/share/ipa/html/configure.jar</code> file.
- </div><div class="orderedlist"><h6>To use your own certificate with Firefox:</h6><ol><li class="listitem"><div class="para">
- Create a suitable directory and then create the new certificate database in that directory.
+ </div></div></div></div></div><div class="section" id="Configuring_Certificates_and_Certificate_Authorities"><div class="titlepage"><div><div><h2 class="title" id="Configuring_Certificates_and_Certificate_Authorities">13.4. Configuring Alternate Certificate Authorities</h2></div></div></div><div class="para">
+ FreeIPA creates a Dogtag Certificate System certificate authority (CA) during the server installation process. To use an external CA, it is possible to create the required server certificates and then import them into the 389 Directory Server and the HTTP server.
+ </div><div class="note"><div class="admonition_header"><h2>TIP</h2></div><div class="admonition"><div class="para">
+ Save an ASCII copy of the CA certificate as <code class="filename">/usr/share/ipa/html/ca.crt</code>. This allows users to download the correct certificate when they configure their browsers.
+ </div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Use the <code class="command">ipa-server-certinstall</code> command to install your own certificate. You can install the certificate for use by 389 Directory Server, <code class="systemitem">HTTP</code> Server, or both.
+ </div><pre class="screen"># /usr/sbin/ipa-server-certinstall -d /path/to/pkcs12.p12</pre></li><li class="listitem"><div class="para">
+ To continue using Firefox's auto-configuration, regenerate the <code class="filename">/usr/share/ipa/html/configure.jar</code> file.
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Create a directory, and then create the new security databases in that directory.
<pre class="screen"># mkdir /tmp/signdb
+
# certutil -N -d /tmp/signdb</pre>
- </div></li><li class="listitem"><div class="para">
- Import the PKCS #12 file for the signing certificate into that same directory.
-<pre class="screen"># pk12util -i /path/to/pkcs12.p12 -d /tmp/signdb</pre>
+ </div></li><li class="listitem"><div class="para">
+ Import the PKCS #12 file for the signing certificate into that directory.
+<pre class="screen"># pk12util -i <em class="replaceable"><code>/path/to/</code></em>pkcs12.p12 -d /tmp/signdb</pre>
- </div></li><li class="listitem"><div class="para">
- Make a temporary signing directory, and copy the FreeIPA javascript file to that directory.
+ </div></li><li class="listitem"><div class="para">
+ Make a temporary signing directory, and copy the FreeIPA javascript file to that directory.
<pre class="screen"># mkdir /tmp/sign
# cp /usr/share/ipa/html/preferences.html /tmp/sign</pre>
- </div></li><li class="listitem"><div class="para">
- Use the certificate you created earlier to sign the javascript file and to regenerate the <code class="filename">configure.jar</code> file.
+ </div></li><li class="listitem"><div class="para">
+ Use the object signing certificate to sign the javascript file and to regenerate the <code class="filename">configure.jar</code> file.
<pre class="screen"># signtool -d /tmp/signdb -k Signing_cert_nickname -Z /usr/share/ipa/html/configure.jar -e .html</pre>
- </div></li></ol></div></div><div class="section" id="Using_OCSP"><div class="titlepage"><div><div><h3 class="title" id="Using_OCSP">13.4.3. Using OCSP</h3></div></div></div><div class="para">
- The Online Certificate Status Protocol (OCSP) is natively provided by the CA embedded into FreeIPA. This is so that any client that supports it can use OCSP for certificate validity checks.
- </div><div class="para">
- The OCSP responder URL is encoded into the certificates issued by FreeIPA. In order for that responder to be available, port 9180 needs to be open in the firewall. The OCSP URL uses the following format:
-<pre class="screen">http://ipa.example.com:9180/ca/ocsp</pre>
+ </div></li></ol></div></li></ol></div></div><div class="section" id="Using_OCSP"><div class="titlepage"><div><div><h2 class="title" id="Using_OCSP">13.5. Configuring OCSP Responders</h2></div></div></div><div class="para">
+ A certificate is only valid if it is before its expiration date and if it has not been revoked. The expiration date is contained in the certificate itself, so a client can easily check that. However, a certificate can be revoked before its validity period is up. To inform clients of when a certificate has been revoked, a CA publishes a <span class="emphasis"><em>certificate revocation list</em></span> (CRL). A CRL contains a complete list of every certificate that was issued by that CA and subsequently revoked.
+ </div><div class="para">
+ A client checks a CRL to verify a certificate using the online certificate status protocol (OCSP), which sends a request to an <span class="emphasis"><em>OCSP responder</em></span>. Each CA integrated with the FreeIPA server uses an internal OCSP responder. Any client which runs a validity check can check the FreeIPA CA.
+ </div><div class="para">
+ Every certificate issued by the FreeIPA CA puts its OCSP responder service URL in the certificate. For example:
+ </div><pre class="screen">http://ipa.example.com:9180/ca/ocsp</pre><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+ For the FreeIPA OCSP responder to be available, port 9180 needs to be open in the firewall.
+ </div></div></div><div class="section" id="ocsp-interval"><div class="titlepage"><div><div><h3 class="title" id="ocsp-interval">13.5.1. Changing the CRL Update Interval</h3></div></div></div><div class="para">
+ The CRL file is automatically generated by the Dogtag Certificate System CA every four hours. This interval can be changed by editing the Dogtag Certificate System configuration.
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Stop the CA server.
+ </div><pre class="screen">service pki-ca stop</pre></li><li class="listitem"><div class="para">
+ Open the <code class="filename">CS.cfg</code> file.
+ </div><pre class="screen">vim /etc/pki-ca/CS.cfg</pre></li><li class="listitem"><div class="para">
+ Change the <em class="parameter"><code>ca.crl.MasterCRL.autoUpdateInterval</code></em> to the new interval setting.
+ </div></li><li class="listitem"><div class="para">
+ Restart the CA server.
+<pre class="screen">service pki-ca start</pre>
+ </div></li></ol></div></div><div class="section" id="ocsp-location"><div class="titlepage"><div><div><h3 class="title" id="ocsp-location">13.5.2. Changing the OCSP Responder Location</h3></div></div></div><div class="para">
+ Each FreeIPA server generates its own CRL. Likewise, each FreeIPA server uses its own OCSP responder, with its own OCSP responder URL in the certificates it issues.
</div><div class="para">
- For more information on OCSP, refer to the RFC at <a href="http://www.ietf.org/rfc/rfc2560.txt">http://www.ietf.org/rfc/rfc2560.txt</a>.
- </div></div></div><div class="section" id="ipa-apache"><div class="titlepage"><div><div><h2 class="title" id="ipa-apache">13.5. Setting a FreeIPA Server as an Apache Virtual Host</h2></div></div></div><div class="para">
+ A DNS CNAME can be used by FreeIPA clients, and then from there be redirected to the appropriate FreeIPA server OCSP responder.
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Open the certificate profile.
+ </div><pre class="screen">vim /var/lib/pki-ca/profiles/ca/caIPAserviceCert.cfg</pre></li><li class="listitem"><div class="para">
+ Change the <em class="parameter"><code>policyset.serverCertSet.9.default.params.crlDistPointsPointName_0</code></em> parameter to the DNS CNAME hostname.
+ </div></li><li class="listitem"><div class="para">
+ Restart the CA server.
+<pre class="screen">service pki-ca restart</pre>
+
+ </div></li></ol></div><div class="para">
+ That change must be made on every FreeIPA server, with the <em class="parameter"><code>crlDistPointsPointName_0</code></em> parameter set to the same hostname.
+ </div></div></div><div class="section" id="ipa-apache"><div class="titlepage"><div><div><h2 class="title" id="ipa-apache">13.6. Setting a FreeIPA Server as an Apache Virtual Host</h2></div></div></div><div class="para">
If you have a standard Apache instance running on port 80, you can configure FreeIPA to run on a secondary port, for example, on port 8089. You should be aware, however, that in this configuration, FreeIPA does not use <code class="systemitem">SSL</code>; all requests will use standard <code class="systemitem">HTTP</code>.
</div><div class="para">
The following procedure assumes that FreeIPA is configured to run on port 80, and that you want to move it to port 8089.
@@ -4238,9 +4273,9 @@ RewriteRule ^/(.*) https://host.foo.com/$1 [L,R=301,NC]
</div></li></ol></div><div class="para">
This configures FreeIPA to run on port 8089, leaving port 80 free for your normal web site.
- </div></div><div class="section" id="ipa-cluster"><div class="titlepage"><div><div><h2 class="title" id="ipa-cluster">13.6. Using FreeIPA in a Cluster</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="ipa-cluster"><div class="titlepage"><div><div><h2 class="title" id="ipa-cluster">13.7. Using FreeIPA in a Cluster</h2></div></div></div><div class="para">
The FreeIPA server currently does not specifically handle the case of a service running in a cluster. That is, the FreeIPA server is not <em class="firstterm">cluster aware</em>. It is possible to configure a clustered service to be part of FreeIPA, although a certain amount of manual configuration is required. This involves sharing and synchronizing Kerberos keys across all of the participating hosts, and also configuring services running on the hosts to respond to whatever names the clients want to use.
- </div><div class="section" id="Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment"><div class="titlepage"><div><div><h3 class="title" id="Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment">13.6.1. Configuring Kerberos Credentials for a Clustered Environment</h3></div></div></div><div class="para">
+ </div><div class="section" id="Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment"><div class="titlepage"><div><div><h3 class="title" id="Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment">13.7.1. Configuring Kerberos Credentials for a Clustered Environment</h3></div></div></div><div class="para">
Use the following procedure to set up the Kerberos credentials for an environment where your managed host is a cluster of nodes.
</div><div class="orderedlist"><h6>Configuring Kerberos Credentials for a Clustered Environment</h6><ol><li class="listitem"><div class="para">
Enroll all of the hosts in the FreeIPA domain, and collect any keytabs that have been set up. At a minimum, this is <code class="filename">/etc/krb5.keytab</code>, although additional services may have their keys in other files.
@@ -4254,7 +4289,7 @@ RewriteRule ^/(.*) https://host.foo.com/$1 [L,R=301,NC]
Replace the keytab files on each host with the newly-created keytab file.
</div></li></ol></div><div class="para">
Each host in this cluster should now be able to impersonate any other host.
- </div><div class="section" id="Configuring_Kerberos_Credentials_for_a_Clustered_Environment-Service_specific_Configuration"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_Credentials_for_a_Clustered_Environment-Service_specific_Configuration">13.6.1.1. Service-specific Configuration</h4></div></div></div><div class="para">
+ </div><div class="section" id="Configuring_Kerberos_Credentials_for_a_Clustered_Environment-Service_specific_Configuration"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_Credentials_for_a_Clustered_Environment-Service_specific_Configuration">13.7.1.1. Service-specific Configuration</h4></div></div></div><div class="para">
Additional service-specific configuration may be required if cluster members do not reset their hostnames when they take over for a failed service.
<div class="itemizedlist"><ul><li class="listitem"><div class="para">
For <code class="systemitem">sshd</code>, set <em class="parameter"><code>GSSAPIStrictAcceptorCheck no</code></em> in <code class="filename">/etc/ssh/sshd_config</code>
@@ -4262,9 +4297,9 @@ RewriteRule ^/(.*) https://host.foo.com/$1 [L,R=301,NC]
For <code class="systemitem">mod_auth_kerb</code>, set <em class="parameter"><code>KrbServiceName Any</code></em> in <code class="filename">/etc/httpd/conf.d/auth_kerb.conf</code>
</div></li></ul></div>
- </div></div><div class="section" id="Configuring_Kerberos_Credentials_for_a_Clustered_Environment-SSL_Server_Configuration"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_Credentials_for_a_Clustered_Environment-SSL_Server_Configuration">13.6.1.2. SSL Server Configuration</h4></div></div></div><div class="para">
+ </div></div><div class="section" id="Configuring_Kerberos_Credentials_for_a_Clustered_Environment-SSL_Server_Configuration"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_Credentials_for_a_Clustered_Environment-SSL_Server_Configuration">13.7.1.2. SSL Server Configuration</h4></div></div></div><div class="para">
For SSL servers, it is important that the subject name or a <em class="parameter"><code>subjectAlternativeName</code></em> value for the server's certificate look correct when a client connects to the clustered item. The simplest way to do this is to keep the private key and certificate synchronized across all of the hosts, but it is better to share the private key if possible. Ensuring that certificates issued to each cluster member contain <em class="parameter"><code>subjectAlternativeName</code></em> values naming all of the cluster members should satisfy any client connection requirements.
- </div></div></div><div class="section" id="Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services"><div class="titlepage"><div><div><h3 class="title" id="Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services">13.6.2. Using the Same Service Principal for Multiple Services</h3></div></div></div><div class="para">
+ </div></div></div><div class="section" id="Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services"><div class="titlepage"><div><div><h3 class="title" id="Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services">13.7.2. Using the Same Service Principal for Multiple Services</h3></div></div></div><div class="para">
One aspect of applying FreeIPA in a cluster use case is using the same service principal for multiple services, spread across different machines. This is a simple procedure and could be implemented as follows:
<div class="orderedlist"><ol><li class="listitem"><div class="para">
Retrieve a service principal in the normal way, using the <code class="command">ipa-getkeytab</code> command, or use the keytab that is set up when the host joins the realm. That is, by using <code class="command">ipa-join</code>, which creates or updates the <code class="filename">/etc/krb5.keytab</code> file with a host/principal.
@@ -4272,7 +4307,7 @@ RewriteRule ^/(.*) https://host.foo.com/$1 [L,R=301,NC]
When you have the principal in a keytab on the system, you can direct multiple servers or services to use the same file, or you can copy the file to discrete locations as required.
</div></li></ol></div>
- </div></div></div><div class="section" id="logging"><div class="titlepage"><div><div><h2 class="title" id="logging">13.7. FreeIPA Server Logging</h2></div></div></div><div class="para">
+ </div></div></div><div class="section" id="logging"><div class="titlepage"><div><div><h2 class="title" id="logging">13.8. FreeIPA Server Logging</h2></div></div></div><div class="para">
If you are using the FreeIPA command-line tools or the WebUI to manage FreeIPA data then you should refer to the following sections to help troubleshoot any problems.
</div><div class="para">
You should first check the <code class="filename">/var/log/httpd/error_log</code> file. This may contain more information on the error and/or a python stacktrace.
@@ -4289,7 +4324,7 @@ debug=True</pre>
You can use the <code class="option">-v</code> option twice to display the XML-RPC exchange:
<pre class="screen">$ ipa -vv user-show admin</pre>
- </div></div><div class="section" id="promoting-replica"><div class="titlepage"><div><div><h2 class="title" id="promoting-replica">13.8. Promoting a Read-Only Replica to a FreeIPA Server</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="promoting-replica"><div class="titlepage"><div><div><h2 class="title" id="promoting-replica">13.9. Promoting a Read-Only Replica to a FreeIPA Server</h2></div></div></div><div class="para">
The only difference between a replica and the master server is that the master owns the self-signed CA. If you copy the appropriate files from the master to the replica, import the CA into the replica directory server, and delete the existing replication agreements, that replica will then appear as a master server.
</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
If you install with the <code class="option">--selfsign</code> option, follow this procedure if you want to promote a replica to a master. This is because the private key for the self-signed CA is stored in the Apache database (<code class="filename">/etc/httpd/alias</code>). The private key for a Dogtag Certificate System CA is stored in its own security database.
@@ -4310,7 +4345,7 @@ debug=True</pre>
</div></li></ol></div><div class="para">
You now have two identical FreeIPA servers, neither of which know about the other. You can shut down the old master and bring up the new machine (if you are introducing a new replica into your network). Create a replica file on the new master and install it on the new machine.
- </div></div><div class="section" id="upgrading-server"><div class="titlepage"><div><div><h2 class="title" id="upgrading-server">13.9. Testing Before Upgrading the FreeIPA Server</h2></div></div></div><div class="para">
+ </div></div><div class="section" id="upgrading-server"><div class="titlepage"><div><div><h2 class="title" id="upgrading-server">13.10. Testing Before Upgrading the FreeIPA Server</h2></div></div></div><div class="para">
It can be beneficial, and safer, to test newer versions of FreeIPA before upgrading production systems. There is a relatively simple way to do this, by creating a sacrifical replica (which is a read-write server) and testing on that system.
</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
Set up a replica based on one of the production servers, with the same version of FreeIPA as is running in production, as described in <a class="xref" href="#Setting_up_IPA_Replicas">Section 1.4, “Setting up FreeIPA Replicas”</a>. For this example, this is called Test Replica. Make sure that Test Replica can successfully connect to the <span class="emphasis"><em>production</em></span> server and domain.
@@ -4534,47 +4569,665 @@ $ ipa-getcert stop-tracking -n Server2-Cert -d /etc/pki/nssdb
The <code class="option">-r</code> option can be passed with the <code class="command">request</code> command, in <a class="xref" href="#ex.Using_certmonger_with_IPA">Example 14.1, “Using certmonger with FreeIPA”</a>. In that case, the requested certificate is automatically tracked and renewed by <code class="command">certmonger</code>. Then, it is not necessary to configure tracking manually.
</div></div></div><div class="para">
A certificate can be <span class="emphasis"><em>un</em></span>tracked by <code class="command">certmonger</code> by using the <code class="command">stop-tracking</code> command.
- </div></div></div></div><div xml:lang="en-US" class="appendix" id="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Frequently Asked Questions</h1></div></div></div><div class="qandaset"><dl><dt>Q: <a href="#id3075375">
+ </div></div></div></div><div xml:lang="en-US" class="appendix" id="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Frequently Asked Questions</h1></div></div></div><div class="qandaset"><dl><dt>Q: <a href="#id3361446">
Is it possible to change the IP address of the master server?
- </a></dt><dt>Q: <a href="#id3327961">
+ </a></dt><dt>Q: <a href="#id3000293">
Why are there restrictions on the length of user and group names? How can I change this?
- </a></dt><dt>Q: <a href="#id3360466">
+ </a></dt><dt>Q: <a href="#id3183550">
What is the difference between a replica and a master server?
- </a></dt><dt>Q: <a href="#id2998139">
+ </a></dt><dt>Q: <a href="#id3275861">
Can I promote a replica to function as the master? How?
- </a></dt><dt>Q: <a href="#id3081690">
+ </a></dt><dt>Q: <a href="#id3334030">
Why does the ipa-client-install script fail to find the IPA server on a network that uses Active Directory DNS?
- </a></dt><dt>Q: <a href="#id3261753">
+ </a></dt><dt>Q: <a href="#id3026575">
Can an administrator who is connected to "Server B" revoke a certificate issued by "Server A"?
- </a></dt></dl><div class="qandaset"><div id="id3075375" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+ </a></dt></dl><div class="qandaset"><div id="id3361446" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
Is it possible to change the IP address of the master server?
</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
Yes. If you are only changing the IP address then it is sufficient to update the <code class="filename">/etc/hosts</code> file, the system configuration and the DNS entry.
- </div></div></div></div><div id="id3327961" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+ </div></div></div></div><div id="id3000293" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
Why are there restrictions on the length of user and group names? How can I change this?
</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
User and group name lengths are specified in the policy. The default maximum username length is 32 characters. The maximum configurable length for user or group names is 255 characters. This restriction was introduced because some non-Linux operating systems have limitations on the length of username that they can support.
</div><div class="para">
You can modify these settings either in the user interface or on the command line. For example, to specify the maximum username length, run the following command: <code class="command">ipa config-mod --maxusername=INT</code>
- </div></div></div></div><div id="id3360466" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+ </div></div></div></div><div id="id3183550" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
What is the difference between a replica and a master server?
</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
The only difference between a replica and the initial IPA install (the "master") is that the first server owns the self-signed CA.
- </div></div></div></div><div id="id2998139" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+ </div></div></div></div><div id="id3275861" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
Can I promote a replica to function as the master? How?
</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
- Yes. Refer to <a class="xref" href="#promoting-replica">Section 13.8, “Promoting a Read-Only Replica to a FreeIPA Server”</a>.
- </div></div></div></div><div id="id3081690" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+ Yes. Refer to <a class="xref" href="#promoting-replica">Section 13.9, “Promoting a Read-Only Replica to a FreeIPA Server”</a>.
+ </div></div></div></div><div id="id3334030" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
Why does the <code class="command">ipa-client-install</code> script fail to find the IPA server on a network that uses Active Directory DNS?
</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
This is probably due to the fact that Active Directory has its own SRV records for Kerberos and LDAP, and so the <code class="command">ipa-client-install</code> script retrieves those records instead of any that you may have added for IPA.
- </div></div></div></div><div id="id3261753" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+ </div></div></div></div><div id="id3026575" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
Can an administrator who is connected to "Server B" revoke a certificate issued by "Server A"?
</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
Yes, assuming that Servers A and B contain non-cloned CAs whose portion of internal storage has been replicated to share revocation information only.
- </div></div></div></div></div></div></div><div xml:lang="en-US" class="appendix" id="Migrating_from_a_Directory_Server_to_IPA" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Migrating from a Directory Server to IPA</h1></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview">B.1. Overview</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Assumptions">B.1.1. Assumptions</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues">B.1.2. Known Issues</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios">B.1.3. Possible Scenarios</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States">B.1.4. Initia
l and Final States</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps">B.1.5. Recommended Sequence of Steps</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details">B.1.6. Implementation Details</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration">B.2. Performing a Server-based Migration</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">B.2.1. Phase 1: Migrating Existing Data to IPA</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration">B.2.2. Phase 2: Updating t
he Client Configuration</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">B.2.3. Phase 3: Installing and Configuring SSSD</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users">B.2.4. Phase 4: Migrating Users</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS">B.2.5. Phase 5: Decommission the DS</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration">B.3. Performing a Client-based Migration</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_
Installing_and_Configuring_SSSD">B.3.1. Phase 1: Installing and Configuring SSSD</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA">B.3.2. Phase 2: Migrating Existing Data to IPA</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA">B.3.3. Phase 3: Migrate SSSD Clients from LDAP to IPA</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients">B.3.4. Phase 4: Reconfigure non-SSSD Clients</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server">B.3.5. Phase 5: Decommission the Directory Server</a></span></dt></dl></dd></d
l></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview">B.1. Overview</h2></div></div></div><div class="para">
+ </div></div></div></div></div></div></div><div xml:lang="en-US" class="appendix" id="tools-reference" lang="en-US"><div class="titlepage"><div><div><h1 class="title">FreeIPA Tools Reference</h1></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#special-chars">B.1. Using Special Characters</a></span></dt><dt><span class="section"><a href="#server-tools">B.2. Server Scripts</a></span></dt><dd><dl><dt><span class="section"><a href="#ipa-replica-install">B.2.1. ipa-replica-install</a></span></dt><dt><span class="section"><a href="#ipa-replica-prepare">B.2.2. ipa-replica-prepare</a></span></dt><dt><span class="section"><a href="#ipa-server-install">B.2.3. ipa-server-install</a></span></dt></dl></dd><dt><span class="section"><a href="#client-tools">B.3. Client Scripts</a></span></dt><dd><dl><dt><span class="section"><a href="#ipa-client-install">B.3.1. ipa-client-install</a></span></dt></dl></dd></dl></div><div class="section" id="special-chars"><div cl
ass="titlepage"><div><div><h2 class="title" id="special-chars">B.1. Using Special Characters</h2></div></div></div><div class="para">
+ The FreeIPA command-line tools are run as any other utilities in a shell. If there are special characters in the command — such as angle brackets (> and <), ampersands (&), asterisks (*), and pipes (|) — the characters must be escaped. Otherwise, the command fails because the shell cannot properly parse the unescaped characters.
+ </div></div><div class="section" id="server-tools"><div class="titlepage"><div><div><h2 class="title" id="server-tools">B.2. Server Scripts</h2></div></div></div><div class="section" id="ipa-replica-install"><div class="titlepage"><div><div><h3 class="title" id="ipa-replica-install">B.2.1. ipa-replica-install</h3></div></div></div><div class="para">
+ Uses a configuration file based on an existing FreeIPA server to create a replica, or copy, of that server. Once the replica is created, it functions as an equal participant and mirror of the original FreeIPA server within the FreeIPA domain. Any changes made on the server or any other replica are automatically propagated over to the other replicas and server.
+ </div><div class="para">
+ A replica is created using a file that contains all of the configuration for the FreeIPA server. This initial file is created by running the <code class="command">ipa-replica-prepare</code> on the FreeIPA server. Then the file is copied over to the replica machine, and the <code class="command">ipa-replica-install</code> script is run.
+ </div><div class="para">
+ As with the server and client install scripts, any replica arguments which require a parameter value (such as the Directory Manager password) will be prompted for during installation, unless the argument is passed with the command. Parameters with Boolean values (like configuring DNS) will assume that the default value should be used unless the argument is passed with the command.
+ </div><div class="section" id="ipa-replica-install-location"><div class="titlepage"><div><div><h4 class="title" id="ipa-replica-install-location">B.2.1.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
+ Description
+ </th><th>
+ Location
+ </th></tr></thead><tbody><tr><td>
+ Tool directory
+ </td><td>
+ /usr/sbin
+ </td></tr><tr><td>
+ Package
+ </td><td>
+ ipa-server
+ </td></tr></tbody></table></div></div><div class="section" id="ipa-replica-install-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-replica-install-syntax">B.2.1.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">ipa-replica-install</code> [
+ <em class="replaceable"><code>options</code></em>
+ ]
+ <em class="replaceable"><code>/path/to/replica_file</code></em>
+ </p></div></div><div class="section" id="ipa-replica-install-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-replica-install-options">B.2.1.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="33%" /><col width="33%" /><col width="33%" /></colgroup><thead><tr><th>
+ Short Parameter
+ </th><th>
+ Long Parameter
+ </th><th>
+ Description
+ </th></tr></thead><tbody><tr><td>
+ <span class="emphasis"><em>file</em></span>
+ </td><td>
+
+ </td><td>
+ Gives the full path and filename of the replica initialization file that was created from the FreeIPA server configuration.
+ </td></tr><tr><td>
+ -N
+ </td><td>
+ --no-ntp
+ </td><td>
+ Does not configure NTP on the replica system.
+ </td></tr><tr><td>
+ -d
+ </td><td>
+ --debug
+ </td><td>
+ Prints additional debug information.
+ </td></tr><tr><td>
+ -p
+ </td><td>
+ --password
+ </td><td>
+ Gives the Directory Manager password for the FreeIPA domain.
+ </td></tr><tr><td>
+ -w
+ </td><td>
+ --admin-password
+ </td><td>
+ Gives the Kerberos password for the FreeIPA <code class="command">admin</code> user. This is used to check Kerberos and domain connectivity on the replica.
+ </td></tr><tr><td>
+
+ </td><td>
+ --setup-dns
+ </td><td>
+ Sets up DNS services on the replica machine to connect to the FreeIPA DNS domain. If this is not used, then the default value is false, which does not enable DNS.
+ </td></tr><tr><td>
+
+ </td><td>
+ --forwarder
+ </td><td>
+ Gives a comma-separated list of IP addresses for DNS forwarders.
+ </td></tr><tr><td>
+
+ </td><td>
+ --no-forwarders
+ </td><td>
+ Disables DNS forwarder configuration and uses only domain root servers. If this is not used, then the default value is false, which prompts for DNS forwarder information.
+ </td></tr><tr><td>
+
+ </td><td>
+ --no-reverse
+ </td><td>
+ Disables reverse DNS configuration. If this is not used, then the default value is true, which assumes that reverse DNS should be configured.
+ </td></tr><tr><td>
+
+ </td><td>
+ --no-host-dns
+ </td><td>
+ Disables host DNS lookups during the replica installation process. If this is not used, then the default value is true, which performs the host DNS lookups.
+ </td></tr><tr><td>
+
+ </td><td>
+ --no-pkinit
+ </td><td>
+ Disables PKI (Dogtag Certificate System) configuration. If this is not used, then the default value is true, which assumes that a local Dogtag Certificate System CA should be configured.
+ </td></tr><tr><td>
+
+ </td><td>
+ --skip-conncheck
+ </td><td>
+ <div class="para">
+ Disables checks for the replica's connection to the FreeIPA domain. If this is not used, then the default value is true, which checks that the replica can connect to the Kerberos realm.
+ </div>
+ <div class="para">
+ This can be useful if the replica is unable to reach the Directory Server or the CA used by the original FreeIPA server, such as the server is offline or the server's firewall is blocking access on the required ports (<a class="xref" href="#prereq-ports">Section 1.1.3.3, “System Ports”</a>).
+ </div>
+
+ </td></tr><tr><td>
+ -U
+ </td><td>
+ --unattended
+ </td><td>
+ Disables user prompts so that the replica installation script runs without user interaction.
+ </td></tr></tbody></table></div></div></div><div class="section" id="ipa-replica-prepare"><div class="titlepage"><div><div><h3 class="title" id="ipa-replica-prepare">B.2.2. ipa-replica-prepare</h3></div></div></div><div class="para">
+ Creates a file that can be used to create a copy, or <span class="emphasis"><em>replica</em></span>, of the FreeIPA server.
+ </div><div class="para">
+ Each replica initialization file is unique to the replica machine because the configuration is based, in part, on the IP address and hostname of the replica machine. This host-specific configuration is especially critical for setting up services like Kerberos which use SSL because SSL certificates are created based on the hostname.
+ </div><div class="para">
+ When the replica file is created, the prep script requires the hostname and, optionally, accepts the IP address.
+ </div><div class="para">
+ Once the configuration file is created on the server using the <code class="command">ipa-replica-prepare</code> command, then the replica file is copied over to the replica machine and the replica is configured using the <code class="command">ipa-replica-prepare</code> command.
+ </div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+ If DNS is managed by FreeIPA, then use either the <code class="option">--ip-address</code> option or configure DNS forwarders and allow reverse DNS lookups.
+ </div></div></div><div class="section" id="ipa-replica-prepare-location"><div class="titlepage"><div><div><h4 class="title" id="ipa-replica-prepare-location">B.2.2.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
+ Description
+ </th><th>
+ Location
+ </th></tr></thead><tbody><tr><td>
+ Tool directory
+ </td><td>
+ /usr/sbin
+ </td></tr><tr><td>
+ Package
+ </td><td>
+ ipa-server
+ </td></tr></tbody></table></div></div><div class="section" id="ipa-replica-prepare-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-replica-prepare-syntax">B.2.2.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">ipa-replica-prepare</code> [
+ --dirsrv_pkcs12=<em class="replaceable"><code>file</code></em>
+ ] [
+ --http_pkcs12=<em class="replaceable"><code>file</code></em>
+ ] [
+ --dirsrv_pin=<em class="replaceable"><code>pin</code></em>
+ ] [
+ --http_pin=<em class="replaceable"><code>pin</code></em>
+ ] [
+ --ip-address=<em class="replaceable"><code>ipAddress</code></em>
+ ]
+ <em class="replaceable"><code>hostname</code></em>
+ </p></div></div><div class="section" id="ipa-replica-prepare-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-replica-prepare-options">B.2.2.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
+ Parameter
+ </th><th>
+ Description
+ </th></tr></thead><tbody><tr><td>
+ --dirsrv_pkcs12
+ </td><td>
+ Gives the full path and filename of a PKCS #12 file (.p12) which contains the Directory Server's SSL certificate.
+ </td></tr><tr><td>
+ --dirsrv_pin
+ </td><td>
+ Gives the password to access the Directory Server certificate file.
+ </td></tr><tr><td>
+ --http_pkcs12
+ </td><td>
+ Gives the full path and filename of a PKCS #12 file (.p12) which contains the Apache server's SSL certificate.
+ </td></tr><tr><td>
+ --http_pin
+ </td><td>
+ Gives the password to access the Apache certificate file.
+ </td></tr><tr><td>
+ --ip-address
+ </td><td>
+ Gives the IP address of the replica server. Using this option automatically adds A and PTR records for the replica host to the FreeIPA DNS configuration.
+ </td></tr></tbody></table></div></div></div><div class="section" id="ipa-server-install"><div class="titlepage"><div><div><h3 class="title" id="ipa-server-install">B.2.3. ipa-server-install</h3></div></div></div><div class="para">
+ Configures all of the services used by the FreeIPA server for the FreeIPA domain:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Dogtag Certificate System, for issuing server certificates
+ </div></li><li class="listitem"><div class="para">
+ 389 Directory Server, for storing all of the FreeIPA information
+ </div></li><li class="listitem"><div class="para">
+ The Kerberos KDC, with the LDAP backend
+ </div></li><li class="listitem"><div class="para">
+ Apache, for the web-based services
+ </div></li><li class="listitem"><div class="para">
+ NTP
+ </div></li><li class="listitem"><div class="para">
+ The <code class="command">ipa_kpasswd</code> service
+ </div></li><li class="listitem"><div class="para">
+ Optionally, DNS
+ </div></li></ul></div><div class="para">
+ This script can be run interactively, which prompts for many of the server values, or information can be passed directly to the script so that the server can be configured without human intervention.
+ </div><div class="para">
+ The FreeIPA server configuration is very flexible. The setup script allows some customization to services like DNS, NTP, certificate issuance, and access control in FreeIPA so that the server can be suited to the network environment.
+ </div><div class="section" id="ipa-server-install-location"><div class="titlepage"><div><div><h4 class="title" id="ipa-server-install-location">B.2.3.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
+ Description
+ </th><th>
+ Location
+ </th></tr></thead><tbody><tr><td>
+ Tool directory
+ </td><td>
+ /usr/sbin
+ </td></tr><tr><td>
+ Package
+ </td><td>
+ ipa-server
+ </td></tr></tbody></table></div></div><div class="section" id="ipa-server-install-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-server-install-syntax">B.2.3.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">ipa-server-install</code>
+ -a <em class="replaceable"><code>ipa_admin_password</code></em>
+
+ --hostname=<em class="replaceable"><code>hostname</code></em>
+
+ -p <em class="replaceable"><code>directory_manager_password</code></em>
+
+ -n <em class="replaceable"><code>domain_name</code></em>
+
+ -r <em class="replaceable"><code>realm_name</code></em>
+ [[
+ --external-ca
+ ] | [
+ --external_ca_file=<em class="replaceable"><code>CA_cert_chain_file</code></em>
+ ] | [
+ --external_cert_file=<em class="replaceable"><code>certificate_file</code></em>
+ ]] [
+ --selfsign
+ ] [
+ --subject=<em class="replaceable"><code>subject_DN</code></em>
+ ] [
+ --forwarder=<em class="replaceable"><code>forwarder</code></em>
+ ] [
+ --no-forwarders
+ ] [
+ --no-reverse
+ ] [
+ --setup-dns
+ ] [
+ --zonemgr=<em class="replaceable"><code>email_address</code></em>
+ ] [
+ --ip-address=<em class="replaceable"><code>ip_address</code></em>
+ ] [
+ -P <em class="replaceable"><code>kerberos_master_password</code></em>
+ ] [
+ --no-ntp
+ ] [
+ --idmax=<em class="replaceable"><code>number</code></em>
+ ] [
+ --idstart=<em class="replaceable"><code>number</code></em>
+ ] [
+ --no_hbac_allow
+ ] [
+ --no-host-dns
+ ] [
+ -U
+ ] [
+ --uninstall
+ ] [
+ --debug
+ ] [
+ --help
+ ] [
+ --version
+ ]</p></div></div><div class="section" id="ipa-server-install-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-server-install-options">B.2.3.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="33%" /><col width="33%" /><col width="33%" /></colgroup><thead><tr><th>
+ Argument
+ </th><th>
+ Alternate Argument
+ </th><th>
+ Description
+ </th></tr></thead><tbody><tr><td colspan="3">
+ <span class="bold bold"><strong>Required Options</strong></span><sup>[<a id="id3118285" href="#ftn.id3118285" class="footnote">a</a>]</sup>
+ </td></tr><tr><td>
+ -a <span class="emphasis"><em>ipa_admin_password</em></span>
+ </td><td>
+ --admin-password=<span class="emphasis"><em>ipa_admin_password</em></span>
+ </td><td>
+ The password for the FreeIPA administrator. This is used for the admin user to authenticate to the Kerberos realm.
+ </td></tr><tr><td>
+ --hostname=<span class="emphasis"><em>hostname</em></span>
+ </td><td>
+
+ </td><td>
+ The fully-qualified domain name of the FreeIPA server machine.
+ </td></tr><tr><td>
+ -n <span class="emphasis"><em>domain_name</em></span>
+ </td><td>
+ --domain=<span class="emphasis"><em>domain_name</em></span>
+ </td><td>
+ The name of the LDAP server domain to use for the FreeIPA domain. This is usually based on the FreeIPA server's hostname.
+ </td></tr><tr><td>
+ -p <span class="emphasis"><em>directory_manager_password</em></span>
+ </td><td>
+ --ds-password=<span class="emphasis"><em>directory_manager_password</em></span>
+ </td><td>
+ The password for the superuser, <code class="command">cn=Directory Manager</code>, for the LDAP service.
+ </td></tr><tr><td>
+ -r <span class="emphasis"><em>realm_name</em></span>
+ </td><td>
+ --realm=<span class="emphasis"><em>realm_name</em></span>
+ </td><td>
+ The name of the Kerberos realm to create for the FreeIPA domain.
+ </td></tr><tr><td colspan="3">
+ <span class="bold bold"><strong>Certificate Authority Options</strong></span>
+ </td></tr><tr><td>
+ --external-ca
+ </td><td>
+
+ </td><td>
+ Instructs the installation script to generate a certificate request that can be submitted to an external or third-party CA.
+ </td></tr><tr><td>
+ --external_ca_file=<span class="emphasis"><em>CA_cert_chain_file</em></span>
+ </td><td>
+
+ </td><td>
+ Points to the PKCS#10 file which contains the CA certificate chain of the external CA. This is required to validate the certificate issued by the CA for the FreeIPA server. If an external CA is used, this is required in a second invocation of <code class="command">ipa-server-install</code> to complete the setup process.
+ </td></tr><tr><td>
+ --external_cert_file=<span class="emphasis"><em>certificate_file</em></span>
+ </td><td>
+
+ </td><td>
+ Points to the PKCS#10 file which contains the certificate that was generated by an external CA. If an external CA is used, this is required in a second invocation of <code class="command">ipa-server-install</code> to complete the setup process.
+ </td></tr><tr><td>
+ --selfsign
+ </td><td>
+
+ </td><td>
+ Uses a self-signed certificate instead of a certificate issued by the internal Dogtag Certificate System or by an external CA. If this option is selected, then no Dogtag Certificate System instance is configured as part of the setup process, and the FreeIPA server itself functionally serves as a CA for clients in the domain. This is not recommended for production environments, but can be used in test or development environments.
+ </td></tr><tr><td>
+ --subject=<span class="emphasis"><em>subject_DN</em></span>
+ </td><td>
+
+ </td><td>
+ Sets the base element for the subject DN of the issued certificates. This defaults to <code class="command">O=</code><span class="emphasis"><em>realm</em></span>.
+ </td></tr><tr><td colspan="3">
+ <span class="bold bold"><strong>DNS Options</strong></span>
+ </td></tr><tr><td>
+ --forwarder=<span class="emphasis"><em>forwarder</em></span>
+ </td><td>
+
+ </td><td>
+ Gives a comma-separated list of DNS forwarders to use with the DNS service.
+ </td></tr><tr><td>
+ --no-forwarders
+ </td><td>
+
+ </td><td>
+ Uses root servers with the DNS service instead of forwarders.
+ </td></tr><tr><td>
+ --no-reverse
+ </td><td>
+
+ </td><td>
+ Uses root servers with the DNS service instead of forwarders.
+ </td></tr><tr><td>
+ --setup-dns
+ </td><td>
+
+ </td><td>
+ Tells the installation script to set up a DNS service within the FreeIPA domain. Using an integrated DNS service is optional, so if this option is not passed with the installation script, then no DNS is configured.
+ </td></tr><tr><td>
+ --zonemgr=<span class="emphasis"><em>email_address</em></span>
+ </td><td>
+
+ </td><td>
+ Gives the email address to use for the DNS zone manager. If none is given, this defaults to root.
+ </td></tr><tr><td colspan="3">
+ <span class="bold bold"><strong>Kerberos Options</strong></span>
+ </td></tr><tr><td>
+ --ip-address=<span class="emphasis"><em>ip_address</em></span>
+ </td><td>
+
+ </td><td>
+ Gives the IP address of the Kerberos master KDC. This can be used if there are multiple FreeIPA servers in the same realm.
+ </td></tr><tr><td>
+ -P <span class="emphasis"><em>kerberos_master_password</em></span>
+ </td><td>
+ --master-password=<span class="emphasis"><em>kerberos_master_password</em></span>
+ </td><td>
+ The password for the KDC account. This is randomly generated if no value is given.
+ </td></tr><tr><td colspan="3">
+ <span class="bold bold"><strong>NTP Options</strong></span>
+ </td></tr><tr><td>
+ -N, --no-ntp
+ </td><td>
+
+ </td><td>
+ Does <span class="emphasis"><em>not</em></span> configure the NTP service for the FreeIPA server. This is normally done by default.
+ <div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+ If the FreeIPA server is running as a virtual guest, it should not run an NTP service.
+ </div></div></div>
+
+ </td></tr><tr><td colspan="3">
+ <span class="bold bold"><strong>FreeIPA Server Configuration Options</strong></span>
+ </td></tr><tr><td>
+ --idmax=<span class="emphasis"><em>number</em></span>
+ </td><td>
+
+ </td><td>
+ Sets the upper bound for IDs which can be assigned by the FreeIPA server. The default value is the ID start value plus 199999.
+ </td></tr><tr><td>
+ --idstart=<span class="emphasis"><em>number</em></span>
+ </td><td>
+
+ </td><td>
+ Sets the lower bound (starting value) for IDs which can be assigned by the FreeIPA server. The default value is randomly selected.
+ </td></tr><tr><td>
+ --no_hbac_allow
+ </td><td>
+
+ </td><td>
+ Disables the <code class="command">allow_all</code> rule for host-based access control in the FreeIPA domain.
+ </td></tr><tr><td colspan="3">
+ <span class="bold bold"><strong>Other Setup Options</strong></span>
+ </td></tr><tr><td>
+ --no-host-dns
+ </td><td>
+
+ </td><td>
+ Does <span class="emphasis"><em>not</em></span> use DNS to look up the hostname of the FreeIPA server machine during the installation process.
+ </td></tr><tr><td>
+ -U
+ </td><td>
+ --unattended
+ </td><td>
+ Runs the <code class="command">ipa-server-install</code> command without any interactive prompts.
+ </td></tr><tr><td>
+ --uninstall
+ </td><td>
+
+ </td><td>
+ Uninstalls an existing FreeIPA server.
+ </td></tr><tr><td colspan="3">
+ <span class="bold bold"><strong>General Tool Options</strong></span>
+ </td></tr><tr><td>
+ -d
+ </td><td>
+ --debug
+ </td><td>
+ Runs the <code class="command">ipa-server-install</code> command in debug mode and outputs debugging information.
+ </td></tr><tr><td>
+ -h
+ </td><td>
+ --help
+ </td><td>
+ Prints the help information for the <code class="command">ipa-server-install</code> command.
+ </td></tr><tr><td>
+ --version
+ </td><td>
+
+ </td><td>
+ Prints the version number of the <code class="command">ipa-server-install</code> command.
+ </td></tr></tbody><tbody class="footnotes"><tr><td colspan="3"><div class="footnote"><p><sup>[<a id="ftn.id3118285" href="#id3118285" class="para">a</a>] </sup>
+ The installation script will prompt for these options if they are not passed with the script.
+ </p></div></td></tr></tbody></table></div></div></div></div><div class="section" id="client-tools"><div class="titlepage"><div><div><h2 class="title" id="client-tools">B.3. Client Scripts</h2></div></div></div><div class="para">
+ These tools are used to manage client machines.
+ </div><div class="section" id="ipa-client-install"><div class="titlepage"><div><div><h3 class="title" id="ipa-client-install">B.3.1. ipa-client-install</h3></div></div></div><div class="para">
+ Configures a client machine. This script uses the local SSSD service to connect to the FreeIPA server during the setup process. It is also possible to connect to the server through PAM/NSS using LDAP.
+ </div><div class="para">
+ This script is also used to uninstall clients, which removes them from the FreeIPA domain and removes all FreeIPA-related configuration.
+ </div><div class="para">
+ This script is only available for Fedora platforms.
+ </div><div class="section" id="ipa-client-install-location"><div class="titlepage"><div><div><h4 class="title" id="ipa-client-install-location">B.3.1.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
+ Description
+ </th><th>
+ Location
+ </th></tr></thead><tbody><tr><td>
+ Tool directory
+ </td><td>
+ /usr/sbin/
+ </td></tr><tr><td>
+ Package
+ </td><td>
+ ipa-client
+ </td></tr></tbody></table></div></div><div class="section" id="ipa-client-install-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-client-install-syntax">B.3.1.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">ipa-client-install</code> [
+ -d | --debug
+ ] [
+ --domain=<em class="replaceable"><code>domainName</code></em>
+ ] [
+ --enable-dns-updates
+ ] [
+ -f, --force
+ ] [
+ --hostname=<em class="replaceable"><code>clientHostname</code></em>
+ ] [
+ --mkhomedir
+ ] [
+ -N, --no-ntp
+ ] [
+ --no-krb5-offline-passwords
+ ] [
+ -ntp-server=<em class="replaceable"><code>NTP_server</code></em>
+ ] [
+ --on-master
+ ] [
+ -p | --principal
+ ] [
+ --permit
+ ] [
+ --realm=<em class="replaceable"><code>realmName</code></em>
+ ] [
+ -S | --no-sssd
+ ] [
+ --server=<em class="replaceable"><code>IPA_server</code></em>
+ ] [
+ -U | --unattended
+ ] [
+ --uninstall
+ ] [
+ -w <em class="replaceable"><code>password</code></em> | --password=<em class="replaceable"><code>password</code></em> | -W
+ ]</p></div></div><div class="section" id="ipa-client-install-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-client-install-options">B.3.1.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="33%" /><col width="33%" /><col width="33%" /></colgroup><thead><tr><th>
+ Parameter
+ </th><th>
+ Alternate Parameter
+ </th><th>
+ Description
+ </th></tr></thead><tbody><tr><td>
+ --domain=<em class="replaceable"><code>domainName</code></em>
+ </td><td>
+
+ </td><td>
+ Gives the domain name for the FreeIPA domain.
+ </td></tr><tr><td>
+ --enable-dns-updates
+ </td><td>
+
+ </td><td>
+ Tells SSSD to update DNS with the IP address of this client.
+ </td></tr><tr><td>
+ -f
+ </td><td>
+ --force
+ </td><td>
+ Forces the script to apply the settings even if errors occur.
+ </td></tr><tr><td>
+ --hostname=<em class="replaceable"><code>clientHostname</code></em>
+ </td><td>
+
+ </td><td>
+ Sets the fully-qualified domain name of the client server. If this is not given, the script uses the nodename given in uname.
+ </td></tr><tr><td>
+ --mkhomedir
+ </td><td>
+
+ </td><td>
+ Configures PAM to create a user's home directory if it does not exist.
+ </td></tr><tr><td>
+ -N
+ </td><td>
+ --no-ntp
+ </td><td>
+ Does not configure or enable NTP.
+ </td></tr><tr><td>
+
+ </td><td>
+ --no-krb5-offline-passwords
+ </td><td>
+ Prevents the SSSD services from storing Kerberos passwords in the SSSD cache. The cache is useful because a user may log into a system when a machine is offline and then attempt to access domain services after the machine is brought online. Using the cache stores the password, which can be referenced when the domain is accessed.
+ </td></tr><tr><td>
+ --ntp-server=<em class="replaceable"><code>NTP_server</code></em>
+ </td><td>
+
+ </td><td>
+ Configures the local <code class="systemitem">ntpd</code> service to use the FreeIPA NTP server.
+ </td></tr><tr><td>
+ --on-master
+ </td><td>
+
+ </td><td>
+ Indicates the client is being configured on a FreeIPA server. This is not for a normal invocation of the setup script; this option is used by <code class="command">ipa-server-install</code> when a server is configured.
+ </td></tr><tr><td>
+ -p
+ </td><td>
+ --principal
+ </td><td>
+ Passes an authorized Kerberos principal to use to join the FreeIPA realm. This is used during an automated deployment, such as a kickstart process.
+ </td></tr><tr><td>
+ --permit
+ </td><td>
+
+ </td><td>
+ Configures SSSD to permit all access. If this is not set, then access to the client is controlled by the host-based access controls on the FreeIPA server.
+ </td></tr><tr><td>
+ --realm=<em class="replaceable"><code>realmName</code></em>
+ </td><td>
+
+ </td><td>
+ Gives the FreeIPA realm name.
+ </td></tr><tr><td>
+ -S
+ </td><td>
+ --no-sssd
+ </td><td>
+ Tells the client to use <code class="systemitem">nss_ldap</code> for authentication instead of SSSD.
+ </td></tr><tr><td>
+ --server=<em class="replaceable"><code>IPA_server</code></em>
+ </td><td>
+
+ </td><td>
+ Gives the name of the FreeIPA server to connect to.
+ </td></tr><tr><td>
+ -U
+ </td><td>
+ --unattended
+ </td><td>
+ Performs an unattended installation, with no user prompts.
+ </td></tr><tr><td>
+ --uninstall
+ </td><td>
+
+ </td><td>
+ Removes the FreeIPA client software and configuration to restore the machine to a pre-FreeIPA state.
+ </td></tr><tr><td>
+ -w <span class="emphasis"><em>password</em></span>
+ </td><td>
+ --password=<span class="emphasis"><em>password</em></span>
+ </td><td>
+ Gives the Kerberos password to use to access the FreeIPA realm and join the machine. If only the password parameter is used, the script assumes this is a bulk enrollment and uses the machine name as the Kerberos principal. If the principal is given, the script binds as an FreeIPA user.
+ </td></tr><tr><td>
+ -W
+ </td><td>
+
+ </td><td>
+ Prompts for the password.
+ </td></tr></tbody></table></div></div></div></div></div><div xml:lang="en-US" class="appendix" id="Migrating_from_a_Directory_Server_to_IPA" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Migrating from a Directory Server to IPA</h1></div></div></div><div class="toc"><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview">C.1. Overview</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Assumptions">C.1.1. Assumptions</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues">C.1.2. Known Issues</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios">C.1.3. Possible Scenarios</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_Sta
tes">C.1.4. Initial and Final States</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps">C.1.5. Recommended Sequence of Steps</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details">C.1.6. Implementation Details</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration">C.2. Performing a Server-based Migration</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">C.2.1. Phase 1: Migrating Existing Data to IPA</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration">C.2.2. P
hase 2: Updating the Client Configuration</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">C.2.3. Phase 3: Installing and Configuring SSSD</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users">C.2.4. Phase 4: Migrating Users</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS">C.2.5. Phase 5: Decommission the DS</a></span></dt></dl></dd><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration">C.3. Performing a Client-based Migration</a></span></dt><dd><dl><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_
Migration-Phase_1_Installing_and_Configuring_SSSD">C.3.1. Phase 1: Installing and Configuring SSSD</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA">C.3.2. Phase 2: Migrating Existing Data to IPA</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA">C.3.3. Phase 3: Migrate SSSD Clients from LDAP to IPA</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients">C.3.4. Phase 4: Reconfigure non-SSSD Clients</a></span></dt><dt><span class="section"><a href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server">C.3.5. Phase 5: Decommission the Directory Server</a></span>
</dt></dl></dd></dl></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview">C.1. Overview</h2></div></div></div><div class="para">
This appendix addresses the situation where a customer has previously deployed an internal Directory Server (DS) and is planning to use IPA instead. The customer needs to transfer all user data from the DS to IPA so that IPA can function fully and correctly. The goal is to perform this migration without requiring that users change their passwords or perform some other specific action.
- </div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Assumptions"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Assumptions">B.1.1. Assumptions</h3></div></div></div><div class="para">
+ </div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Assumptions"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Assumptions">C.1.1. Assumptions</h3></div></div></div><div class="para">
It is not practical to identify and address each of the scenarios in which a DS and IPA might be deployed, and where migration might be required. Consequently, the following assumptions are made:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
This is a one-to-one transition from one DS realm to one IPA realm. No consolidation is involved.
@@ -4586,7 +5239,7 @@ $ ipa-getcert stop-tracking -n Server2-Cert -d /etc/pki/nssdb
Some machines might be present that are managed by <code class="systemitem">NIS</code> or are not part of the DS deployment, but are planned to be part of the IPA domain
</div><div class="para">
Machines that cannot be moved from the <code class="systemitem">NIS</code> domain to LDAP or IPA because they are old and do not support <code class="systemitem">nss_ldap</code> are assumed to remain in and be served by the <code class="systemitem">NIS</code> domain. The migration of such machines to the IPA domain, while possible, is a challenging task and is out of the scope of the current use case.
- </div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues">B.1.2. Known Issues</h3></div></div></div><div class="para">
+ </div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues">C.1.2. Known Issues</h3></div></div></div><div class="para">
A number of issues exist that need to be considered when planning the migration:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
A generic DS uses a different schema and <em class="firstterm">Directory Information Tree (DIT)</em> when compared to IPA. No known DS uses the same flat DIT structure that IPA uses. IPA is optimized for performance, and attempts to avoid any architectural design flaws that have occurred in the past.
@@ -4594,7 +5247,7 @@ $ ipa-getcert stop-tracking -n Server2-Cert -d /etc/pki/nssdb
IPA uses Kerberos for authentication, and so each user requires that Kerberos keys be stored in the IPA DS, in addition to the standard LDAP hashes used by the DS
</div><div class="para">
In order to generate these keys, the password needs to be available in clear text to IPA's DS password plug-in. It is available when the user is created in IPA using IPA tools or LDAP, but this is not the case when the user is migrated from other external storage such as another DS. Consequently, the existing password hashes can be reloaded, but the Kerberos hashes cannot be generated. IPA provides a number of solutions to overcome this issue; these are described later in this appendix.
- </div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios">B.1.3. Possible Scenarios</h3></div></div></div><div class="para">
+ </div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios">C.1.3. Possible Scenarios</h3></div></div></div><div class="para">
The following have been identified as typical migration scenarios:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Migrate an existing environment to IPA but do not use its Kerberos features for now
@@ -4602,13 +5255,13 @@ $ ipa-getcert stop-tracking -n Server2-Cert -d /etc/pki/nssdb
Migrate an existing environment to IPA and use its Kerberos features using only IPA v1 functionality. That is, do not use SSSD.
</div></li><li class="listitem"><div class="para">
Migrate an existing environment to IPA and use its Kerberos features on some machines, while some machines will use SSSD and some will not; this is the primary use case.
- </div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States">B.1.4. Initial and Final States</h3></div></div></div><div class="para">
+ </div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States">C.1.4. Initial and Final States</h3></div></div></div><div class="para">
The following sections describe the initial, pre‐migration state, and the final, post‐migration state of a DS deployment when migrating to a single IPA domain.
- </div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Initial_State"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Initial_State">B.1.4.1. Initial State</h4></div></div></div><div class="para">
+ </div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Initial_State"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Initial_State">C.1.4.1. Initial State</h4></div></div></div><div class="para">
In the initial state, there is a single data source (the Directory Server) and a single client machine configuration. This client configuration uses <code class="systemitem">LDAP</code> to connect to the Directory Server and retrieve information about users and groups. This configuration uses <code class="systemitem">PAM_LDAP</code> and <code class="systemitem">NSS_LDAP</code> for authentication and identity lookups. These modules enable the client systems to use data retrieved from the DS just as if it were stored in <code class="filename">/etc/passwd</code> or <code class="filename">/etc/shadow</code>. The following diagram illustrates this type of implementation, where <code class="systemitem">LDAP</code> is used to connect to the DS for both authentication and authorization. The case where <code class="systemitem">Kerberos</code> is used for authentication and <code class="systemitem">LDAP</code> for identity, and where these two data stores are synchronized, is not
described here. Consequently, the initial state may not be as simple or as straightforward as displayed here, however the approach and the final state will be similar.
- </div><div class="figure" id="figu-Enterprise_Identity_Management_Guide-Initial_State-Initial_state_of_deployment_before_migrating_to_IPA."><div class="figure-contents"><div class="mediaobject"><img src="./images/IPA_Migration_Initial_State.png" alt="Initial state of deployment before migrating to IPA." /></div></div><h6>Figure B.1. Initial state of deployment before migrating to IPA.</h6></div><br class="figure-break" /></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Final_State"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Final_State">B.1.4.2. Final State</h4></div></div></div><div class="para">
- In the final state, even though only a single data source exists, multiple possible machine configurations are now possible. This is illustrated in <a class="xref" href="#figu-Enterprise_Identity_Management_Guide-Final_State-Final_state_of_deployment_after_migrating_to_IPA">Figure B.2, “Final state of deployment after migrating to IPA”</a>
- </div><div class="figure" id="figu-Enterprise_Identity_Management_Guide-Final_State-Final_state_of_deployment_after_migrating_to_IPA"><div class="figure-contents"><div class="mediaobject"><img src="./images/IPA_Migration_Final_State.png" alt="Final state of deployment after migrating to IPA" /></div></div><h6>Figure B.2. Final state of deployment after migrating to IPA</h6></div><br class="figure-break" /><div class="section" id="sect-Enterprise_Identity_Management_Guide-Final_State-Configuration_Options"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Final_State-Configuration_Options">B.1.4.2.1. Configuration Options</h5></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuration_Options-Connected_to_IPA_via_SSSD_Using_SSSDs_LDAP_Back_End"><h5 class="formalpara">Connected to IPA via SSSD Using SSSD's LDAP Back End</h5>
+ </div><div class="figure" id="figu-Enterprise_Identity_Management_Guide-Initial_State-Initial_state_of_deployment_before_migrating_to_IPA."><div class="figure-contents"><div class="mediaobject"><img src="./images/IPA_Migration_Initial_State.png" alt="Initial state of deployment before migrating to IPA." /></div></div><h6>Figure C.1. Initial state of deployment before migrating to IPA.</h6></div><br class="figure-break" /></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Final_State"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Final_State">C.1.4.2. Final State</h4></div></div></div><div class="para">
+ In the final state, even though only a single data source exists, multiple possible machine configurations are now possible. This is illustrated in <a class="xref" href="#figu-Enterprise_Identity_Management_Guide-Final_State-Final_state_of_deployment_after_migrating_to_IPA">Figure C.2, “Final state of deployment after migrating to IPA”</a>
+ </div><div class="figure" id="figu-Enterprise_Identity_Management_Guide-Final_State-Final_state_of_deployment_after_migrating_to_IPA"><div class="figure-contents"><div class="mediaobject"><img src="./images/IPA_Migration_Final_State.png" alt="Final state of deployment after migrating to IPA" /></div></div><h6>Figure C.2. Final state of deployment after migrating to IPA</h6></div><br class="figure-break" /><div class="section" id="sect-Enterprise_Identity_Management_Guide-Final_State-Configuration_Options"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Final_State-Configuration_Options">C.1.4.2.1. Configuration Options</h5></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuration_Options-Connected_to_IPA_via_SSSD_Using_SSSDs_LDAP_Back_End"><h5 class="formalpara">Connected to IPA via SSSD Using SSSD's LDAP Back End</h5>
Clients connect to IPA via SSSD. SSSD is integrated into the PAM and NSS stacks by means of PAM_SSS and NSS_SSS, respectively. SSSD's LDAP back end is configured for both authentication and for identity lookups. In this use case, IPA functions like a normal DS.
</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
Kerberos authentication can be configured instead of LDAP authentication. In this case, IPA acts as a normal DS for identity lookups and a normal KDC for Kerberos authentication.
@@ -4620,7 +5273,7 @@ $ ipa-getcert stop-tracking -n Server2-Cert -d /etc/pki/nssdb
Clients connect directly to IPA and use PAM_KRB5 and NSS_LDAP. This is the same configuration as that provided for IPA v1.x
</div><div class="para">
In the initial state, clients use LDAP to communicate with the Directory Server to retrieve information about users and groups. <code class="systemitem">PAM_LDAP</code> and <code class="systemitem">NSS_LDAP</code> are modules that enable the client systems to use data retrieved from the Directory Server as if it were stored in <code class="filename">/etc/passwd</code> or <code class="filename">/etc/shadow</code>. In the final state, IPA provides all of the same functionality and many more features besides.
- </div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps">B.1.5. Recommended Sequence of Steps</h3></div></div></div><div class="para">
+ </div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps">C.1.5. Recommended Sequence of Steps</h3></div></div></div><div class="para">
The migration from DS to IPA requires:
</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
Installing IPA on a suitable machine
@@ -4644,13 +5297,13 @@ $ ipa-getcert stop-tracking -n Server2-Cert -d /etc/pki/nssdb
Deploy SSSD first
</div></li></ul></div><div class="para">
Each approach is valid and accomplishes the same goal, but using a different sequence of operations.
- </div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Recommended_Sequence_of_Steps-Comparison_of_Migration_Strategies"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Recommended_Sequence_of_Steps-Comparison_of_Migration_Strategies">B.1.5.1. Comparison of Migration Strategies</h4></div></div></div><div class="para">
+ </div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Recommended_Sequence_of_Steps-Comparison_of_Migration_Strategies"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Recommended_Sequence_of_Steps-Comparison_of_Migration_Strategies">C.1.5.1. Comparison of Migration Strategies</h4></div></div></div><div class="para">
Each approach has a different impact on the IT team and the users. You need to select the approach that best suits your deployment. These scenarios can be modified to meet the needs of your enterprise. Provided you understand the implications and reasoning behind each step, there is no requirement to follow the steps in the given order. It is important to understand that until the Kerberos keys are generated in IPA, users will not be able to authenticate with Kerberos credentials using <code class="systemitem">PAM_KRB5</code> or <code class="command">kinit</code>.
</div><div class="para">
You should also consider an alternative migration scenario, where passwords are not migrated. In this scenario, users are not migrated into IPA but rather added as new users with new passwords. Users would then change their password the first time they authenticate. The initial password would be defined by IT and sent to users by email or communicated in some other way.
</div><div class="para">
Migrating users from an existing system provides a smoother transition but also requires parallel management of DS and IPA during the migration. If you do not preserve passwords, the migration can be performed more quickly and you can avoid the period of double management of IPA and DS.
- </div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details">B.1.6. Implementation Details</h3></div></div></div><div class="para">
+ </div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details">C.1.6. Implementation Details</h3></div></div></div><div class="para">
The following sequence of operations occurs when users are migrated using SSSD:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
A user tries to log in to the machine.
@@ -4676,15 +5329,15 @@ $ ipa-getcert stop-tracking -n Server2-Cert -d /etc/pki/nssdb
If the bind operation fails for any reason, the IPA identity provider back end will fail authentication, otherwise it will continue.
</div></li><li class="listitem"><div class="para">
The IPA identity provider back end will unbind and try Kerberos authentication again. This time it is expected to succeed because the keys already exist in the entry.
- </div></li></ul></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration">B.2. Performing a Server-based Migration</h2></div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ </div></li></ul></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration">C.2. Performing a Server-based Migration</h2></div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
Each phase of the migration should be performed as a single step.
- </div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">B.2.1. Phase 1: Migrating Existing Data to IPA</h3></div></div></div><div class="para">
+ </div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">C.2.1. Phase 1: Migrating Existing Data to IPA</h3></div></div></div><div class="para">
The first phase of the migration consists of setting up IPA and migrating data from the existing DS to that used by IPA. This involves the use of the <code class="command">ipa migrate-ds</code> command, which dumps the user data from the original DS, converts it into a format suitable for use by IPA, and then loads the converted data into IPA.
</div><div class="para">
The <code class="command">ipa migrate-ds</code> command connects to the DS and binds as the <code class="systemitem">Directory Manager</code>, and then extracts all objectClass=person objects from ou=People. This can be changed using the <code class="option">--user-container</code> option. It also extracts all objects from ou=Groups. This can be changed using the <code class="option">--group-container</code> option. It adds all object classes and attributes required by IPA (if they are missing) and coverts DNs in attributes to match the IPA Directory Information Tree (DIT). The command returns an error if migration is not enabled.
</div><div class="para">
Refer to the <code class="command">ipa migrate-ds</code> help page for more details about this command (<code class="command">ipa help migrate-ds</code>).
- </div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Phase_1_Migrating_Existing_Data_to_IPA-To_migrate_existing_data_to_IPA"><h6>Procedure B.1. To migrate existing data to IPA:</h6><ol class="1"><li class="step"><div class="para">
+ </div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Phase_1_Migrating_Existing_Data_to_IPA-To_migrate_existing_data_to_IPA"><h6>Procedure C.1. To migrate existing data to IPA:</h6><ol class="1"><li class="step"><div class="para">
Install IPA, including any custom DS schema, on a different machine from the existing DS. Refer to
</div></li><li class="step"><div class="para">
Use the following command to enable IPA migration mode:
@@ -4708,7 +5361,7 @@ $ ipa-getcert stop-tracking -n Server2-Cert -d /etc/pki/nssdb
The migration log file is currently not implemented. Instead, any error messages are printed to standard output.
</div></div></div>
- </div></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration">B.2.2. Phase 2: Updating the Client Configuration</h3></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Phase_2_Updating_the_Client_Configuration-To_update_the_client_configuration"><h6>Procedure B.2. To update the client configuration:</h6><ul><li class="step"><div class="para">
+ </div></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration">C.2.2. Phase 2: Updating the Client Configuration</h3></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Phase_2_Updating_the_Client_Configuration-To_update_the_client_configuration"><h6>Procedure C.2. To update the client configuration:</h6><ul><li class="step"><div class="para">
Update the client configuration to use PAM_LDAP and NSS_LDAP to connect to IPA instead of connecting to DS, NIS, or using local files.
<div class="itemizedlist"><ul><li class="listitem"><div class="para">
If the intention is to automatically generate the Kerberos keys when a user authenticates, the configuration should use startTLS and simple bind authentication. For this to occur, the IT department needs to ensure the IPA server certificate is copied to the client.
@@ -4718,7 +5371,7 @@ $ ipa-getcert stop-tracking -n Server2-Cert -d /etc/pki/nssdb
</div></li></ul></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
You should not update your client configuration to use PAM_KRB5 and NSS_LDAP (that is, the equivalent of IPA v1) at this stage unless absolutely necessary. This is because the Kerberos keys will not yet exist in the IPA user entries, and consequently users will not be able to log in. If such a configuration is required, users can be directed to a specific web page on the IPA server after the data has been loaded into the IPA server. This page will prompt the user for their password and perform an LDAP bind. The DS password plug-in will capture these passwords and generate the Kerberos keys.
- </div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">B.2.3. Phase 3: Installing and Configuring SSSD</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Phase_3_Installing_and_Configuring_SSSD-To_install_and_configure_SSSD"><h5 class="formalpara">To install and configure SSSD:</h5>
+ </div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">C.2.3. Phase 3: Installing and Configuring SSSD</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Phase_3_Installing_and_Configuring_SSSD-To_install_and_configure_SSSD"><h5 class="formalpara">To install and configure SSSD:</h5>
<div class="orderedlist"><ol><li class="listitem"><div class="para">
Install SSSD on the machines that can support it:
</div><div class="para">
@@ -4727,24 +5380,24 @@ $ ipa-getcert stop-tracking -n Server2-Cert -d /etc/pki/nssdb
Configure SSSD to use IPA as a back end (Kerberos and LDAP). Installing SSSD and enrolling the client with IPA will ensure delivery of the machine Kerberos key and server certificate to the client. Refer to
</div></li></ol></div>
- </div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users">B.2.4. Phase 4: Migrating Users</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Phase_4_Migrating_Users-To_migrate_the_users_from_DS_to_IPA"><h5 class="formalpara">To migrate the users from DS to IPA:</h5>
+ </div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users">C.2.4. Phase 4: Migrating Users</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Phase_4_Migrating_Users-To_migrate_the_users_from_DS_to_IPA"><h5 class="formalpara">To migrate the users from DS to IPA:</h5>
<div class="orderedlist"><ol><li class="listitem"><div class="para">
- Instruct users to log in to IPA using either an SSSD client or a client that supports PAM_LDAP with startTLS and simple bind. An SSSD client configured as described in <a class="xref" href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">Section B.2.3, “Phase 3: Installing and Configuring SSSD”</a> will perform a silent migration. Clients configured with startTLS and simple bind will also trigger key generation. A Kerberos key is created the first time a user logs in, and this key is stored in the IPA back end.
+ Instruct users to log in to IPA using either an SSSD client or a client that supports PAM_LDAP with startTLS and simple bind. An SSSD client configured as described in <a class="xref" href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">Section C.2.3, “Phase 3: Installing and Configuring SSSD”</a> will perform a silent migration. Clients configured with startTLS and simple bind will also trigger key generation. A Kerberos key is created the first time a user logs in, and this key is stored in the IPA back end.
</div></li><li class="listitem"><div class="para">
As the migration of the user population progresses (that is, as the Kerberos keys are generated on the IPA server), you can begin to configure other, non-SSSD clients to suit your requirements.
</div></li></ol></div>
- </div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS">B.2.5. Phase 5: Decommission the DS</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ </div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS">C.2.5. Phase 5: Decommission the DS</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
When the migration of all clients and users is complete, decommission the DS.
- </div></li></ul></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration">B.3. Performing a Client-based Migration</h2></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_Configuring_SSSD"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_Configuring_SSSD">B.3.1. Phase 1: Installing and Configuring SSSD</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ </div></li></ul></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration">C.3. Performing a Client-based Migration</h2></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_Configuring_SSSD"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_Configuring_SSSD">C.3.1. Phase 1: Installing and Configuring SSSD</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Install SSSD first on the machines that can support it:
</div><div class="para">
<code class="command"># yum install sssd</code>
</div></li><li class="listitem"><div class="para">
Configure SSSD with the LDAP back end and point it to the existing DS deployment.
- </div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA">B.3.2. Phase 2: Migrating Existing Data to IPA</h3></div></div></div><div class="para">
- Install IPA and migrate the existing DS data as described in <a class="xref" href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">Section B.2.1, “Phase 1: Migrating Existing Data to IPA”</a>
- </div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA">B.3.3. Phase 3: Migrate SSSD Clients from LDAP to IPA</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ </div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA">C.3.2. Phase 2: Migrating Existing Data to IPA</h3></div></div></div><div class="para">
+ Install IPA and migrate the existing DS data as described in <a class="xref" href="#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">Section C.2.1, “Phase 1: Migrating Existing Data to IPA”</a>
+ </div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA">C.3.3. Phase 3: Migrate SSSD Clients from LDAP to IPA</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Start moving clients that have SSSD installed from the LDAP back end to the IPA back end, and enroll them with IPA. This will download the required keys and certificates.
</div></li><li class="listitem"><div class="para">
Instruct users to use (that is, to log in at least once) the machines with SSSD and IPA back end, or go to the web page and authenticate.
@@ -4757,9 +5410,9 @@ $ ipa-getcert stop-tracking -n Server2-Cert -d /etc/pki/nssdb
</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
It is important to include the quotes around the filter so that it is not interpreted by the shell.
- </div></div></div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients">B.3.4. Phase 4: Reconfigure non-SSSD Clients</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ </div></div></div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients">C.3.4. Phase 4: Reconfigure non-SSSD Clients</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
As the user population is migrated (the Kerberos keys are generated), you can start reconfiguring other (non‐SSSD) clients as required. The clients can be set up in any state shown on the diagram above.
- </div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server">B.3.5. Phase 5: Decommission the Directory Server</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ </div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server">C.3.5. Phase 5: Decommission the Directory Server</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
When the migration of the clients is complete, decommission the DS.
</div></li></ul></div></div></div></div><div xml:lang="en-US" class="glossary" id="Glossary" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Glossary</h2></div></div></div><div class="glossdiv"><h3 class="title">A</h3><dl><dt>access control instruction</dt><dd><p>See <a class="glosssee" href="#aci">ACI</a>.</p></dd><dt>access control list</dt><dd><p>See <a class="glosssee" href="#ACL">ACL</a>.</p></dd><dt>access rights</dt><dd><div class="para">
In the context of access control, specify the level of access granted or denied. Access rights are related to the type of operation that can be performed on the directory. The following rights can be granted or denied: read, write, add, delete, search, compare, selfwrite, proxy and all.
@@ -5097,4 +5750,4 @@ $ ipa-getcert stop-tracking -n Server2-Cert -d /etc/pki/nssdb
Speeds up the display of entries in the Directory Server Console. Virtual list view indexes can be created on any branch point in the directory tree to improve display performance.
</div><p>See Also <a class="glossseealso" href="#browsing-index">browsing index</a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">X</h3><dl><dt>X.500 standard</dt><dd><div class="para">
The set of ISO/ITU-T documents outlining the recommended information model, object classes and attributes used by directory server implementation.
-</div></dd></dl></div></div><div class="index" id="id3249495"><div class="titlepage"><div><div><h2 class="title">Index</h2></div></div></div><div class="index"></div></div></div></body></html>
+</div></dd></dl></div></div><div class="index" id="id3044115"><div class="titlepage"><div><div><h2 class="title">Index</h2></div></div></div><div class="index"><div class="indexdiv"><h3>C</h3><dl><dt>client</dt><dd><dl><dt>troubleshooting</dt><dd><dl><dt>installation, <a class="indexterm" href="#troubleshooting-client-install">Troubleshooting Client Installations</a></dt></dl></dd><dt>uninstalling, <a class="indexterm" href="#uninstalling-clients">Uninstalling a FreeIPA Client</a></dt></dl></dd></dl></div><div class="indexdiv"><h3>D</h3><dl><dt>DNS</dt><dd><dl><dt>adding zone records, <a class="indexterm" href="#Managing_DNS_Zones-Adding_Records_to_DNS_Zones">Adding Records to DNS Zones</a></dt><dt>adding zones, <a class="indexterm" href="#Managing_DNS_Zones-Adding_DNS_Zones">Adding DNS Zones</a></dt><dt>disabling zones, <a class="indexterm" href="#enabling-zones">Enabling and Disabling Zones</a></dt><dt>dynamic updates, <a class="indexterm" href="#Adding_DNS_Zones-Using_Dyn
amic_DNS_Updates">Enabling Dynamic DNS Updates</a></dt></dl></dd><dt>DNS zone records, <a class="indexterm" href="#Managing_DNS_Zones-Adding_Records_to_DNS_Zones">Adding Records to DNS Zones</a></dt><dd><dl><dt>deleting, <a class="indexterm" href="#Managing_DNS_Zones-Deleting_Records_from_DNS_Zones">Deleting Records from DNS Zones</a></dt><dt>format for adding, <a class="indexterm" href="#Managing_DNS_Zones-Adding_Records_to_DNS_Zones">Adding Records to DNS Zones</a></dt><dt>IPv4 example, <a class="indexterm" href="#Managing_DNS_Zones-Adding_Records_to_DNS_Zones">Adding Records to DNS Zones</a></dt><dt>IPv6 example, <a class="indexterm" href="#Managing_DNS_Zones-Adding_Records_to_DNS_Zones">Adding Records to DNS Zones</a></dt><dt>PTR example, <a class="indexterm" href="#Managing_DNS_Zones-Adding_Records_to_DNS_Zones">Adding Records to DNS Zones</a></dt><dt>SRV example, <a class="indexterm" href="#Managing_DNS_Zones-Adding_Records_to_DNS_Zones">Adding Records to DNS Zones</a>
</dt><dt>types of records, <a class="indexterm" href="#Managing_DNS_Zones-Adding_Records_to_DNS_Zones">Adding Records to DNS Zones</a></dt></dl></dd></dl></div><div class="indexdiv"><h3>K</h3><dl><dt>Kerberos, <a class="indexterm" href="#about-kerberos">About Kerberos</a></dt><dd><dl><dt>service principals, <a class="indexterm" href="#Configuring_Service_Principals-Creating_and_Using_Service_Principals">Creating and Using Service Principals</a></dt><dt>SSSD password cache, <a class="indexterm" href="#kerberos-pwd-cache">Caching Kerberos Passwords</a></dt><dt>ticket policies, <a class="indexterm" href="#kerb-policies">Setting Kerberos Ticket Policies</a></dt><dd><dl><dt>global, <a class="indexterm" href="#kerb-policies-global">Setting Global Ticket Policies</a></dt><dt>user-level, <a class="indexterm" href="#user-ticket-policies">Setting User-Level Ticket Policies</a></dt></dl></dd><dt>troubleshooting Windows problems, <a class="indexterm" href="#troubleshooting-client-instal
l">Troubleshooting Client Installations</a></dt></dl></dd></dl></div><div class="indexdiv"><h3>S</h3><dl><dt>service principals, <a class="indexterm" href="#Configuring_Service_Principals-Creating_and_Using_Service_Principals">Creating and Using Service Principals</a></dt><dt>SSSD</dt><dd><dl><dt>and Kerberos passwords, <a class="indexterm" href="#kerberos-pwd-cache">Caching Kerberos Passwords</a></dt><dd><dl><dt>disabling cache, <a class="indexterm" href="#kerberos-pwd-cache">Caching Kerberos Passwords</a></dt></dl></dd></dl></dd></dl></div><div class="indexdiv"><h3>T</h3><dl><dt>ticket policies, <a class="indexterm" href="#kerb-policies">Setting Kerberos Ticket Policies</a></dt><dt>troubleshooting</dt><dd><dl><dt>client installation, <a class="indexterm" href="#troubleshooting-client-install">Troubleshooting Client Installations</a></dt><dt>Kerberos on Windows, <a class="indexterm" href="#troubleshooting-client-install">Troubleshooting Client Installations</a></dt><dt>Kerb
eros, unknown server error, <a class="indexterm" href="#troubleshooting-client-install">Troubleshooting Client Installations</a></dt><dt>resolving hostnames on client, <a class="indexterm" href="#troubleshooting-client-install">Troubleshooting Client Installations</a></dt></dl></dd></dl></div><div class="indexdiv"><h3>U</h3><dl><dt>uninstalling</dt><dd><dl><dt>clients, <a class="indexterm" href="#uninstalling-clients">Uninstalling a FreeIPA Client</a></dt></dl></dd></dl></div><div class="indexdiv"><h3>W</h3><dl><dt>Windows</dt><dd><dl><dt>troubleshooting Kerberos problems, <a class="indexterm" href="#troubleshooting-client-install">Troubleshooting Client Installations</a></dt></dl></dd></dl></div><div class="indexdiv"><h3>Z</h3><dl><dt>zone records, <a class="indexterm" href="#Managing_DNS_Zones-Adding_Records_to_DNS_Zones">Adding Records to DNS Zones</a></dt><dd><dl><dt>deleting, <a class="indexterm" href="#Managing_DNS_Zones-Deleting_Records_from_DNS_Zones">Deleting Record
s from DNS Zones</a></dt><dt>format for adding, <a class="indexterm" href="#Managing_DNS_Zones-Adding_Records_to_DNS_Zones">Adding Records to DNS Zones</a></dt><dt>IPv4 example, <a class="indexterm" href="#Managing_DNS_Zones-Adding_Records_to_DNS_Zones">Adding Records to DNS Zones</a></dt><dt>IPv6 example, <a class="indexterm" href="#Managing_DNS_Zones-Adding_Records_to_DNS_Zones">Adding Records to DNS Zones</a></dt><dt>PTR example, <a class="indexterm" href="#Managing_DNS_Zones-Adding_Records_to_DNS_Zones">Adding Records to DNS Zones</a></dt><dt>SRV example, <a class="indexterm" href="#Managing_DNS_Zones-Adding_Records_to_DNS_Zones">Adding Records to DNS Zones</a></dt><dt>types, <a class="indexterm" href="#Managing_DNS_Zones-Adding_Records_to_DNS_Zones">Adding Records to DNS Zones</a></dt></dl></dd></dl></div></div></div></div></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Adding_DNS_Zones-Using_Dynamic_DNS_Updates.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Adding_DNS_Zones-Using_Dynamic_DNS_Updates.html
index 2d13c96..32cf962 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Adding_DNS_Zones-Using_Dynamic_DNS_Updates.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Adding_DNS_Zones-Using_Dynamic_DNS_Updates.html
@@ -1,14 +1,14 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.6. Enabling Dynamic DNS Updates</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.7. Enabling Dynamic DNS Updates</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Working_with_DNS.html" title="Chapter 10. Policy: Managing DNS" /><link rel="prev" href="modifying-dns-zones.html" title="10.5. Modifying DNS Zones" /><link rel="next" href="enabling-zones.html" title="10.7. Enabling and Disabling Zones" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="modifying-dns-zones.html"><strong>Prev</strong></a></li><li class
="next"><a accesskey="n" href="enabling-zones.html"><strong>Next</strong></a></li></ul><div class="section" id="Adding_DNS_Zones-Using_Dynamic_DNS_Updates"><div class="titlepage"><div><div><h2 class="title" id="Adding_DNS_Zones-Using_Dynamic_DNS_Updates">10.6. Enabling Dynamic DNS Updates</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Working_with_DNS.html" title="Chapter 10. Identity: Managing DNS" /><link rel="prev" href="modifying-dns-zones.html" title="10.6. Modifying DNS Zones" /><link rel="next" href="enabling-zones.html" title="10.8. Enabling and Disabling Zones" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="modifying-dns-zones.html"><strong>Prev</strong></a></li><li cla
ss="next"><a accesskey="n" href="enabling-zones.html"><strong>Next</strong></a></li></ul><div class="section" id="Adding_DNS_Zones-Using_Dynamic_DNS_Updates"><div class="titlepage"><div><div><h2 class="title" id="Adding_DNS_Zones-Using_Dynamic_DNS_Updates">10.7. Enabling Dynamic DNS Updates</h2></div></div></div><a id="id3129856" class="indexterm"></a><div class="para">
Dynamic DNS updates are not enabled by default for new DNS zones in FreeIPA. If dynamic updates are not allowed, then it may not be possible for the <code class="command">ipa-client-install</code> script to join a client to the domain because it cannot add a DNS record pointing to the new client.
</div><div class="para">
To allow dynamic updates to the DNS zones, set the <code class="option">--allow-dynupdate</code> option.
- </div><pre class="screen">$ ipa dnszone-mod server.example.com --allow-dynupdate</pre></div><ul class="docnav"><li class="previous"><a accesskey="p" href="modifying-dns-zones.html"><strong>Prev</strong>10.5. Modifying DNS Zones</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="enabling-zones.html"><strong>Next</strong>10.7. Enabling and Disabling Zones</a></li></ul></body></html>
+ </div><pre class="screen">$ ipa dnszone-mod server.example.com --allow-dynupdate</pre></div><ul class="docnav"><li class="previous"><a accesskey="p" href="modifying-dns-zones.html"><strong>Prev</strong>10.6. Modifying DNS Zones</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="enabling-zones.html"><strong>Next</strong>10.8. Enabling and Disabling Zones</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Client_Problems.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Client_Problems.html
index 737aa50..a5f6237 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Client_Problems.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Client_Problems.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.5. Debugging Client Connection Problems</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.5. Debugging Client Connection Problems</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_Authentication-Refreshing_Kerberos_Tickets.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_Authentication-Refreshing_Kerberos_Tickets.html
index e14ecac..dcd9052 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_Authentication-Refreshing_Kerberos_Tickets.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_Authentication-Refreshing_Kerberos_Tickets.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.4. Refreshing Kerberos Tickets</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.4. Refreshing Kerberos Tickets</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
@@ -13,28 +13,26 @@
Manually refreshing Kerberos tickets is a two step process: you first need to find all of the keytabs that are older than a certain date, and then obtain a new keytab for the host or service in question. This process is described in detail below.
</div><div class="procedure" id="Refreshing_Kerberos_Tickets-How_to_manually_refresh_Kerberos_keytabs"><h6>Procedure 6.2. How to manually refresh Kerberos keytabs</h6><ol class="1"><li class="step"><div class="para">
Find all keytabs, both for host services and for any other services, issued before today. Use the following queries (update the dates as necessary):
-<pre class="screen"><code class="command"># ldapsearch -x -b "cn=computers,cn=accounts,dc=example,dc=com"</code> <code class="command">"(&(krblastpwdchange<=20110110000000)(krblastpwdchange>=19710101000000))" dn krbprincipalname</code></pre>
+<pre class="screen"># ldapsearch -x -b "cn=computers,cn=accounts,dc=example,dc=com" "(&(krblastpwdchange<=20110110000000)(krblastpwdchange>=19710101000000))" dn krbprincipalname</pre>
-<pre class="screen"><code class="command"># ldapsearch -x -b "cn=services,cn=accounts,dc=example,dc=com"</code> <code class="command">"(&(krblastpwdchange<=20110110000000)(krblastpwdchange>=19710101000000))" dn krbprincipalname</code></pre>
+<pre class="screen"># ldapsearch -x -b "cn=services,cn=accounts,dc=example,dc=com" "(&(krblastpwdchange<=20110110000000)(krblastpwdchange>=19710101000000))" dn krbprincipalname</pre>
<div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
Dates are expressed in YYYYMMDD format, and times in HHMMSS format (GMT).
</div></div></div>
</div></li><li class="step"><div class="para">
Log into each machine and obtain a new keytab for the given service. To do this, you need to know the location of the keytab on the target system. For example, the default location for the <code class="systemitem">host/</code> principal is <code class="filename">/etc/krb5.keytab</code>. Use the <code class="command">ipa-getkeytab</code> command to retrieve a new <code class="systemitem">host/</code>principal:
-<pre class="screen"><code class="command"># ipa-getkeytab -p host/client.example.com at EXAMPLE.COM \</code>
- <code class="command">-s ipa.example.com -k /etc/krb5.keytab</code></pre>
+<pre class="screen"># ipa-getkeytab -p host/client.example.com at EXAMPLE.COM -s ipa.example.com -k /etc/krb5.keytab</pre>
</div><div class="para">
- To retrieve a new keytab for the <code class="systemitem">HTTP</code> service, run the following command instead:
-<pre class="screen"><code class="command"># ipa-getkeytab -p HTTP/client.example.com at EXAMPLE.COM \</code>
-<code class="command">-s ipa.example.com -k /etc/httpd/conf/ipa.keytab</code></pre>
+ To retrieve a new keytab for the HTTP service, run the following command instead:
+<pre class="screen"># ipa-getkeytab -p HTTP/client.example.com at EXAMPLE.COM -s ipa.example.com -k /etc/httpd/conf/ipa.keytab</pre>
</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
The <code class="command">ipa-getkeytab</code> command does not delete the old keytab in case it already exists in the file.
</div></div></div></li></ol></div><div class="para">
You can use the <code class="command">klist</code> command to view the new key version number (KVNO):
-<pre class="screen"><code class="command"># klist -kt /path/to/keytab</code></pre>
+<pre class="screen"># klist -kt /path/to/keytab</pre>
</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
Some services, such as NFSv4, only support a limited set of encryption types. Ensure that you pass the appropriate arguments to the <code class="command">ipa-getkeytab</code> command.
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_Automount-Configuring_Indirect_Maps.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_Automount-Configuring_Indirect_Maps.html
new file mode 100644
index 0000000..06e403c
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_Automount-Configuring_Indirect_Maps.html
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.4. Configuring Indirect Maps</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.15');
+
+ addID('Fedora.15.books');
+ addID('Fedora.15.FreeIPA_Guide');
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="automount.html" title="Chapter 7. Identity: Using Automount" /><link rel="prev" href="adding-locations.html" title="7.3. Configuring Locations" /><link rel="next" href="Configuring_Indirect_Maps-Configuring_Direct_Maps.html" title="7.5. Configuring Direct Maps" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="adding-locations.html"><strong>Prev</stro
ng></a></li><li class="next"><a accesskey="n" href="Configuring_Indirect_Maps-Configuring_Direct_Maps.html"><strong>Next</strong></a></li></ul><div class="section" id="Configuring_Automount-Configuring_Indirect_Maps"><div class="titlepage"><div><div><h2 class="title" id="Configuring_Automount-Configuring_Indirect_Maps">7.4. Configuring Indirect Maps</h2></div></div></div><div class="para">
+ An indirect map defines a container for mount points. For example, if you create an indirect map <code class="filename">/share</code>, then all automount keys are relative to that map. If you define an automount key <code class="systemitem">ipauser</code>, the map would appear as <code class="filename">/share/ipauser</code>. In other words, indirect maps specify relative paths. Compare this to the absolute paths specified by direct maps.
+ </div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+ Different clients can use different map sets. Map sets use a tree structure, so maps <span class="emphasis"><em>cannot</em></span> be shared between locations.
+ </div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Create a new location:
+ </div><pre class="screen">$ ipa automountlocation-add baltimore
+
+ Location: baltimore</pre></li><li class="listitem"><div class="para">
+ Create a map for man pages:
+ </div><pre class="screen">$ ipa automountmap-add baltimore auto.man
+
+ Map: auto.man</pre></li><li class="listitem"><div class="para">
+ Add this map to the location's auto.master on the mount point /usr/man:
+ </div><pre class="screen">$ ipa automountkey-add baltimore auto.master --key=/usr/man --info=auto.man
+
+ Key: /usr/man
+ Mount information: auto.man</pre></li></ol></div><div class="para">
+ Use the following command to export information on the automount configuration for a specific location. This is useful if you perform file-based automount. For example:
+ </div><pre class="screen"><code class="command">$ ipa automountlocation-tofiles baltimore</code>
+/etc/auto.master:
+/- /etc/auto.direct
+/usr/man /etc/auto.man
+---------------------------
+/etc/auto.direct:
+---------------------------
+/etc/auto.man:</pre><div class="para">
+ On <code class="systemitem">Solaris</code>, use the following arguments with the <code class="command">ldapclient</code> command:
+ </div><pre class="programlisting">-a serviceSearchDescriptor=auto_man:automountMapName=auto.man, \
+ cn=<location>,cn=automount,dc=example,dc=com?one \
+</pre></div><ul class="docnav"><li class="previous"><a accesskey="p" href="adding-locations.html"><strong>Prev</strong>7.3. Configuring Locations</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Configuring_Indirect_Maps-Configuring_Direct_Maps.html"><strong>Next</strong>7.5. Configuring Direct Maps</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_Certificates_and_Certificate_Authorities.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_Certificates_and_Certificate_Authorities.html
index f99a272..7a4447c 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_Certificates_and_Certificate_Authorities.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_Certificates_and_Certificate_Authorities.html
@@ -1,42 +1,37 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.4. Configuring Certificates and Certificate Authorities</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.4. Configuring Alternate Certificate Authorities</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 13. Configuring the FreeIPA Server" /><link rel="prev" href="Managing-Unique_UID_and_GID_Attributes.html" title="13.3. Managing Unique UID and GID Number Assignments" /><link rel="next" href="ipa-apache.html" title="13.5. Setting a FreeIPA Server as an Apache Virtual Host" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p"
href="Managing-Unique_UID_and_GID_Attributes.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ipa-apache.html"><strong>Next</strong></a></li></ul><div class="section" id="Configuring_Certificates_and_Certificate_Authorities"><div class="titlepage"><div><div><h2 class="title" id="Configuring_Certificates_and_Certificate_Authorities">13.4. Configuring Certificates and Certificate Authorities</h2></div></div></div><div class="para">
- FreeIPA creates a self-signed Certificate Authority (<abbr class="abbrev">CA</abbr>) during the installation process. If you have your own or a preferred <abbr class="abbrev">CA</abbr>, however, and want to use your own certificates, FreeIPA provides the necessary tools to import certificates for use by 389 Directory Server and the <code class="systemitem">HTTP</code> server. While not a prerequisite for the correct operation of FreeIPA, it is recommended that you save an <acronym class="acronym">ASCII</acronym> copy of your <abbr class="abbrev">CA</abbr> certificate as <code class="filename">/usr/share/ipa/html/ca.crt</code> to ensure that users download the correct certificate.
- </div><div class="section" id="Configuring_Certificates_and_Certificate_Authorities-Installing_Your_Own_Certificate"><div class="titlepage"><div><div><h3 class="title" id="Configuring_Certificates_and_Certificate_Authorities-Installing_Your_Own_Certificate">13.4.1. Installing Your Own Certificate</h3></div></div></div><div class="para">
- Use the <code class="command">ipa-server-certinstall</code> command to install your own certificate. You can install the certificate for use by 389 Directory Server, <code class="systemitem">HTTP</code> Server, or both.
- </div><pre class="screen"># /usr/sbin/ipa-server-certinstall -d /path/to/pkcs12.p12</pre></div><div class="section" id="Configuring_Certificates_and_Certificate_Authorities-Using_Your_Own_Certificate_with_Firefox"><div class="titlepage"><div><div><h3 class="title" id="Configuring_Certificates_and_Certificate_Authorities-Using_Your_Own_Certificate_with_Firefox">13.4.2. Using Your Own Certificate with Firefox</h3></div></div></div><div class="para">
- To continue using the Firefox auto-configuration feature, you need an object-signing certificate, and you need to regenerate the <code class="filename">/usr/share/ipa/html/configure.jar</code> file.
- </div><div class="orderedlist"><h6>To use your own certificate with Firefox:</h6><ol><li class="listitem"><div class="para">
- Create a suitable directory and then create the new certificate database in that directory.
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 13. Configuring the FreeIPA Server" /><link rel="prev" href="Managing-Unique_UID_and_GID_Attributes.html" title="13.3. Managing Unique UID and GID Number Assignments" /><link rel="next" href="Using_OCSP.html" title="13.5. Configuring OCSP Responders" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Managing-Unique_U
ID_and_GID_Attributes.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Using_OCSP.html"><strong>Next</strong></a></li></ul><div class="section" id="Configuring_Certificates_and_Certificate_Authorities"><div class="titlepage"><div><div><h2 class="title" id="Configuring_Certificates_and_Certificate_Authorities">13.4. Configuring Alternate Certificate Authorities</h2></div></div></div><div class="para">
+ FreeIPA creates a Dogtag Certificate System certificate authority (CA) during the server installation process. To use an external CA, it is possible to create the required server certificates and then import them into the 389 Directory Server and the HTTP server.
+ </div><div class="note"><div class="admonition_header"><h2>TIP</h2></div><div class="admonition"><div class="para">
+ Save an ASCII copy of the CA certificate as <code class="filename">/usr/share/ipa/html/ca.crt</code>. This allows users to download the correct certificate when they configure their browsers.
+ </div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Use the <code class="command">ipa-server-certinstall</code> command to install your own certificate. You can install the certificate for use by 389 Directory Server, <code class="systemitem">HTTP</code> Server, or both.
+ </div><pre class="screen"># /usr/sbin/ipa-server-certinstall -d /path/to/pkcs12.p12</pre></li><li class="listitem"><div class="para">
+ To continue using Firefox's auto-configuration, regenerate the <code class="filename">/usr/share/ipa/html/configure.jar</code> file.
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Create a directory, and then create the new security databases in that directory.
<pre class="screen"># mkdir /tmp/signdb
+
# certutil -N -d /tmp/signdb</pre>
- </div></li><li class="listitem"><div class="para">
- Import the PKCS #12 file for the signing certificate into that same directory.
-<pre class="screen"># pk12util -i /path/to/pkcs12.p12 -d /tmp/signdb</pre>
+ </div></li><li class="listitem"><div class="para">
+ Import the PKCS #12 file for the signing certificate into that directory.
+<pre class="screen"># pk12util -i <em class="replaceable"><code>/path/to/</code></em>pkcs12.p12 -d /tmp/signdb</pre>
- </div></li><li class="listitem"><div class="para">
- Make a temporary signing directory, and copy the FreeIPA javascript file to that directory.
+ </div></li><li class="listitem"><div class="para">
+ Make a temporary signing directory, and copy the FreeIPA javascript file to that directory.
<pre class="screen"># mkdir /tmp/sign
# cp /usr/share/ipa/html/preferences.html /tmp/sign</pre>
- </div></li><li class="listitem"><div class="para">
- Use the certificate you created earlier to sign the javascript file and to regenerate the <code class="filename">configure.jar</code> file.
+ </div></li><li class="listitem"><div class="para">
+ Use the object signing certificate to sign the javascript file and to regenerate the <code class="filename">configure.jar</code> file.
<pre class="screen"># signtool -d /tmp/signdb -k Signing_cert_nickname -Z /usr/share/ipa/html/configure.jar -e .html</pre>
- </div></li></ol></div></div><div class="section" id="Using_OCSP"><div class="titlepage"><div><div><h3 class="title" id="Using_OCSP">13.4.3. Using OCSP</h3></div></div></div><div class="para">
- The Online Certificate Status Protocol (OCSP) is natively provided by the CA embedded into FreeIPA. This is so that any client that supports it can use OCSP for certificate validity checks.
- </div><div class="para">
- The OCSP responder URL is encoded into the certificates issued by FreeIPA. In order for that responder to be available, port 9180 needs to be open in the firewall. The OCSP URL uses the following format:
-<pre class="screen">http://ipa.example.com:9180/ca/ocsp</pre>
-
- </div><div class="para">
- For more information on OCSP, refer to the RFC at <a href="http://www.ietf.org/rfc/rfc2560.txt">http://www.ietf.org/rfc/rfc2560.txt</a>.
- </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Managing-Unique_UID_and_GID_Attributes.html"><strong>Prev</strong>13.3. Managing Unique UID and GID Number Assignme...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ipa-apache.html"><strong>Next</strong>13.5. Setting a FreeIPA Server as an Apache Virtu...</a></li></ul></body></html>
+ </div></li></ol></div></li></ol></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Managing-Unique_UID_and_GID_Attributes.html"><strong>Prev</strong>13.3. Managing Unique UID and GID Number Assignme...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Using_OCSP.html"><strong>Next</strong>13.5. Configuring OCSP Responders</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html
index e73ad49..d5c62c3 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.4. Activating and Deactivating User Accounts</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.4. Activating and Deactivating User Accounts</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_IPA_Users-Deleting_IPA_Users.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_IPA_Users-Deleting_IPA_Users.html
index 565095b..ac47689 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_IPA_Users-Deleting_IPA_Users.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_IPA_Users-Deleting_IPA_Users.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.7. Deleting FreeIPA Users</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.7. Deleting FreeIPA Users</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_IPA_Users-Specifying_Default_User_Settings.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_IPA_Users-Specifying_Default_User_Settings.html
index 9c23ba4..bc178c6 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_IPA_Users-Specifying_Default_User_Settings.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_IPA_Users-Specifying_Default_User_Settings.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.5. Specifying Default User Settings</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.5. Specifying Default User Settings</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_Indirect_Maps-Configuring_Direct_Maps.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_Indirect_Maps-Configuring_Direct_Maps.html
new file mode 100644
index 0000000..06d5013
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_Indirect_Maps-Configuring_Direct_Maps.html
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.5. Configuring Direct Maps</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.15');
+
+ addID('Fedora.15.books');
+ addID('Fedora.15.FreeIPA_Guide');
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="automount.html" title="Chapter 7. Identity: Using Automount" /><link rel="prev" href="Configuring_Automount-Configuring_Indirect_Maps.html" title="7.4. Configuring Indirect Maps" /><link rel="next" href="active-directory.html" title="Chapter 8. Identity: Integrating with Microsoft Active Directory" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Co
nfiguring_Automount-Configuring_Indirect_Maps.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="active-directory.html"><strong>Next</strong></a></li></ul><div class="section" id="Configuring_Indirect_Maps-Configuring_Direct_Maps"><div class="titlepage"><div><div><h2 class="title" id="Configuring_Indirect_Maps-Configuring_Direct_Maps">7.5. Configuring Direct Maps</h2></div></div></div><div class="para">
+ Direct maps list exact locations to mount specified maps, for example <code class="filename">/usr/local/bin</code> or <code class="filename">/mnt</code>. That is, they specify absolute paths as mount points. Compare this to the relative paths specified by indirect maps.
+ </div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+ Different clients can use different map sets. Map sets use a tree structure, so maps <span class="emphasis"><em>cannot</em></span> be shared between locations.
+ </div></div></div><div class="para">
+ To add a direct map configuration, FreeIPA requires a number of modifications to the <code class="filename">auto.direct</code> file. The following two entries are created during the installation process:
+ </div><pre class="programlisting">dn: automountkey=/-,automountmapname=auto.master,cn=default,cn=automount,dc=example,dc=com
+ objectClass: automount
+ automountKey: '/-'
+ automountInformation: auto.direct
+</pre><pre class="programlisting">automountmapname=auto.direct,cn=default,cn=automount,dc=example,dc=com
+ objectClass: automountMap
+ automountMapName: auto.direct
+</pre><div class="para">
+ Use the following procedure to add a mount to this direct map for the <code class="filename">/share</code> directory:
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Create a new location:
+ </div><pre class="screen"><code class="command">$ ipa automountlocation-add brisbane</code>
+ Location: brisbane</pre></li><li class="listitem"><div class="para">
+ Add the map to the location's <code class="filename">auto.direct</code> file on the mount point <code class="filename">/share</code>:
+ </div><pre class="screen">$ ipa automountkey-add brisbane auto.direct --key=/share --info="-ro,soft, ipaserver.ipadocs.org:/home/share"
+ Key: /share
+ Mount information: -ro,soft, ipaserver.ipadocs.org:/home/share</pre></li></ol></div><div class="para">
+ On <code class="systemitem">Solaris</code>, use the following arguments with the <code class="command">ldapclient</code> command:
+ </div><pre class="programlisting">-a serviceSearchDescriptor=auto_direct:automountMapName=auto.direct,cn=<location>,cn=automount,dc=example,dc=com?one</pre></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Configuring_Automount-Configuring_Indirect_Maps.html"><strong>Prev</strong>7.4. Configuring Indirect Maps</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="active-directory.html"><strong>Next</strong>Chapter 8. Identity: Integrating with Microsoft A...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_Microsoft_Windows.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_Microsoft_Windows.html
index f1e6484..850498e 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_Microsoft_Windows.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_Microsoft_Windows.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.3. Configuring a Microsoft Windows System as a FreeIPA Client</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.3. Configuring a Microsoft Windows System as a FreeIPA Client</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_Service_Principals-Creating_and_Using_Service_Principals.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_Service_Principals-Creating_and_Using_Service_Principals.html
index 13f2140..cd6b88f 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_Service_Principals-Creating_and_Using_Service_Principals.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_Service_Principals-Creating_and_Using_Service_Principals.html
@@ -1,30 +1,29 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.3. Creating and Using Service Principals</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.3. Creating and Using Service Principals</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="kerberos.html" title="Chapter 6. Identity: Using FreeIPA for a Kerberos Domain" /><link rel="prev" href="kerb-policies.html" title="6.2. Setting Kerberos Ticket Policies" /><link rel="next" href="Configuring_Authentication-Refreshing_Kerberos_Tickets.html" title="6.4. Refreshing Kerberos Tickets" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="kerb-
policies.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Configuring_Authentication-Refreshing_Kerberos_Tickets.html"><strong>Next</strong></a></li></ul><div class="section" id="Configuring_Service_Principals-Creating_and_Using_Service_Principals"><div class="titlepage"><div><div><h2 class="title" id="Configuring_Service_Principals-Creating_and_Using_Service_Principals">6.3. Creating and Using Service Principals</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="kerberos.html" title="Chapter 6. Identity: Using FreeIPA for a Kerberos Domain" /><link rel="prev" href="kerb-policies.html" title="6.2. Setting Kerberos Ticket Policies" /><link rel="next" href="Configuring_Authentication-Refreshing_Kerberos_Tickets.html" title="6.4. Refreshing Kerberos Tickets" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="kerb-
policies.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Configuring_Authentication-Refreshing_Kerberos_Tickets.html"><strong>Next</strong></a></li></ul><div class="section" id="Configuring_Service_Principals-Creating_and_Using_Service_Principals"><div class="titlepage"><div><div><h2 class="title" id="Configuring_Service_Principals-Creating_and_Using_Service_Principals">6.3. Creating and Using Service Principals</h2></div></div></div><a id="id3126320" class="indexterm"></a><a id="id3126327" class="indexterm"></a><div class="para">
You can use the web interface to create service principals and also to search for existing service principals. For security and other reasons, however, it is not possible to retrieve a keytab using the web interface. This has to be done either on the command line on the system where the service is accessed, or on the FreeIPA server itself, and the keytab then exported to the client host.
</div><div class="para">
- The following example demonstrates creating a service principal and keytab on a client host for the <code class="systemitem">HTTP</code> service. In this example, the client host is <code class="systemitem">ipaclient.example.com</code> and the FreeIPA server is <code class="systemitem">ipaserver.example.com</code>:
-<pre class="screen"><code class="command"># kinit admin</code>
-<code class="command"># ipa host-add ipaclient.example.com</code>
-<code class="command"># ipa service-add HTTP/ipaclient.example.com at EXAMPLE.COM</code>
-<code class="command"># ipa-getkeytab -s ipaserver.example.com -p HTTP/ipaclient.example.com /</code>
-<code class="command">-k /etc/httpd/conf/ipa.keytab</code></pre>
+ The following example demonstrates creating a service principal and keytab on a client host for the HTTP service. In this example, the client host is <code class="systemitem">ipaclient.example.com</code> and the FreeIPA server is <code class="systemitem">ipaserver.example.com</code>:
+<pre class="screen"># kinit admin
+# ipa host-add ipaclient.example.com
+# ipa service-add HTTP/ipaclient.example.com at EXAMPLE.COM
+# ipa-getkeytab -s ipaserver.example.com -p HTTP/ipaclient.example.com -k /etc/httpd/conf/ipa.keytab</pre>
</div><div class="para">
- Note the location of the keytab. By default, <span class="application"><strong>FreeIPA</strong></span> saves its <code class="systemitem">HTTP</code> keytab to <code class="filename">/etc/httpd/conf/ipa.keytab</code>. This keytab is used in the webUI, and so you should be aware that if a key were stored in <code class="filename">ipa.keytab</code> and you later deleted that keytab file, the FreeIPA interface would stop working, because the original key would also be deleted.
+ Note the location of the keytab. By default, FreeIPA saves its HTTP keytab to <code class="filename">/etc/httpd/conf/ipa.keytab</code>. This keytab is used in the webUI, and so you should be aware that if a key were stored in <code class="filename">ipa.keytab</code> and you later deleted that keytab file, the FreeIPA interface would stop working, because the original key would also be deleted.
</div><div class="para">
Similar locations can be specified for each service that needs to be made Kerberos aware. There is no specific location that must be used, but, when using <code class="command">ipa-getkeytab</code>, you should avoid using <code class="filename">/etc/krb5.keytab</code>. This file should not contain service-specific keytabs; each service should have its keytab saved in a specific location and the access privileges (and possibly SELinux rules) should be configured so that only this service has access to the keytab.
</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- The realm name is optional. The FreeIPA server automatically appends the <code class="systemitem">Kerberos</code> realm for which it is configured. You cannot specify a different realm.
+ The realm name is optional. The FreeIPA server automatically appends the Kerberos realm for which it is configured. You cannot specify a different realm.
</div></li><li class="listitem"><div class="para">
- The hostname must resolve to a <code class="systemitem">DNS</code> A record for it to work with <code class="systemitem">Kerberos</code>. You can use the <code class="option">--force</code> flag to force the creation of a principal should this prove necessary.
+ The hostname must resolve to a DNS A record for it to work with Kerberos. You can use the <code class="option">--force</code> flag to force the creation of a principal should this prove necessary.
</div></li><li class="listitem"><div class="para">
The <code class="command">ipa-getkeytab</code> command is part of the <span class="package">freeipa-client</span> package, which is only available for Fedora 15 or later. For other clients, you need to use this procedure on the server and manually copy the keytab to the client.
</div></li><li class="listitem"><div class="para">
@@ -35,7 +34,7 @@
FreeIPA provides a range of tools and commands to facilitate the creation and administration of services and the service principals and certificates required to use them. Some of this can be automated, but there will always be a certain amount of manual intervention required to create services and certificates after the initial joining of a host to a realm. These requirements and procedures are discussed in the following sections.
</div><div class="section" id="Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service"><div class="titlepage"><div><div><h3 class="title" id="Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service">6.3.1. Creating a FreeIPA Service</h3></div></div></div><div class="formalpara" id="Creating_an_IPA_Service-Prerequisites"><h5 class="formalpara">Prerequisites</h5>
Before you can create a service for a FreeIPA host, you need to ensure that the host exists. This should be true if it has already joined the realm. Use the following command to determine if the host exists:
-<pre class="screen"><code class="command"># ipa host-show myserver.mydomain.net</code></pre>
+<pre class="screen"># ipa host-show myserver.mydomain.net</pre>
</div><div class="para">
If the host does <span class="emphasis"><em>not</em></span> exist in the realm, you will see an error message similar to the following:
@@ -43,7 +42,7 @@
</div><div class="formalpara" id="Creating_an_IPA_Service-To_create_an_IPA_service"><h5 class="formalpara">To create a FreeIPA service:</h5>
Use the following command to create a service for that host:
-<pre class="screen"><code class="command"># ipa service-add test/myserver.mydomain.net</code></pre>
+<pre class="screen"># ipa service-add test/myserver.mydomain.net</pre>
</div><div class="para">
This will produce output similar to the following:
@@ -54,13 +53,13 @@ Added service "test/myserver.mydomain.net at MYDOMAIN.NET"
Principal: test/myserver.mydomain.net at MYDOMAIN.NET
Managed by: myserver.mydomain.net</pre><div class="section" id="Creating_an_IPA_Service-Requesting_a_Certificate_for_a_Service"><div class="titlepage"><div><div><h4 class="title" id="Creating_an_IPA_Service-Requesting_a_Certificate_for_a_Service">6.3.1.1. Requesting a Certificate for a Service</h4></div></div></div><div class="para">
Use the following command to request a certificate for the new service. The certificate request is contained in the <code class="filename">example.csr</code> file.
-<pre class="screen"><code class="command"># ipa cert-request --principal=test/myserver.mydomain.net example.csr </code></pre>
+<pre class="screen"># ipa cert-request --principal=test/myserver.mydomain.net example.csr</pre>
</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
You can use the <code class="option">--add</code> option to create the service when requesting the certificate.
</div></div></div><div class="para">
If necessary, create the CSR file using openssl. The following is an example session creating such a file:
- </div><pre class="screen"><code class="command"># openssl req -out example.csr -new -newkey rsa:2048 -nodes -keyout private.key</code>
+ </div><pre class="screen"># openssl req -out example.csr -new -newkey rsa:2048 -nodes -keyout private.key
Generating a 2048 bit RSA private key
.........................................................+++
.............................+++
@@ -86,24 +85,24 @@ to be sent with your certificate request
A challenge password []:
An optional company name []:</pre></div><div class="section" id="Creating_an_IPA_Service-Using_certmonger_to_Manage_Certificate_Requests"><div class="titlepage"><div><div><h4 class="title" id="Creating_an_IPA_Service-Using_certmonger_to_Manage_Certificate_Requests">6.3.1.2. Using certmonger to Manage Certificate Requests</h4></div></div></div><div class="para">
You can also use <span class="application"><strong>certmonger</strong></span> to manage the certificate request process for you. Use the following command to request a certificate:
-<pre class="screen"><code class="command"># ipa-getcert request -d /etc/pki/nssdb -n Server-Cert</code></pre>
+<pre class="screen"># ipa-getcert request -d /etc/pki/nssdb -n Server-Cert</pre>
</div><div class="para">
The <code class="filename">/etc/pki/nssdb</code> file is the global NSS database, and <code class="literal">Server-Cert</code> is the nickname of this certificate. There is nothing special about this name; it can be anything, but it does need to be unique within this database. Use the <code class="command">ipa-getcert list</code> command to display the current status of certificates managed by <span class="application"><strong>certmonger</strong></span>.
</div><div class="para">
If you use <span class="application"><strong>certmonger</strong></span> to request a certificate for a service, you need to use the <code class="option">-K <principal></code> option. Without this option, <span class="application"><strong>certmonger</strong></span> assumes it is requesting a certificate for the host service (host/fqdn at REALM). For example:
- </div><pre class="screen"><code class="command"># ipa-getcert request -d /etc/httpd/alias -n Server-Cert -K</code>
-<code class="command">HTTP/myserver.mydomain.net at MYDOMAIN.NET -N 'CN=myserver.mydomain.net,O=MYDOMAIN.NET'</code></pre><div class="para">
+ </div><pre class="screen"># ipa-getcert request -d /etc/httpd/alias -n Server-Cert -K
+HTTP/myserver.mydomain.net at MYDOMAIN.NET -N 'CN=myserver.mydomain.net,O=MYDOMAIN.NET'</pre><div class="para">
You need to use the <code class="option">-N</code> option to specify the subject when using the <code class="option">-K</code> option. The subject format is as follows: CN=<fqdn>,O=<subject base>
</div><div class="para">
You can configure the FreeIPA subject base as part of the FreeIPA server installation process; the default value is the same as the default value for the realm name, which is derived from the hostname by default. Use the following command to determine the subject base:
-<pre class="screen"><code class="command">$ ipa config-show | grep -i subject</code></pre>
+<pre class="screen">$ ipa config-show | grep -i subject</pre>
FreeIPA will reject requests with invalid subject base values.
</div></div><div class="section" id="Creating_an_IPA_Service-Using_NSS"><div class="titlepage"><div><div><h4 class="title" id="Creating_an_IPA_Service-Using_NSS">6.3.1.3. Using NSS</h4></div></div></div><div class="para">
If you need to create an NSS database in which to store your key, use the <code class="command">certutil</code> command as follows:
-<pre class="screen"><code class="command">$ certutil -N -d /path/to/database/dir</code>
-<code class="command">$ certutil -R -s "CN=myserver.mydomain.net, O=MYDOMAIN.NET" \</code>
-<code class="command">-d /path/to/database/dir -a > example.csr</code></pre>
+<pre class="screen">$ certutil -N -d /path/to/database/dir
+
+$ certutil -R -s "CN=myserver.mydomain.net, O=MYDOMAIN.NET" -d /path/to/database/dir -a > example.csr</pre>
</div><div class="formalpara" id="Using_NSS-CSR_File_Formats"><h5 class="formalpara">CSR File Formats</h5>
The format of the CSR is partly dependent upon the CA back end you are using.
@@ -111,16 +110,16 @@ An optional company name []:</pre></div><div class="section" id="Creating_an_IPA
If you are using Dogtag, then the Common Name (CN) is the only part of the request subject that is used; all other components are ignored.
</div><div class="para">
If you are using the selfsigned CA back end, then the subject must match the configured certificate subject base. You can find this with:
- </div><pre class="screen"><code class="command">$ ipa config-show | grep -i subject</code>
+ </div><pre class="screen">$ ipa config-show | grep -i subject
Certificate Subject base: O=MYDOMAIN.NET</pre><div class="para">
This means you need to use MYDOMAIN.NET for the organization. FreeIPA will reject requests whose subject base differs from this value.
</div></div></div><div class="section" id="Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server"><div class="titlepage"><div><div><h3 class="title" id="Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server">6.3.2. Configuring an NFS Service Principal on the FreeIPA Server</h3></div></div></div><div class="para">
- The following procedure describes how to configure <code class="systemitem">NFS</code> on the FreeIPA server and to set up an <code class="systemitem">NFS</code> service principal.
- </div><div class="procedure" id="Configuring_an_NFS_Service_Principal_on_the_IPA_Server-Configuring_NFS_on_the_IPA_Server"><h6>Procedure 6.1. Configuring <code class="systemitem">NFS</code> on the FreeIPA Server</h6><ol class="1"><li class="step"><div class="para">
+ The following procedure describes how to configure NFS on the FreeIPA server and to set up an NFS service principal.
+ </div><div class="procedure" id="Configuring_an_NFS_Service_Principal_on_the_IPA_Server-Configuring_NFS_on_the_IPA_Server"><h6>Procedure 6.1. Configuring NFS on the FreeIPA Server</h6><ol class="1"><li class="step"><div class="para">
Configure the export directory.
-<pre class="screen"><code class="command"># mkdir /export</code>
-<code class="command"># chmod 777 /export</code></pre>
+<pre class="screen"># mkdir /export
+# chmod 777 /export</pre>
</div></li><li class="step"><div class="para">
Configure the <code class="filename">/etc/exports</code> file as follows:
@@ -133,17 +132,17 @@ Certificate Subject base: O=MYDOMAIN.NET</pre><div class="para">
</pre>
</div></li><li class="step"><div class="para">
- To enable secure <code class="systemitem">NFS</code>, add the following line to <code class="filename">/etc/sysconfig/nfs</code>
+ To enable secure NFS, add the following line to <code class="filename">/etc/sysconfig/nfs</code>:
</div><div class="para">
<pre class="programlisting">SECURE_NFS=yes
</pre>
</div></li><li class="step"><div class="para">
- Add a service principal and keytab for <code class="systemitem">NFS</code>.
-<pre class="screen"><code class="command"># ipa service-add nfs/ipaserver.example.com</code>
-<code class="command"># ipa-getkeytab -s ipaserver.example.com -p nfs/ipaserver.example.com \</code>
- <code class="command">-k /etc/nfs/conf/nfs.keytab</code></pre>
+ Add a service principal and keytab for NFS.
+<pre class="screen"># ipa service-add nfs/ipaserver.example.com
+
+# ipa-getkeytab -s ipaserver.example.com -p nfs/ipaserver.example.com -k /etc/nfs/conf/nfs.keytab</pre>
</div><div class="note"><div class="admonition_header"><h2>NFS Encryption Support</h2></div><div class="admonition"><div class="para">
Some versions of the Linux NFS implementation have limited encryption type support. If your NFS server is hosted on an older Fedora machine, you may need to use the <code class="option">-e des-cbc-crc</code> option to the <code class="command">ipa-getkeytab</code> command for any nfs/<FQDN> service keytabs you want to set up, both on the server and on all clients. This instructs the KDC to generate only DES keys.
@@ -151,10 +150,10 @@ Certificate Subject base: O=MYDOMAIN.NET</pre><div class="para">
If you use this option to generate DES keys, then all clients and servers that rely on this encryption type need to have the <code class="option">allow_weak_crypto</code> option enabled in the [libdefaults] section of the <code class="filename">/etc/krb5.conf</code> file. Without these configuration changes, NFS clients and servers will be unable to authenticate to each other, and attempts to mount NFS filesystems may fail. The client's <code class="systemitem">rpc.gssd</code> and the server's <code class="systemitem">rpc.svcgssd</code> daemons may log errors indicating that DES encryption types are not permitted.
</div></div></div></li><li class="step"><div class="para">
Run the following commands to reload the NFS configuration and restart the required services:
-<pre class="screen"><code class="command"># exportfs -a</code>
-<code class="command"># restart services</code>
-<code class="command"># service nfs restart</code>
-<code class="command"># service rpcgssd restart -k /etc/nfs/conf/nfs.keytab</code></pre>
+<pre class="screen"># exportfs -a
+# restart services
+# service nfs restart
+# service rpcgssd restart -k /etc/nfs/conf/nfs.keytab</pre>
</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
Note the use of the <code class="option">-k</code> option when restarting <code class="systemitem">rpcgssd</code>. This is necessary to update the NFS configuration with the path to the NFS keytab.
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System.html
index 079de15..eb50ca2 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5. Using a Browser on Another System</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.5. Using a Browser on Another System</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_AIX.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_AIX.html
index 8eab75c..e6bc28e 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_AIX.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_AIX.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.6. Configuring an AIX System as a FreeIPA Client</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.6. Configuring an AIX System as a FreeIPA Client</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_HP_UX.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_HP_UX.html
index f842ef5..08f54ea 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_HP_UX.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_HP_UX.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.5. Configuring an HP-UX System as a FreeIPA</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.5. Configuring an HP-UX System as a FreeIPA</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Macintosh_OS_X.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Macintosh_OS_X.html
index b332a44..f909413 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Macintosh_OS_X.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Macintosh_OS_X.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.7. Configuring a Macintosh OS X System as a FreeIPA Client</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.7. Configuring a Macintosh OS X System as a FreeIPA Client</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="setting-up-clients.html" title="Chapter 2. Setting up Systems as FreeIPA Clients" /><link rel="prev" href="Configuring_an_IPA_Client_on_AIX.html" title="2.6. Configuring an AIX System as a FreeIPA Client" /><link rel="next" href="uninstalling-clients.html" title="2.8. Uninstalling a FreeIPA Client" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Con
figuring_an_IPA_Client_on_AIX.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="uninstalling-clients.html"><strong>Next</strong></a></li></ul><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X"><div class="titlepage"><div><div><h2 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X">2.7. Configuring a Macintosh OS X System as a FreeIPA Client</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="setting-up-clients.html" title="Chapter 2. Setting up Systems as FreeIPA Clients" /><link rel="prev" href="Configuring_an_IPA_Client_on_AIX.html" title="2.6. Configuring an AIX System as a FreeIPA Client" /><link rel="next" href="troubleshooting-client-install.html" title="2.8. Troubleshooting Client Installations" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a access
key="p" href="Configuring_an_IPA_Client_on_AIX.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="troubleshooting-client-install.html"><strong>Next</strong></a></li></ul><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X"><div class="titlepage"><div><div><h2 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X">2.7. Configuring a Macintosh OS X System as a FreeIPA Client</h2></div></div></div><div class="para">
These instructions are specific to Mac OS X 10.4 (Tiger) because this version includes the required Kerberos tools by default.
</div><div class="section" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication"><div class="titlepage"><div><div><h3 class="title" id="Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication">2.7.1. Configuring Kerberos Authentication</h3></div></div></div><div class="para">
Configuring the Macintosh to use Kerberos for authentication with FreeIPA is a two-step process. First, Kerberos needs to be correctly installed and configured. Then, Kerberos authentication needs to be enabled.
@@ -195,4 +195,4 @@ Valid starting Expires Service principal
Kerberos 4 ticket cache: /tmp/tkt10678
klist: You have no tickets cached</pre>
- </div></li></ol></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Configuring_an_IPA_Client_on_AIX.html"><strong>Prev</strong>2.6. Configuring an AIX System as a FreeIPA Client</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="uninstalling-clients.html"><strong>Next</strong>2.8. Uninstalling a FreeIPA Client</a></li></ul></body></html>
+ </div></li></ol></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Configuring_an_IPA_Client_on_AIX.html"><strong>Prev</strong>2.6. Configuring an AIX System as a FreeIPA Client</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="troubleshooting-client-install.html"><strong>Next</strong>2.8. Troubleshooting Client Installations</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html
index f0d505d..a3efaf5 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.4. Configuring a Solaris System as a FreeIPA Client</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.4. Configuring a Solaris System as a FreeIPA Client</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Document_Conventions.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Document_Conventions.html
index f1e2bdf..1b86d63 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Document_Conventions.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Document_Conventions.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2. Examples and Formatting</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2. Examples and Formatting</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Enabling_UsernamePassword_Authentication_in_Your_Browser.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Enabling_UsernamePassword_Authentication_in_Your_Browser.html
index 0c955a5..02080c3 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Enabling_UsernamePassword_Authentication_in_Your_Browser.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Enabling_UsernamePassword_Authentication_in_Your_Browser.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6. Enabling Username/Password Authentication in Your Browser</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.6. Enabling Username/Password Authentication in Your Browser</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Extending_the_Permissions_of_IPA_Managed_Hosts.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Extending_the_Permissions_of_IPA_Managed_Hosts.html
index 26b963e..cb06c14 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Extending_the_Permissions_of_IPA_Managed_Hosts.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Extending_the_Permissions_of_IPA_Managed_Hosts.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.3. Extending the Permissions of FreeIPA Managed Hosts</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.3. Extending the Permissions of FreeIPA Managed Hosts</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/General_Troubleshooting_Tips-Kerberos_Errors.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/General_Troubleshooting_Tips-Kerberos_Errors.html
index 6b599ff..e15751b 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/General_Troubleshooting_Tips-Kerberos_Errors.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/General_Troubleshooting_Tips-Kerberos_Errors.html
@@ -1,13 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.6. Kerberos Errors</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
- addID('Fedora');
-
- addID('Fedora.15');
-
- addID('Fedora.15.books');
- addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="kerberos.html" title="Chapter 6. Identity: Using FreeIPA for a Kerberos Domain" /><link rel="prev" href="rotating-keys.html" title="6.5. Rotating Keys" /><link rel="next" href="automount.html" title="Chapter 7. Identity: Using Automount" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="rotating-keys.html"><strong>Prev</strong></a></li><li class="nex
t"><a accesskey="n" href="automount.html"><strong>Next</strong></a></li></ul><div class="section" id="General_Troubleshooting_Tips-Kerberos_Errors"><div class="titlepage"><div><div><h2 class="title" id="General_Troubleshooting_Tips-Kerberos_Errors">6.6. Kerberos Errors</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.6. Kerberos Errors</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="kerberos.html" title="Chapter 6. Identity: Using FreeIPA for a Kerberos Domain" /><link rel="prev" href="rotating-keys.html" title="6.5. Rotating Keys" /><link rel="next" href="automount.html" title="Chapter 7. Identity: Using Automount" /></head><body><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproj
ect.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="rotating-keys.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="automount.html"><strong>Next</strong></a></li></ul><div class="section" id="General_Troubleshooting_Tips-Kerberos_Errors"><div class="titlepage"><div><div><h2 class="title" id="General_Troubleshooting_Tips-Kerberos_Errors">6.6. Kerberos Errors</h2></div></div></div><div class="para">
If <code class="command">kinit</code> fails or you see an unusual Kerberos error back in the framework, inspect the following files for possible causes:
<div class="itemizedlist"><ul><li class="listitem"><div class="para">
On the server: <code class="filename">/var/log/krb5kdc.log</code>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Glossary.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Glossary.html
index f8df540..f135238 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Glossary.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Glossary.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Glossary</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Glossary</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html" title="B.3. Performing a Client-based Migration" /><link rel="next" href="ix01.html" title="Index" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="s
ect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ix01.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="glossary" id="Glossary" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Glossary</h2></div></div></div><div class="glossdiv"><h3 class="title">A</h3><dl><dt>access control instruction</dt><dd><p>See <a class="glosssee" href="Glossary.html#aci">ACI</a>.</p></dd><dt>access control list</dt><dd><p>See <a class="glosssee" href="Glossary.html#ACL">ACL</a>.</p></dd><dt>access rights</dt><dd><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html" title="C.3. Performing a Client-based Migration" /><link rel="next" href="ix01.html" title="Index" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="s
ect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ix01.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="glossary" id="Glossary" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Glossary</h2></div></div></div><div class="glossdiv"><h3 class="title">A</h3><dl><dt>access control instruction</dt><dd><p>See <a class="glosssee" href="Glossary.html#aci">ACI</a>.</p></dd><dt>access control list</dt><dd><p>See <a class="glosssee" href="Glossary.html#ACL">ACL</a>.</p></dd><dt>access rights</dt><dd><div class="para">
In the context of access control, specify the level of access granted or denied. Access rights are related to the type of operation that can be performed on the directory. The following rights can be granted or denied: read, write, add, delete, search, compare, selfwrite, proxy and all.
</div></dd><dt>account inactivation</dt><dd><div class="para">
Disables a user account, group of accounts, or an entire domain so that all authentication attempts are automatically rejected.
@@ -343,4 +343,4 @@
Speeds up the display of entries in the Directory Server Console. Virtual list view indexes can be created on any branch point in the directory tree to improve display performance.
</div><p>See Also <a class="glossseealso" href="Glossary.html#browsing-index">browsing index</a>.</p></dd></dl></div><div class="glossdiv"><h3 class="title">X</h3><dl><dt>X.500 standard</dt><dd><div class="para">
The set of ISO/ITU-T documents outlining the recommended information model, object classes and attributes used by directory server implementation.
-</div></dd></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html"><strong>Prev</strong>B.3. Performing a Client-based Migration</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ix01.html"><strong>Next</strong>Index</a></li></ul></body></html>
+</div></dd></dl></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html"><strong>Prev</strong>C.3. Performing a Client-based Migration</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ix01.html"><strong>Next</strong>Index</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Installing_the_IPA_Client_on_Linux.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Installing_the_IPA_Client_on_Linux.html
index 2b673b9..7322136 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Installing_the_IPA_Client_on_Linux.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Installing_the_IPA_Client_on_Linux.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.2. Configuring a Fedora System as a FreeIPA Client</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.2. Configuring a Fedora System as a FreeIPA Client</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
@@ -25,7 +25,11 @@
If the FreeIPA server is configured as the DNS server and is in the same domain as the client, add the server's IP address as the first entry in the client's <code class="filename">/etc/resolv.conf</code> file.
</div></li><li class="listitem"><div class="para">
Run the client setup command.
- </div><pre class="programlisting"><span class="perl_Comment"># ipa-client-install</span></pre></li><li class="listitem"><div class="para">
+ </div><pre class="programlisting"><span class="perl_Comment"># ipa-client-install --enable-dns-updates</span></pre><div class="para">
+ The <code class="option">--enable-dns-updates</code> option updates DNS with the client machine's IP address. Other options for <code class="command">ipa-client-install</code> are listed in <a class="xref" href="client-tools.html#ipa-client-install">Section B.3.1, “ipa-client-install”</a>.
+ </div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+ There is an <code class="option">--on-master</code> option that is used as part of configuring an FreeIPA server (which also is an FreeIPA client, since it is within the domain). This option should <span class="emphasis"><em>never</em></span> be used when configuring a regular FreeIPA client, because it results in slightly different client configuration which may not work on a non-FreeIPA server machine.
+ </div></div></div></li><li class="listitem"><div class="para">
If prompted, enter the domain name for the FreeIPA's DNS domain.
</div><pre class="programlisting">DNS discovery failed to determine your DNS domain
Please provide the domain name of your IPA server <span class="perl_Keyword">(</span>ex: example.com<span class="perl_Keyword">)</span>: example.com</pre></li><li class="listitem"><div class="para">
@@ -35,7 +39,7 @@ Please provide your IPA server name <span class="perl_Keyword">(</span>ex: ipa.e
The client script then prompts for a Kerberos identity to use to contact and then join the Kerberos realm. When these credentials are supplied, then the client is able to join the FreeIPA Kerberos domain and then complete the configuration:
</div><pre class="screen">
Continue to configure the system with these values? [no]: yes
-Enrollment principal: admin
+User authorized to enroll computers: admin
Password for admin at EXAMPLE.COM:
Enrolled in FreeIPA realm EXAMPLE.COM
Created /etc/ipa/default.conf
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Installing_the_IPA_Server_Packages.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Installing_the_IPA_Server_Packages.html
index 5b5f15a..4dc8ca3 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Installing_the_IPA_Server_Packages.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Installing_the_IPA_Server_Packages.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2. Installing the FreeIPA Server Packages</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.2. Installing the FreeIPA Server Packages</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Kerberos_Errors.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Kerberos_Errors.html
new file mode 100644
index 0000000..dcff6df
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Kerberos_Errors.html
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.7. Troubleshooting Kerberos Errors</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.15');
+
+ addID('Fedora.15.books');
+ addID('Fedora.15.FreeIPA_Guide');
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="kerberos.html" title="Chapter 6. Identity: Using FreeIPA for a Kerberos Domain" /><link rel="prev" href="kerberos-pwd-cache.html" title="6.6. Caching Kerberos Passwords" /><link rel="next" href="automount.html" title="Chapter 7. Identity: Using Automount" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="kerberos-pwd-cache.html"><strong>Prev</strong>
</a></li><li class="next"><a accesskey="n" href="automount.html"><strong>Next</strong></a></li></ul><div class="section" id="Kerberos_Errors"><div class="titlepage"><div><div><h2 class="title" id="Kerberos_Errors">6.7. Troubleshooting Kerberos Errors</h2></div></div></div><div class="para">
+ If <code class="command">kinit</code> fails or you see an unusual Kerberos error back in the framework, inspect the following files for possible causes:
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ On the server, look at the KDC log in <code class="filename">/var/log/krb5kdc.log</code>.
+ </div></li><li class="listitem"><div class="para">
+ For FreeIPA errors, also look in <code class="filename">/var/log/httpd/error_log</code>.
+ </div></li></ul></div>
+
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="kerberos-pwd-cache.html"><strong>Prev</strong>6.6. Caching Kerberos Passwords</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="automount.html"><strong>Next</strong>Chapter 7. Identity: Using Automount</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Managing-Unique_UID_and_GID_Attributes.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Managing-Unique_UID_and_GID_Attributes.html
index ec34864..954be4b 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Managing-Unique_UID_and_GID_Attributes.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Managing-Unique_UID_and_GID_Attributes.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.3. Managing Unique UID and GID Number Assignments</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.3. Managing Unique UID and GID Number Assignments</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 13. Configuring the FreeIPA Server" /><link rel="prev" href="disabling-anon-binds.html" title="13.2. Disabling Anonymous Binds" /><link rel="next" href="Configuring_Certificates_and_Certificate_Authorities.html" title="13.4. Configuring Certificates and Certificate Authorities" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey
="p" href="disabling-anon-binds.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Configuring_Certificates_and_Certificate_Authorities.html"><strong>Next</strong></a></li></ul><div class="section" id="Managing-Unique_UID_and_GID_Attributes"><div class="titlepage"><div><div><h2 class="title" id="Managing-Unique_UID_and_GID_Attributes">13.3. Managing Unique UID and GID Number Assignments</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 13. Configuring the FreeIPA Server" /><link rel="prev" href="disabling-anon-binds.html" title="13.2. Disabling Anonymous Binds" /><link rel="next" href="Configuring_Certificates_and_Certificate_Authorities.html" title="13.4. Configuring Alternate Certificate Authorities" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" hr
ef="disabling-anon-binds.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Configuring_Certificates_and_Certificate_Authorities.html"><strong>Next</strong></a></li></ul><div class="section" id="Managing-Unique_UID_and_GID_Attributes"><div class="titlepage"><div><div><h2 class="title" id="Managing-Unique_UID_and_GID_Attributes">13.3. Managing Unique UID and GID Number Assignments</h2></div></div></div><div class="para">
A FreeIPA server must generate random UID and GID values and simultaneously ensure that replicas never generate the same UID or GID value. The need for unique UID and GID numbers might even cross FreeIPA domains, if a single organization has multiple disparate domains.
</div><div class="para">
The UID and GID numbers are divided into <span class="emphasis"><em>ranges</em></span>. By keeping separate numeric ranges for individual servers and replicas, the chances are minimal that any numbers issued by one server or replica will duplicate those from another. Ranges are updated and shared intelligently between servers and replicas through the Dynamic Numeric Assignment (DNA) Plug-in, as part of the backend 389 Directory Server instance for the domain. The same range is used for user IDs (<em class="parameter"><code>uidNumber</code></em>) and group IDs (<em class="parameter"><code>gidNumber</code></em>). A user and a group may have the same ID, but since the ID is set in different attributes, there is no conflict. Using the same ID number for both a user and a group also allows an administrator to configure user private groups, where a unique system group is created for each user and the ID number is the same for both the user and the group.
@@ -36,4 +36,4 @@ changetype: modify
add: dnaNextRange
dnaNextRange: 123400000-123500000</pre><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
This command only adds the specified range of values; it does not check that the values in that range are actually available. This check is performed when an attempt is made to allocate those values. If a range is added that contains mostly values that were already allocated, the system will cycle through the entire range searching for unallocated values, and then the operation ultimately fails if none are available.
- </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="disabling-anon-binds.html"><strong>Prev</strong>13.2. Disabling Anonymous Binds</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Configuring_Certificates_and_Certificate_Authorities.html"><strong>Next</strong>13.4. Configuring Certificates and Certificate Au...</a></li></ul></body></html>
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="disabling-anon-binds.html"><strong>Prev</strong>13.2. Disabling Anonymous Binds</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Configuring_Certificates_and_Certificate_Authorities.html"><strong>Next</strong>13.4. Configuring Alternate Certificate Authoriti...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Managing_DNS_Zones-Adding_DNS_Zones.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Managing_DNS_Zones-Adding_DNS_Zones.html
index 0a169ea..33e70ee 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Managing_DNS_Zones-Adding_DNS_Zones.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Managing_DNS_Zones-Adding_DNS_Zones.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.4. Adding DNS Zones</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.5. Adding DNS Zones</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Working_with_DNS.html" title="Chapter 10. Policy: Managing DNS" /><link rel="prev" href="finding-dns-zones.html" title="10.3. Finding and Displaying DNS Zones" /><link rel="next" href="modifying-dns-zones.html" title="10.5. Modifying DNS Zones" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="finding-dns-zones.html"><strong>Prev</strong></a></li><li
class="next"><a accesskey="n" href="modifying-dns-zones.html"><strong>Next</strong></a></li></ul><div class="section" id="Managing_DNS_Zones-Adding_DNS_Zones"><div class="titlepage"><div><div><h2 class="title" id="Managing_DNS_Zones-Adding_DNS_Zones">10.4. Adding DNS Zones</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Working_with_DNS.html" title="Chapter 10. Identity: Managing DNS" /><link rel="prev" href="finding-dns-zones.html" title="10.4. Finding and Displaying DNS Zones" /><link rel="next" href="modifying-dns-zones.html" title="10.6. Modifying DNS Zones" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="finding-dns-zones.html"><strong>Prev</strong></a></li><l
i class="next"><a accesskey="n" href="modifying-dns-zones.html"><strong>Next</strong></a></li></ul><div class="section" id="Managing_DNS_Zones-Adding_DNS_Zones"><div class="titlepage"><div><div><h2 class="title" id="Managing_DNS_Zones-Adding_DNS_Zones">10.5. Adding DNS Zones</h2></div></div></div><a id="id3166471" class="indexterm"></a><div class="para">
The <code class="command">ipa dnszone-add</code> command add a new zone to the DNS domain. At a minimum, this requires the name of the new subdomain:
</div><pre class="screen">$ ipa dnszone-add <em class="replaceable"><code>domainName</code></em></pre><div class="para">
If the name is not given, the script prompts for it. Other command-line options can also be passed with the <code class="command">ipa dnszone-add</code> command; these are described in .
@@ -21,4 +21,4 @@
Reload the <code class="systemitem">named</code> service to load the new zone into the DNS domain configuration. If the service is not restarted, the DNS server will not respond to queries for records in the new zone.
<pre class="screen"># service named reload</pre>
- </div></li></ol></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="finding-dns-zones.html"><strong>Prev</strong>10.3. Finding and Displaying DNS Zones</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="modifying-dns-zones.html"><strong>Next</strong>10.5. Modifying DNS Zones</a></li></ul></body></html>
+ </div></li></ol></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="finding-dns-zones.html"><strong>Prev</strong>10.4. Finding and Displaying DNS Zones</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="modifying-dns-zones.html"><strong>Next</strong>10.6. Modifying DNS Zones</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html
index 5ffc707..34b69ec 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html
@@ -1,15 +1,15 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.8. Adding Records to DNS Zones</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.9. Adding Records to DNS Zones</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Working_with_DNS.html" title="Chapter 10. Policy: Managing DNS" /><link rel="prev" href="enabling-zones.html" title="10.7. Enabling and Disabling Zones" /><link rel="next" href="Managing_DNS_Zones-Deleting_Records_from_DNS_Zones.html" title="10.9. Deleting Records from DNS Zones" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="enabling-zones.html"><
strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Managing_DNS_Zones-Deleting_Records_from_DNS_Zones.html"><strong>Next</strong></a></li></ul><div class="section" id="Managing_DNS_Zones-Adding_Records_to_DNS_Zones"><div class="titlepage"><div><div><h2 class="title" id="Managing_DNS_Zones-Adding_Records_to_DNS_Zones">10.8. Adding Records to DNS Zones</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Working_with_DNS.html" title="Chapter 10. Identity: Managing DNS" /><link rel="prev" href="enabling-zones.html" title="10.8. Enabling and Disabling Zones" /><link rel="next" href="Managing_DNS_Zones-Deleting_Records_from_DNS_Zones.html" title="10.10. Deleting Records from DNS Zones" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="enabling-zones.html
"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Managing_DNS_Zones-Deleting_Records_from_DNS_Zones.html"><strong>Next</strong></a></li></ul><div class="section" id="Managing_DNS_Zones-Adding_Records_to_DNS_Zones"><div class="titlepage"><div><div><h2 class="title" id="Managing_DNS_Zones-Adding_Records_to_DNS_Zones">10.9. Adding Records to DNS Zones</h2></div></div></div><a id="id3090216" class="indexterm"></a><a id="id3090228" class="indexterm"></a><a id="id3090235" class="indexterm"></a><div class="para">
FreeIPA supports several different types of DNS records, listed in <a class="xref" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html#tab.record-types">Table 10.3, “DNS Record Types”</a>.
- </div><div class="table" id="tab.record-types"><h6>Table 10.3. DNS Record Types</h6><div class="table-contents"><table summary="DNS Record Types" border="1"><colgroup><col width="33%" /><col width="33%" /><col width="33%" /></colgroup><tbody><tr><td>
+ </div><a id="id3090252" class="indexterm"></a><a id="id3090264" class="indexterm"></a><div class="table" id="tab.record-types"><h6>Table 10.3. DNS Record Types</h6><div class="table-contents"><table summary="DNS Record Types" border="1"><colgroup><col width="33%" /><col width="33%" /><col width="33%" /></colgroup><tbody><tr><td>
A
</td><td>
DS
@@ -77,21 +77,21 @@
</td></tr></tbody></table></div></div><br class="table-break" /><div class="para">
The <code class="command">ipa dnsrecord-add</code> command adds records to DNS zones, based on the type. Adding a record has the same basic command format:
- </div><pre class="screen">$ ipa dnsrecord-add <em class="replaceable"><code>domainName urlLabel</code></em> --<em class="replaceable"><code>recordType</code></em>--rec <em class="replaceable"><code>record</code></em></pre><div class="para">
+ </div><a id="id3254884" class="indexterm"></a><a id="id3254896" class="indexterm"></a><pre class="screen">$ ipa dnsrecord-add <em class="replaceable"><code>domainName urlLabel</code></em> --<em class="replaceable"><code>recordType</code></em>--rec <em class="replaceable"><code>record</code></em></pre><div class="para">
The <span class="emphasis"><em>recordType</em></span> is an identifier, such as <code class="command">a</code> for A or IPv4 records. The <span class="emphasis"><em>record</em></span> value is the actual entry, which has a value corresponding to the record type.
</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
The <code class="command">ipa dnsrecord-add</code> command only creates forward entries, not reverse entries.
- </div></div></div><div class="example" id="ex.ipv4-record"><h6>Example 10.1. IPv4 Record</h6><div class="example-contents"><div class="para">
+ </div></div></div><a id="id3168676" class="indexterm"></a><a id="id3168688" class="indexterm"></a><div class="example" id="ex.ipv4-record"><h6>Example 10.1. IPv4 Record</h6><div class="example-contents"><div class="para">
Type A resource records map hostnames to IPv4 addresses. The <span class="emphasis"><em>record</em></span> value for these commands, then, is a standard IPv4 address. The URL label is usually www.
<pre class="screen">$ ipa dnsrecord-add example.com www --a-rec 10.64.14.165</pre>
This creates the record <code class="uri">www.example.com</code> with the IP address 10.64.14.165.
</div><div class="para">
More information about A records is in <a href="http://tools.ietf.org/html/rfc1035">RFC 1035</a>.
- </div></div></div><br class="example-break" /><div class="example" id="ex.ipv6-record"><h6>Example 10.2. IPv6 Record</h6><div class="example-contents"><div class="para">
+ </div></div></div><br class="example-break" /><a id="id3168739" class="indexterm"></a><a id="id3168750" class="indexterm"></a><div class="example" id="ex.ipv6-record"><h6>Example 10.2. IPv6 Record</h6><div class="example-contents"><div class="para">
Type AAAA resource records (<em class="firstterm">quad-A records)</em> map hostnames to IPv6 addresses. The <span class="emphasis"><em>record</em></span> value for these commands is an IPv6 address. As with Type A records, the URL label is usually www.
<pre class="screen">$ ipa dnsrecord-add example.com www --aaaa-rec fe80::20c:29ff:fe02:a1b3</pre>
This creates the record <code class="uri">www.example.com</code> with the IP address fe80::20c:29ff:fe02:a1b3. More information about AAAA records is in <a href="http://tools.ietf.org/html/rfc3596">RFC 3596</a>.
- </div></div></div><br class="example-break" /><div class="example" id="ex.srv-record"><h6>Example 10.3. SRV Record</h6><div class="example-contents"><div class="para">
+ </div></div></div><br class="example-break" /><a id="id3155940" class="indexterm"></a><a id="id3155952" class="indexterm"></a><div class="example" id="ex.srv-record"><h6>Example 10.3. SRV Record</h6><div class="example-contents"><div class="para">
<em class="firstterm">Service (SRV) resource records</em> map service names to the DNS name of the server that is providing that particular service. For example, this record type can map a service like an LDAP directory to the DNS server which manages it.
</div><div class="para">
As with Type A and Type AAAA records, SRV records specify a way to connect to and identify the service, but the record format is different.
@@ -103,4 +103,16 @@
$ ipa dnsrecord-add server.example.com _ldap._tcp --srv-rec="1 100 389 server2.example.com"</pre><div class="para">
More information about SRV records is in <a href="http://tools.ietf.org/html/rfc2782">RFC 2782</a>.
- </div></div></div><br class="example-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="enabling-zones.html"><strong>Prev</strong>10.7. Enabling and Disabling Zones</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Managing_DNS_Zones-Deleting_Records_from_DNS_Zones.html"><strong>Next</strong>10.9. Deleting Records from DNS Zones</a></li></ul></body></html>
+ </div></div></div><br class="example-break" /><a id="id3156034" class="indexterm"></a><a id="id3156046" class="indexterm"></a><div class="example" id="ex.ptr-record"><h6>Example 10.4. PTR Record</h6><div class="example-contents"><div class="para">
+ A pointer record type (PTR) record adds a <span class="emphasis"><em>reverse</em></span> DNS record, which maps an IP address to a domain name, rather than the other way around.
+ </div><div class="para">
+ All reverse DNS lookups for OPv4 addresses user reverse entries that are defined in the <code class="command">in-addr.arpa.</code> domain. The reverse address, in human-readable form, is the exact reverse of the regular IP address, with the <code class="command">in-addr.arpa.</code> domain appended to it. For example, for the IP address <code class="systemitem">192.0.1.2</code>, the reverse address is <code class="systemitem">2.1.0.192..in-addr.arpa</code>.
+ </div><div class="para">
+ When adding the reverse DNS record, the format of the <code class="command">dnsrecord-add</code> command is also reverse, compared to the usage for adding regular DNS entries:
+ </div><pre class="screen">$ ipa dnsrecord-add <em class="replaceable"><code>reverseIpAddress recordId</code></em> --ptr-rec <em class="replaceable"><code>FQDN</code></em></pre><div class="para">
+ The <span class="emphasis"><em>recordId</em></span> is the numeric identifier to use for the entry in the zone.
+ </div><div class="para">
+ For example, this adds a record with an ID of 4 for <code class="command">server2.example.com</code>:
+ </div><pre class="screen">$ ipa dnsrecord-add 2.1.0.192..in-addr.arpa 4 --ptr-rec server2.example.com.</pre><div class="para">
+ More information about PTR records is in <a href="http://tools.ietf.org/html/rfc1035#page-12">RFC 1035</a>.
+ </div></div></div><br class="example-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="enabling-zones.html"><strong>Prev</strong>10.8. Enabling and Disabling Zones</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Managing_DNS_Zones-Deleting_Records_from_DNS_Zones.html"><strong>Next</strong>10.10. Deleting Records from DNS Zones</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Managing_DNS_Zones-Deleting_Records_from_DNS_Zones.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Managing_DNS_Zones-Deleting_Records_from_DNS_Zones.html
index c346671..c1a4464 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Managing_DNS_Zones-Deleting_Records_from_DNS_Zones.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Managing_DNS_Zones-Deleting_Records_from_DNS_Zones.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.9. Deleting Records from DNS Zones</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.10. Deleting Records from DNS Zones</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Working_with_DNS.html" title="Chapter 10. Policy: Managing DNS" /><link rel="prev" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html" title="10.8. Adding Records to DNS Zones" /><link rel="next" href="dns-resolve.html" title="10.10. Resolving Hostnames in the FreeIPA Domain" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Managing_DNS_Zones-
Adding_Records_to_DNS_Zones.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="dns-resolve.html"><strong>Next</strong></a></li></ul><div class="section" id="Managing_DNS_Zones-Deleting_Records_from_DNS_Zones"><div class="titlepage"><div><div><h2 class="title" id="Managing_DNS_Zones-Deleting_Records_from_DNS_Zones">10.9. Deleting Records from DNS Zones</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Working_with_DNS.html" title="Chapter 10. Identity: Managing DNS" /><link rel="prev" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html" title="10.9. Adding Records to DNS Zones" /><link rel="next" href="dns-resolve.html" title="10.11. Resolving Hostnames in the FreeIPA Domain" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Managing_DNS_Zone
s-Adding_Records_to_DNS_Zones.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="dns-resolve.html"><strong>Next</strong></a></li></ul><div class="section" id="Managing_DNS_Zones-Deleting_Records_from_DNS_Zones"><div class="titlepage"><div><div><h2 class="title" id="Managing_DNS_Zones-Deleting_Records_from_DNS_Zones">10.10. Deleting Records from DNS Zones</h2></div></div></div><a id="id3297862" class="indexterm"></a><a id="id3297874" class="indexterm"></a><div class="para">
Records are removed from the zone using the <code class="command">ipa dnsrecord-del</code> command. As with adding records, records are deleted using an option that specifies the type of record (<code class="option">--</code><span class="emphasis"><em>recordType</em></span><code class="option">-rec</code>) and the record value.
</div><div class="para">
For example, to remove the A type record:
@@ -15,4 +15,4 @@
</div><div class="para">
Alternatively, using the <code class="option">--del-all</code> option removes all associated records for the zone.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html"><strong>Prev</strong>10.8. Adding Records to DNS Zones</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="dns-resolve.html"><strong>Next</strong>10.10. Resolving Hostnames in the FreeIPA Domain</a></li></ul></body></html>
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html"><strong>Prev</strong>10.9. Adding Records to DNS Zones</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="dns-resolve.html"><strong>Next</strong>10.11. Resolving Hostnames in the FreeIPA Domain</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Migrating_from_a_Directory_Server_to_IPA.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Migrating_from_a_Directory_Server_to_IPA.html
index 8276a18..27c2182 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Migrating_from_a_Directory_Server_to_IPA.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Migrating_from_a_Directory_Server_to_IPA.html
@@ -1,15 +1,15 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Appendix B. Migrating from a Directory Server to IPA</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Appendix C. Migrating from a Directory Server to IPA</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html" title="Appendix A. Frequently Asked Questions" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html" title="B.2. Performing a Server-based Migration" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png"
alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="appendix" id="Migrating_from_a_Directory_Server_to_IPA" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Migrating from a Directory Server to IPA</h1></div></div></div><div class="toc"><dl><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview">B.1. Overview</a></span></dt><dd><dl><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Assumption
s">B.1.1. Assumptions</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues">B.1.2. Known Issues</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios">B.1.3. Possible Scenarios</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States">B.1.4. Initial and Final States</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps">B.1.5. Recommended Sequence of Steps</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details">B.
1.6. Implementation Details</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html">B.2. Performing a Server-based Migration</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">B.2.1. Phase 1: Migrating Existing Data to IPA</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration">B.2.2. Phase 2: Updating the Client Configuration</a></span></dt><dt><span class="section"><a
href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">B.2.3. Phase 3: Installing and Configuring SSSD</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users">B.2.4. Phase 4: Migrating Users</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS">B.2.5. Phase 5: Decommission the DS</a></span></dt></dl></dd><dt><span class="section"><a href="sect-
Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html">B.3. Performing a Client-based Migration</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_Configuring_SSSD">B.3.1. Phase 1: Installing and Configuring SSSD</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA">B.3.2. Phase 2: Migrating Existing Data to IPA</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Perform
ing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA">B.3.3. Phase 3: Migrate SSSD Clients from LDAP to IPA</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients">B.3.4. Phase 4: Reconfigure non-SSSD Clients</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server">B.3.5. Phase 5: Decommission the Directory Server</a></span></dt></dl></dd></dl></div><div class="section" id="sect-Enterprise_Identity_Management
_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview">B.1. Overview</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="client-tools.html" title="B.3. Client Scripts" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html" title="C.2. Performing a Server-based Migration" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><
a accesskey="p" href="client-tools.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="appendix" id="Migrating_from_a_Directory_Server_to_IPA" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Migrating from a Directory Server to IPA</h1></div></div></div><div class="toc"><dl><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview">C.1. Overview</a></span></dt><dd><dl><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Assumptions">C.1.1. Assumptions</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterpris
e_Identity_Management_Guide-Overview-Known_Issues">C.1.2. Known Issues</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios">C.1.3. Possible Scenarios</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States">C.1.4. Initial and Final States</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps">C.1.5. Recommended Sequence of Steps</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details">C.1.6. Implementation Details</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Mi
grating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html">C.2. Performing a Server-based Migration</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">C.2.1. Phase 1: Migrating Existing Data to IPA</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration">C.2.2. Phase 2: Updating the Client Configuration</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#s
ect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">C.2.3. Phase 3: Installing and Configuring SSSD</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users">C.2.4. Phase 4: Migrating Users</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS">C.2.5. Phase 5: Decommission the DS</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html">C.3. Perform
ing a Client-based Migration</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_Configuring_SSSD">C.3.1. Phase 1: Installing and Configuring SSSD</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA">C.3.2. Phase 2: Migrating Existing Data to IPA</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD
_Clients_from_LDAP_to_IPA">C.3.3. Phase 3: Migrate SSSD Clients from LDAP to IPA</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients">C.3.4. Phase 4: Reconfigure non-SSSD Clients</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server">C.3.5. Phase 5: Decommission the Directory Server</a></span></dt></dl></dd></dl></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Ide
ntity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview">C.1. Overview</h2></div></div></div><div class="para">
This appendix addresses the situation where a customer has previously deployed an internal Directory Server (DS) and is planning to use IPA instead. The customer needs to transfer all user data from the DS to IPA so that IPA can function fully and correctly. The goal is to perform this migration without requiring that users change their passwords or perform some other specific action.
- </div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Assumptions"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Assumptions">B.1.1. Assumptions</h3></div></div></div><div class="para">
+ </div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Assumptions"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Assumptions">C.1.1. Assumptions</h3></div></div></div><div class="para">
It is not practical to identify and address each of the scenarios in which a DS and IPA might be deployed, and where migration might be required. Consequently, the following assumptions are made:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
This is a one-to-one transition from one DS realm to one IPA realm. No consolidation is involved.
@@ -21,7 +21,7 @@
Some machines might be present that are managed by <code class="systemitem">NIS</code> or are not part of the DS deployment, but are planned to be part of the IPA domain
</div><div class="para">
Machines that cannot be moved from the <code class="systemitem">NIS</code> domain to LDAP or IPA because they are old and do not support <code class="systemitem">nss_ldap</code> are assumed to remain in and be served by the <code class="systemitem">NIS</code> domain. The migration of such machines to the IPA domain, while possible, is a challenging task and is out of the scope of the current use case.
- </div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues">B.1.2. Known Issues</h3></div></div></div><div class="para">
+ </div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues">C.1.2. Known Issues</h3></div></div></div><div class="para">
A number of issues exist that need to be considered when planning the migration:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
A generic DS uses a different schema and <em class="firstterm">Directory Information Tree (DIT)</em> when compared to IPA. No known DS uses the same flat DIT structure that IPA uses. IPA is optimized for performance, and attempts to avoid any architectural design flaws that have occurred in the past.
@@ -29,7 +29,7 @@
IPA uses Kerberos for authentication, and so each user requires that Kerberos keys be stored in the IPA DS, in addition to the standard LDAP hashes used by the DS
</div><div class="para">
In order to generate these keys, the password needs to be available in clear text to IPA's DS password plug-in. It is available when the user is created in IPA using IPA tools or LDAP, but this is not the case when the user is migrated from other external storage such as another DS. Consequently, the existing password hashes can be reloaded, but the Kerberos hashes cannot be generated. IPA provides a number of solutions to overcome this issue; these are described later in this appendix.
- </div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios">B.1.3. Possible Scenarios</h3></div></div></div><div class="para">
+ </div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios">C.1.3. Possible Scenarios</h3></div></div></div><div class="para">
The following have been identified as typical migration scenarios:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Migrate an existing environment to IPA but do not use its Kerberos features for now
@@ -37,13 +37,13 @@
Migrate an existing environment to IPA and use its Kerberos features using only IPA v1 functionality. That is, do not use SSSD.
</div></li><li class="listitem"><div class="para">
Migrate an existing environment to IPA and use its Kerberos features on some machines, while some machines will use SSSD and some will not; this is the primary use case.
- </div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States">B.1.4. Initial and Final States</h3></div></div></div><div class="para">
+ </div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States">C.1.4. Initial and Final States</h3></div></div></div><div class="para">
The following sections describe the initial, pre‐migration state, and the final, post‐migration state of a DS deployment when migrating to a single IPA domain.
- </div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Initial_State"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Initial_State">B.1.4.1. Initial State</h4></div></div></div><div class="para">
+ </div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Initial_State"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Initial_State">C.1.4.1. Initial State</h4></div></div></div><div class="para">
In the initial state, there is a single data source (the Directory Server) and a single client machine configuration. This client configuration uses <code class="systemitem">LDAP</code> to connect to the Directory Server and retrieve information about users and groups. This configuration uses <code class="systemitem">PAM_LDAP</code> and <code class="systemitem">NSS_LDAP</code> for authentication and identity lookups. These modules enable the client systems to use data retrieved from the DS just as if it were stored in <code class="filename">/etc/passwd</code> or <code class="filename">/etc/shadow</code>. The following diagram illustrates this type of implementation, where <code class="systemitem">LDAP</code> is used to connect to the DS for both authentication and authorization. The case where <code class="systemitem">Kerberos</code> is used for authentication and <code class="systemitem">LDAP</code> for identity, and where these two data stores are synchronized, is not
described here. Consequently, the initial state may not be as simple or as straightforward as displayed here, however the approach and the final state will be similar.
- </div><div class="figure" id="figu-Enterprise_Identity_Management_Guide-Initial_State-Initial_state_of_deployment_before_migrating_to_IPA."><div class="figure-contents"><div class="mediaobject"><img src="./images/IPA_Migration_Initial_State.png" alt="Initial state of deployment before migrating to IPA." /></div></div><h6>Figure B.1. Initial state of deployment before migrating to IPA.</h6></div><br class="figure-break" /></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Final_State"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Final_State">B.1.4.2. Final State</h4></div></div></div><div class="para">
- In the final state, even though only a single data source exists, multiple possible machine configurations are now possible. This is illustrated in <a class="xref" href="Migrating_from_a_Directory_Server_to_IPA.html#figu-Enterprise_Identity_Management_Guide-Final_State-Final_state_of_deployment_after_migrating_to_IPA">Figure B.2, “Final state of deployment after migrating to IPA”</a>
- </div><div class="figure" id="figu-Enterprise_Identity_Management_Guide-Final_State-Final_state_of_deployment_after_migrating_to_IPA"><div class="figure-contents"><div class="mediaobject"><img src="./images/IPA_Migration_Final_State.png" alt="Final state of deployment after migrating to IPA" /></div></div><h6>Figure B.2. Final state of deployment after migrating to IPA</h6></div><br class="figure-break" /><div class="section" id="sect-Enterprise_Identity_Management_Guide-Final_State-Configuration_Options"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Final_State-Configuration_Options">B.1.4.2.1. Configuration Options</h5></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuration_Options-Connected_to_IPA_via_SSSD_Using_SSSDs_LDAP_Back_End"><h5 class="formalpara">Connected to IPA via SSSD Using SSSD's LDAP Back End</h5>
+ </div><div class="figure" id="figu-Enterprise_Identity_Management_Guide-Initial_State-Initial_state_of_deployment_before_migrating_to_IPA."><div class="figure-contents"><div class="mediaobject"><img src="./images/IPA_Migration_Initial_State.png" alt="Initial state of deployment before migrating to IPA." /></div></div><h6>Figure C.1. Initial state of deployment before migrating to IPA.</h6></div><br class="figure-break" /></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Final_State"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Initial_and_Final_States-Final_State">C.1.4.2. Final State</h4></div></div></div><div class="para">
+ In the final state, even though only a single data source exists, multiple possible machine configurations are now possible. This is illustrated in <a class="xref" href="Migrating_from_a_Directory_Server_to_IPA.html#figu-Enterprise_Identity_Management_Guide-Final_State-Final_state_of_deployment_after_migrating_to_IPA">Figure C.2, “Final state of deployment after migrating to IPA”</a>
+ </div><div class="figure" id="figu-Enterprise_Identity_Management_Guide-Final_State-Final_state_of_deployment_after_migrating_to_IPA"><div class="figure-contents"><div class="mediaobject"><img src="./images/IPA_Migration_Final_State.png" alt="Final state of deployment after migrating to IPA" /></div></div><h6>Figure C.2. Final state of deployment after migrating to IPA</h6></div><br class="figure-break" /><div class="section" id="sect-Enterprise_Identity_Management_Guide-Final_State-Configuration_Options"><div class="titlepage"><div><div><h5 class="title" id="sect-Enterprise_Identity_Management_Guide-Final_State-Configuration_Options">C.1.4.2.1. Configuration Options</h5></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuration_Options-Connected_to_IPA_via_SSSD_Using_SSSDs_LDAP_Back_End"><h5 class="formalpara">Connected to IPA via SSSD Using SSSD's LDAP Back End</h5>
Clients connect to IPA via SSSD. SSSD is integrated into the PAM and NSS stacks by means of PAM_SSS and NSS_SSS, respectively. SSSD's LDAP back end is configured for both authentication and for identity lookups. In this use case, IPA functions like a normal DS.
</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
Kerberos authentication can be configured instead of LDAP authentication. In this case, IPA acts as a normal DS for identity lookups and a normal KDC for Kerberos authentication.
@@ -55,7 +55,7 @@
Clients connect directly to IPA and use PAM_KRB5 and NSS_LDAP. This is the same configuration as that provided for IPA v1.x
</div><div class="para">
In the initial state, clients use LDAP to communicate with the Directory Server to retrieve information about users and groups. <code class="systemitem">PAM_LDAP</code> and <code class="systemitem">NSS_LDAP</code> are modules that enable the client systems to use data retrieved from the Directory Server as if it were stored in <code class="filename">/etc/passwd</code> or <code class="filename">/etc/shadow</code>. In the final state, IPA provides all of the same functionality and many more features besides.
- </div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps">B.1.5. Recommended Sequence of Steps</h3></div></div></div><div class="para">
+ </div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps">C.1.5. Recommended Sequence of Steps</h3></div></div></div><div class="para">
The migration from DS to IPA requires:
</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
Installing IPA on a suitable machine
@@ -79,13 +79,13 @@
Deploy SSSD first
</div></li></ul></div><div class="para">
Each approach is valid and accomplishes the same goal, but using a different sequence of operations.
- </div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Recommended_Sequence_of_Steps-Comparison_of_Migration_Strategies"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Recommended_Sequence_of_Steps-Comparison_of_Migration_Strategies">B.1.5.1. Comparison of Migration Strategies</h4></div></div></div><div class="para">
+ </div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Recommended_Sequence_of_Steps-Comparison_of_Migration_Strategies"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Recommended_Sequence_of_Steps-Comparison_of_Migration_Strategies">C.1.5.1. Comparison of Migration Strategies</h4></div></div></div><div class="para">
Each approach has a different impact on the IT team and the users. You need to select the approach that best suits your deployment. These scenarios can be modified to meet the needs of your enterprise. Provided you understand the implications and reasoning behind each step, there is no requirement to follow the steps in the given order. It is important to understand that until the Kerberos keys are generated in IPA, users will not be able to authenticate with Kerberos credentials using <code class="systemitem">PAM_KRB5</code> or <code class="command">kinit</code>.
</div><div class="para">
You should also consider an alternative migration scenario, where passwords are not migrated. In this scenario, users are not migrated into IPA but rather added as new users with new passwords. Users would then change their password the first time they authenticate. The initial password would be defined by IT and sent to users by email or communicated in some other way.
</div><div class="para">
Migrating users from an existing system provides a smoother transition but also requires parallel management of DS and IPA during the migration. If you do not preserve passwords, the migration can be performed more quickly and you can avoid the period of double management of IPA and DS.
- </div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details">B.1.6. Implementation Details</h3></div></div></div><div class="para">
+ </div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details">C.1.6. Implementation Details</h3></div></div></div><div class="para">
The following sequence of operations occurs when users are migrated using SSSD:
</div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
A user tries to log in to the machine.
@@ -111,4 +111,4 @@
If the bind operation fails for any reason, the IPA identity provider back end will fail authentication, otherwise it will continue.
</div></li><li class="listitem"><div class="para">
The IPA identity provider back end will unbind and try Kerberos authentication again. This time it is expected to succeed because the keys already exist in the entry.
- </div></li></ul></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html"><strong>Prev</strong>Appendix A. Frequently Asked Questions</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html"><strong>Next</strong>B.2. Performing a Server-based Migration</a></li></ul></body></html>
+ </div></li></ul></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="client-tools.html"><strong>Prev</strong>B.3. Client Scripts</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html"><strong>Next</strong>C.2. Performing a Server-based Migration</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Preface.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Preface.html
index a1e59ca..d6a521c 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Preface.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Preface.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Preface</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Preface</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Setting_up_IPA_Replicas.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Setting_up_IPA_Replicas.html
index 398bb96..c567bed 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Setting_up_IPA_Replicas.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Setting_up_IPA_Replicas.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.4. Setting up FreeIPA Replicas</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.4. Setting up FreeIPA Replicas</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
@@ -48,6 +48,8 @@ Copying additional files
Finalizing configuration
Packaging the replica into replica-info-ipareplica.example.com
</pre><div class="para">
+ For more options with <code class="command">ipa-replica-prepare</code>, see <a class="xref" href="server-tools.html#ipa-replica-prepare">Section B.2.2, “ipa-replica-prepare”</a>.
+ </div><div class="para">
Each replica information file is created in the <code class="filename">/var/lib/ipa/</code> directory as a GPG-encrypted file. Each file is named specifically for the replica server for which it is intended, such as <code class="filename">replica-info-ipareplica.example.com.gpg</code>.
</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
A replica information file cannot be used to create multiple replicas. It can only be used for the specific replica and machine for which it was created.
@@ -56,11 +58,9 @@ Packaging the replica into replica-info-ipareplica.example.com
</div></div></div></li><li class="listitem"><div class="para">
Copy the replica information file to the replica server:
</div><pre class="programlisting"><span class="perl_Comment"># scp /var/lib/ipa/replica-info-ipareplica.example.com.gpg root at ipareplica:/var/lib/ipa/</span></pre></li><li class="listitem"><div class="para">
- On the replica server, run the replica installation script, referencing the replication information file:
- </div><div class="para">
-
-<pre class="programlisting"> <span class="perl_Comment"># ipa-replica-install /var/lib/ipa/replica-info-ipareplica.example.com.gpg</span></pre>
-
+ On the replica server, run the replica installation script, referencing the replication information file. There are other options for setting up DNS, much like the server installation script. For example:
+ </div><pre class="programlisting"> <span class="perl_Comment"># ipa-replica-install --setup-dns /var/lib/ipa/replica-info-ipareplica.example.com.gpg</span></pre><div class="para">
+ Additional options for the replica installation script are listed in <a class="xref" href="server-tools.html#ipa-replica-install">Section B.2.1, “ipa-replica-install”</a>.
</div><div class="para">
The replica installation script runs a test to ensure that the replica file being installed matches the current hostname. If they do not match, the script returns a warning message and asks for confirmation. This could occur on a multi-homed machine, for example, where mismatched hostnames may not be an issue.
</div></li><li class="listitem"><div class="para">
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Troubleshooting-UI.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Troubleshooting-UI.html
index eabfbde..7fac116 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Troubleshooting-UI.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Troubleshooting-UI.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7. Troubleshooting UI Connection Problems</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.7. Troubleshooting UI Connection Problems</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Uninstalling_IPA_Servers.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Uninstalling_IPA_Servers.html
index 2f0b928..0aac68a 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Uninstalling_IPA_Servers.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Uninstalling_IPA_Servers.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.5. Uninstalling FreeIPA Servers and Replicas</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.5. Uninstalling FreeIPA Servers and Replicas</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Using_OCSP.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Using_OCSP.html
new file mode 100644
index 0000000..16f3a0f
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Using_OCSP.html
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.5. Configuring OCSP Responders</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.15');
+
+ addID('Fedora.15.books');
+ addID('Fedora.15.FreeIPA_Guide');
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 13. Configuring the FreeIPA Server" /><link rel="prev" href="Configuring_Certificates_and_Certificate_Authorities.html" title="13.4. Configuring Alternate Certificate Authorities" /><link rel="next" href="ipa-apache.html" title="13.6. Setting a FreeIPA Server as an Apache Virtual Host" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a a
ccesskey="p" href="Configuring_Certificates_and_Certificate_Authorities.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ipa-apache.html"><strong>Next</strong></a></li></ul><div class="section" id="Using_OCSP"><div class="titlepage"><div><div><h2 class="title" id="Using_OCSP">13.5. Configuring OCSP Responders</h2></div></div></div><div class="para">
+ A certificate is only valid if it is before its expiration date and if it has not been revoked. The expiration date is contained in the certificate itself, so a client can easily check that. However, a certificate can be revoked before its validity period is up. To inform clients of when a certificate has been revoked, a CA publishes a <span class="emphasis"><em>certificate revocation list</em></span> (CRL). A CRL contains a complete list of every certificate that was issued by that CA and subsequently revoked.
+ </div><div class="para">
+ A client checks a CRL to verify a certificate using the online certificate status protocol (OCSP), which sends a request to an <span class="emphasis"><em>OCSP responder</em></span>. Each CA integrated with the FreeIPA server uses an internal OCSP responder. Any client which runs a validity check can check the FreeIPA CA.
+ </div><div class="para">
+ Every certificate issued by the FreeIPA CA puts its OCSP responder service URL in the certificate. For example:
+ </div><pre class="screen">http://ipa.example.com:9180/ca/ocsp</pre><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+ For the FreeIPA OCSP responder to be available, port 9180 needs to be open in the firewall.
+ </div></div></div><div class="section" id="ocsp-interval"><div class="titlepage"><div><div><h3 class="title" id="ocsp-interval">13.5.1. Changing the CRL Update Interval</h3></div></div></div><div class="para">
+ The CRL file is automatically generated by the Dogtag Certificate System CA every four hours. This interval can be changed by editing the Dogtag Certificate System configuration.
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Stop the CA server.
+ </div><pre class="screen">service pki-ca stop</pre></li><li class="listitem"><div class="para">
+ Open the <code class="filename">CS.cfg</code> file.
+ </div><pre class="screen">vim /etc/pki-ca/CS.cfg</pre></li><li class="listitem"><div class="para">
+ Change the <em class="parameter"><code>ca.crl.MasterCRL.autoUpdateInterval</code></em> to the new interval setting.
+ </div></li><li class="listitem"><div class="para">
+ Restart the CA server.
+<pre class="screen">service pki-ca start</pre>
+
+ </div></li></ol></div></div><div class="section" id="ocsp-location"><div class="titlepage"><div><div><h3 class="title" id="ocsp-location">13.5.2. Changing the OCSP Responder Location</h3></div></div></div><div class="para">
+ Each FreeIPA server generates its own CRL. Likewise, each FreeIPA server uses its own OCSP responder, with its own OCSP responder URL in the certificates it issues.
+ </div><div class="para">
+ A DNS CNAME can be used by FreeIPA clients, and then from there be redirected to the appropriate FreeIPA server OCSP responder.
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Open the certificate profile.
+ </div><pre class="screen">vim /var/lib/pki-ca/profiles/ca/caIPAserviceCert.cfg</pre></li><li class="listitem"><div class="para">
+ Change the <em class="parameter"><code>policyset.serverCertSet.9.default.params.crlDistPointsPointName_0</code></em> parameter to the DNS CNAME hostname.
+ </div></li><li class="listitem"><div class="para">
+ Restart the CA server.
+<pre class="screen">service pki-ca restart</pre>
+
+ </div></li></ol></div><div class="para">
+ That change must be made on every FreeIPA server, with the <em class="parameter"><code>crlDistPointsPointName_0</code></em> parameter set to the same hostname.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Configuring_Certificates_and_Certificate_Authorities.html"><strong>Prev</strong>13.4. Configuring Alternate Certificate Authoriti...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ipa-apache.html"><strong>Next</strong>13.6. Setting a FreeIPA Server as an Apache Virtu...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Working_with_DNS.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Working_with_DNS.html
index ef6de6d..89d6f58 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Working_with_DNS.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/Working_with_DNS.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 10. Policy: Managing DNS</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 10. Identity: Managing DNS</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="migrintg-from-nis.html" title="9.3. Migrating from NIS to IPA" /><link rel="next" href="enabling-dns.html" title="10.2. Configuring DNS" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="migrintg-from-nis.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n"
href="enabling-dns.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="Working_with_DNS" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 10. Policy: Managing DNS</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="Working_with_DNS.html#about-dns">10.1. About DNS in FreeIPA</a></span></dt><dt><span class="section"><a href="enabling-dns.html">10.2. Configuring DNS</a></span></dt><dt><span class="section"><a href="finding-dns-zones.html">10.3. Finding and Displaying DNS Zones</a></span></dt><dt><span class="section"><a href="Managing_DNS_Zones-Adding_DNS_Zones.html">10.4. Adding DNS Zones</a></span></dt><dt><span class="section"><a href="modifying-dns-zones.html">10.5. Modifying DNS Zones</a></span></dt><dt><span class="section"><a href="Adding_DNS_Zones-Using_Dynamic_DNS_Updates.html">10.6. Enabling Dynamic DNS Updates</a></span></dt><dt><span class="section"><a href="enabling-zones.html">10.7.
Enabling and Disabling Zones</a></span></dt><dt><span class="section"><a href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html">10.8. Adding Records to DNS Zones</a></span></dt><dt><span class="section"><a href="Managing_DNS_Zones-Deleting_Records_from_DNS_Zones.html">10.9. Deleting Records from DNS Zones</a></span></dt><dt><span class="section"><a href="dns-resolve.html">10.10. Resolving Hostnames in the FreeIPA Domain</a></span></dt></dl></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="migrintg-from-nis.html" title="9.3. Migrating from NIS to IPA" /><link rel="next" href="enabling-dns.html" title="10.2. Configuring DNS" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="migrintg-from-nis.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n"
href="enabling-dns.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="Working_with_DNS" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 10. Identity: Managing DNS</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="Working_with_DNS.html#about-dns">10.1. About DNS in FreeIPA</a></span></dt><dt><span class="section"><a href="enabling-dns.html">10.2. Configuring DNS</a></span></dt><dt><span class="section"><a href="changing-forwarder.html">10.3. Changing Recursive Queries Against Forwarders</a></span></dt><dt><span class="section"><a href="finding-dns-zones.html">10.4. Finding and Displaying DNS Zones</a></span></dt><dt><span class="section"><a href="Managing_DNS_Zones-Adding_DNS_Zones.html">10.5. Adding DNS Zones</a></span></dt><dt><span class="section"><a href="modifying-dns-zones.html">10.6. Modifying DNS Zones</a></span></dt><dt><span class="section"><a href="Adding_DNS_Zones-Using_Dynamic_
DNS_Updates.html">10.7. Enabling Dynamic DNS Updates</a></span></dt><dt><span class="section"><a href="enabling-zones.html">10.8. Enabling and Disabling Zones</a></span></dt><dt><span class="section"><a href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html">10.9. Adding Records to DNS Zones</a></span></dt><dt><span class="section"><a href="Managing_DNS_Zones-Deleting_Records_from_DNS_Zones.html">10.10. Deleting Records from DNS Zones</a></span></dt><dt><span class="section"><a href="dns-resolve.html">10.11. Resolving Hostnames in the FreeIPA Domain</a></span></dt></dl></div><div class="para">
If the FreeIPA server was installed with DNS configured, then all of the DNS entries for the domain — host entries, locations, records — can be managed using the FreeIPA tools.
</div><div class="section" id="about-dns"><div class="titlepage"><div><div><h2 class="title" id="about-dns">10.1. About DNS in FreeIPA</h2></div></div></div><div class="para">
DNS is one of the services that can be configured and maintained by the FreeIPA domain. DNS is critical to the performance of the FreeIPA domain; DNS is used for the Kerberos services and SSL connections for all servers and clients and for connections to domain services like LDAP.
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/active-directory.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/active-directory.html
index 3df157f..3fce6f0 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/active-directory.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/active-directory.html
@@ -1,16 +1,16 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 8. Identity: Integrating with Microsoft Active Directory</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 8. Identity: Integrating with Microsoft Active Directory</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="configuring-automount.html" title="7.2. Configuring Automount" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html" title="8.2. Setting up Active Directory" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="confi
guring-automount.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="active-directory" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 8. Identity: Integrating with Microsoft Active Directory</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="active-directory.html#about-active-directory">8.1. About Active Directory, IPA, and Identity Management</a></span></dt><dd><dl><dt><span class="section"><a href="active-directory.html#sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations">8.1.1. Domain Name Considerations</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html">8.2. Setting up Active Directory</a></span></dt><d
t><span class="section"><a href="configuring-active-directory.html">8.3. Configuring Active Directory Synchronization</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html">8.4. Creating Synchronization Agreements</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html">8.5. Modifying Synchronization Agreements</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html#sect-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Changing_the_Default_Synchronization_Subtree">8.5.1. Changing the Default Synchronization Subtree</a></span></dt></dl>
</dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html">8.6. Deleting Synchronization Agreements</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html">8.7. Winsync Agreement Failures</a></span></dt></dl></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="Configuring_Indirect_Maps-Configuring_Direct_Maps.html" title="7.5. Configuring Direct Maps" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html" title="8.2. Setting up Active Directory" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous
"><a accesskey="p" href="Configuring_Indirect_Maps-Configuring_Direct_Maps.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="active-directory" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 8. Identity: Integrating with Microsoft Active Directory</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="active-directory.html#about-active-directory">8.1. About Active Directory, IPA, and Identity Management</a></span></dt><dd><dl><dt><span class="section"><a href="active-directory.html#sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations">8.1.1. Domain Name Considerations</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Director
y.html">8.2. Setting up Active Directory</a></span></dt><dt><span class="section"><a href="configuring-active-directory.html">8.3. Configuring Active Directory Synchronization</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html">8.4. Creating Synchronization Agreements</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html">8.5. Modifying Synchronization Agreements</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html#sect-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Changing_the_Default_Synchronization_Subtree">8.5.1. Changin
g the Default Synchronization Subtree</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html">8.6. Deleting Synchronization Agreements</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html">8.7. Winsync Agreement Failures</a></span></dt></dl></div><div class="para">
To synchronize user identity information between 389 Directory Server and Windows Active Directory, IPA employs a plug-in that extends the functionality of the 389 Directory Server Windows Sync utility. This plug-in allows IPA to perform the data manipulation necessary to achieve synchronization between 389 Directory Server and Windows Active Directory. The IPA Windows Sync plug-in uses the <em class="parameter"><code>ipaWinSyncUserAttr</code></em> parameter to specify which attributes and values to add to new users that are synchronized from Active Directory.
</div><div class="section" id="about-active-directory"><div class="titlepage"><div><div><h2 class="title" id="about-active-directory">8.1. About Active Directory, IPA, and Identity Management</h2></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations">8.1.1. Domain Name Considerations</h3></div></div></div><div class="para">
IPA clients find, or discover, IPA servers using a process known as <em class="firstterm">Service Discovery</em>. This can occur automatically, using DNS, or manually, by entering the IPA server details during the client configuration phase. If your Active Directory installation is in the same domain as the IPA server, it is possible that when you install IPA clients they will not discover the IPA server, but rather the Active Directory DNS. This means that IPA commands run on the client will fail because the client cannot contact the IPA server.
</div><div class="para">
To avoid this situation, use a separate domain for your IPA and Active Directory servers. If this is not possible, use the <em class="parameter"><code>--force</code></em> parameter when you run the <code class="command">ipa-client-install</code> script.
- </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="configuring-automount.html"><strong>Prev</strong>7.2. Configuring Automount</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html"><strong>Next</strong>8.2. Setting up Active Directory</a></li></ul></body></html>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Configuring_Indirect_Maps-Configuring_Direct_Maps.html"><strong>Prev</strong>7.5. Configuring Direct Maps</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html"><strong>Next</strong>8.2. Setting up Active Directory</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/adding-host-entry.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/adding-host-entry.html
index 1ae68c7..8d8cdea 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/adding-host-entry.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/adding-host-entry.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.2. Adding Host Entries</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>5.2. Adding Host Entries</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/adding-locations.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/adding-locations.html
new file mode 100644
index 0000000..912d58f
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/adding-locations.html
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.3. Configuring Locations</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.15');
+
+ addID('Fedora.15.books');
+ addID('Fedora.15.FreeIPA_Guide');
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="automount.html" title="Chapter 7. Identity: Using Automount" /><link rel="prev" href="configuring-automount.html" title="7.2. Configuring Automount" /><link rel="next" href="Configuring_Automount-Configuring_Indirect_Maps.html" title="7.4. Configuring Indirect Maps" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="configuring-automount.html"><strong>
Prev</strong></a></li><li class="next"><a accesskey="n" href="Configuring_Automount-Configuring_Indirect_Maps.html"><strong>Next</strong></a></li></ul><div class="section" id="adding-locations"><div class="titlepage"><div><div><h2 class="title" id="adding-locations">7.3. Configuring Locations</h2></div></div></div><div class="para">
+ When a new location is created, two maps are automatically created for it, <code class="filename">auto.master</code> and <code class="filename">auto.direct</code>. <code class="filename">auto.master</code> is the root map for all automount maps for the location. <code class="filename">auto.direct</code> is the default map for direct mounts and is mounted on <code class="filename">/-</code>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="configuring-automount.html"><strong>Prev</strong>7.2. Configuring Automount</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Configuring_Automount-Configuring_Indirect_Maps.html"><strong>Next</strong>7.4. Configuring Indirect Maps</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/adding-users.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/adding-users.html
index 0ac79d5..846f883 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/adding-users.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/adding-users.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2. Adding Users</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.2. Adding Users</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/authz.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/authz.html
index 21b6c21..7412689 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/authz.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/authz.html
@@ -1,16 +1,16 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 11. Policy: Configuring Authorization</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 11. Policy: Configuring Authorization</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="dns-resolve.html" title="10.10. Resolving Hostnames in the FreeIPA Domain" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html" title="11.2. HBAC Service Groups" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accessk
ey="p" href="dns-resolve.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="authz" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 11. Policy: Configuring Authorization</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="authz.html#configuring-host-access">11.1. Configuring Host-Based Access Control</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html">11.2. HBAC Service Groups</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html">11.3. HBAC Services</a></span></dt></dl></div><div class="section" id="configuring-host-access"><div clas
s="titlepage"><div><div><h2 class="title" id="configuring-host-access">11.1. Configuring Host-Based Access Control</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="dns-resolve.html" title="10.11. Resolving Hostnames in the FreeIPA Domain" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html" title="11.2. HBAC Service Groups" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accessk
ey="p" href="dns-resolve.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="authz" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 11. Policy: Configuring Authorization</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="authz.html#configuring-host-access">11.1. Configuring Host-Based Access Control</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html">11.2. HBAC Service Groups</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html">11.3. HBAC Services</a></span></dt></dl></div><div class="section" id="configuring-host-access"><div clas
s="titlepage"><div><div><h2 class="title" id="configuring-host-access">11.1. Configuring Host-Based Access Control</h2></div></div></div><div class="para">
Host-based access control (HBAC) uses <em class="firstterm">rules</em> to determine who can access what services on what hosts and from where. You can use HBAC to control which users or groups on a source host can access a service, or group of services, on a target host. Target hosts and source hosts in HBAC rules must be hosts managed by IPA.
</div><div class="para">
You can also specify a category of users, target hosts, and source hosts. This is currently limited to "all", but might be expanded in the future.
</div><div class="para">
The available services and groups of services are controlled by the <code class="systemitem">hbacsvc</code> and <code class="systemitem">hbacsvcgroup</code> plug-ins, respectively.
- </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="dns-resolve.html"><strong>Prev</strong>10.10. Resolving Hostnames in the FreeIPA Domain</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html"><strong>Next</strong>11.2. HBAC Service Groups</a></li></ul></body></html>
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="dns-resolve.html"><strong>Prev</strong>10.11. Resolving Hostnames in the FreeIPA Domain</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html"><strong>Next</strong>11.2. HBAC Service Groups</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/automount.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/automount.html
index 6966a1c..0a6793a 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/automount.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/automount.html
@@ -1,39 +1,37 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 7. Identity: Using Automount</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 7. Identity: Using Automount</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="General_Troubleshooting_Tips-Kerberos_Errors.html" title="6.6. Kerberos Errors" /><link rel="next" href="configuring-automount.html" title="7.2. Configuring Automount" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="General_Troubleshooting_Tips-Kerberos_Errors.html"><stro
ng>Prev</strong></a></li><li class="next"><a accesskey="n" href="configuring-automount.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="automount" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 7. Identity: Using Automount</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="automount.html#about-automount">7.1. About Automount and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Known_Issues_with_Automount">7.1.1. Known Issues with Automount</a></span></dt><dt><span class="section"><a href="automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Assumptions">7.1.2. Assumptions</a></span></dt></dl></dd><dt><span class="section"><a href="configuring-automount.html">7.2. Configuring Automount</a></span></dt><dd><dl><dt><span class="section"><a href="configuring-automount.html#sect
-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_autofs_on_Linux">7.2.1. Configuring autofs on Linux</a></span></dt><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Solaris_automount">7.2.2. Solaris automount</a></span></dt><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_Indirect_Maps">7.2.3. Configuring Indirect Maps</a></span></dt><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Links">7.2.4. Links</a></span></dt></dl></dd></dl></div><div class="section" id="about-automount"><div class="titlepage"><div><div><h2 class="title" id="about-automount">7.1. About Automount and IPA</h2></div></div></div><div class="para">
- This chapter describes how to configure <code class="command">automount</code> on <code class="systemitem">Linux</code> and <code class="systemitem">Solaris</code> for use with IPA. It details the procedures and configuration changes necessary to set up <code class="command">automount</code>, the <code class="filename">auto.master</code> file and other map files used by <code class="command">autofs</code>.
- </div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Known_Issues_with_Automount"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Known_Issues_with_Automount">7.1.1. Known Issues with Automount</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Known_Issues_with_Automount-Additional_Schema_Required_for_Some_Systems"><h5 class="formalpara">Additional Schema Required for Some Systems</h5>
- If you are supporting <code class="systemitem">Solaris</code> clients, you need to use the 2307bis-style <code class="command">automount</code> schema, although Sun's version is NOT identical to the one at <a href="http://people.redhat.com/nalin/schema/autofs.schema">http://people.redhat.com/nalin/schema/autofs.schema</a>.
- </div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Assumptions"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Assumptions">7.1.2. Assumptions</h3></div></div></div><div class="para">
- In order to illustrate the <code class="command">automount</code> configuration procedures, this chapter assumes that:
- <div class="itemizedlist"><ul><li class="listitem"><div class="para">
- The IPA server is correctly installed and operational.
- </div></li><li class="listitem"><div class="para">
- The domain is <code class="systemitem">example.com</code>.
- </div></li><li class="listitem"><div class="para">
- The NFS server is also configured as an IPA client.
- </div></li><li class="listitem"><div class="para">
- You have root access to the server where you want <code class="command">autofs</code> to work. For the purposes of this exercise, this server is called <code class="systemitem">nfsserver.example.com</code>
- </div></li><li class="listitem"><div class="para">
- The <code class="systemitem">nfsserver.example.com</code> server can communicate with the <code class="systemitem">LDAP</code> server for users and groups.
- </div></li><li class="listitem"><div class="para">
- The <code class="systemitem">NFS</code> service is running on <code class="systemitem">nfsserver.example.com</code>
- </div></li></ul></div>
-
- </div><div class="para">
- This chapter also assumes that the user has at least a basic understanding of <code class="systemitem">NFS</code> and automount.
- </div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Assumptions-NFS_Configuration"><h5 class="formalpara">NFS Configuration</h5>
- Configuring <code class="systemitem">NFS</code> is beyond the scope of this document. Refer to the <a href="http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/96/html/Storage_Administration_Guide/ch-nfs.html">http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/96/html/Storage_Administration_Guide/ch-nfs.html</a> for information on how to configure <code class="systemitem">NFS</code>.
- </div><div class="para">
- The following is an example of a suitable entry in the <code class="filename">/etc/exports</code> file:
- </div><pre class="programlisting">/home 192.168.1.0/16 (rw,fsid=0,insecure,no_subtree_check,sync,anonuid=65534,anongid=65534)
-</pre><div class="para">
- You should test that you can mount the <code class="filename">/home</code> directory from the command line before proceeding with the <code class="command">automount</code> configuration. This makes troubleshooting easier if the configuration does not work.
- </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="General_Troubleshooting_Tips-Kerberos_Errors.html"><strong>Prev</strong>6.6. Kerberos Errors</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="configuring-automount.html"><strong>Next</strong>7.2. Configuring Automount</a></li></ul></body></html>
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="Kerberos_Errors.html" title="6.7. Troubleshooting Kerberos Errors" /><link rel="next" href="configuring-automount.html" title="7.2. Configuring Automount" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Kerberos_Errors.html"><strong>Prev</strong></a></li><li class="next">
<a accesskey="n" href="configuring-automount.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="automount" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 7. Identity: Using Automount</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="automount.html#about-automount">7.1. About Automount and FreeIPA</a></span></dt><dt><span class="section"><a href="configuring-automount.html">7.2. Configuring Automount</a></span></dt><dd><dl><dt><span class="section"><a href="configuring-automount.html#Configuring_Automount-Configuring_autofs_on_Linux">7.2.1. Configuring autofs on Fedora</a></span></dt><dt><span class="section"><a href="configuring-automount.html#Configuring_Automount-Solaris_automount">7.2.2. Configuring Automount on Solaris</a></span></dt></dl></dd><dt><span class="section"><a href="adding-locations.html">7.3. Configuring Locations</a></span></dt><dt><span class="section"><a href="Configuri
ng_Automount-Configuring_Indirect_Maps.html">7.4. Configuring Indirect Maps</a></span></dt><dt><span class="section"><a href="Configuring_Indirect_Maps-Configuring_Direct_Maps.html">7.5. Configuring Direct Maps</a></span></dt></dl></div><div class="para">
+ Automount is a way of making directories on different servers available, automatically, when requested by a user. This works exceptionally well within an FreeIPA domain since it allows directories on clients within the domain to be shared easily. This is especially important with user home directories (<a class="xref" href="users.html#home-directories">Section 4.1, “Setting up User Home Directories”</a>).
+ </div><div class="para">
+ In FreeIPA, automount works with the internal LDAP directory and, if it is configured, DNS services.
+ </div><div class="section" id="about-automount"><div class="titlepage"><div><div><h2 class="title" id="about-automount">7.1. About Automount and FreeIPA</h2></div></div></div><div class="para">
+ Automount is a way to manage, organize, and access directories across multiple systems. Automount automatically mounts a directory whenever that resource is requested. Automount also provides a coherent structure to the way that this directories are organized. Every single directory, or <span class="emphasis"><em>mount point</em></span> is called a <span class="emphasis"><em>key</em></span>. Multiple keys that are grouped together are a <span class="emphasis"><em>map</em></span>, and maps are associated according to their physical or conceptual <span class="emphasis"><em>location</em></span>.
+ </div><div class="para">
+ The base configuration file for autofs is the <code class="filename">auto.master</code> file in the <code class="filename">/etc/</code> directory. There can be multiple <code class="filename">auto.master</code> configuration files in separate server locations, if necessary.
+ </div><div class="para">
+ When <code class="command">autofs</code> is configured on a server and that server is a client in a FreeIPA domain, then all of the configuration information for automount is stored in the FreeIPA directory. Rather than being stored in separate text files, the autofs configuration — maps, locations, and keys — are stored as LDAP entries. For example, the default map file, <code class="filename">auto.master</code>, is stored as:
+ </div><pre class="screen">dn: automountmapname=auto.master,cn=default,cn=automount,dc=example,dc=com
+objectClass: automountMap
+objectClass: top
+automountMapName: auto.master</pre><div class="para">
+ Each new location is added as a container entry under <code class="command">cn=automount,dc=example,dc=com</code>, and each map and each key are stored beneath that location.
+ </div><div class="para">
+ As with other FreeIPA domain services, automount works with FreeIPA natively. The automount configuration can be managed by FreeIPA tools:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Locations</em></span>, using <code class="command">ipa automountlocation*</code> commands
+ </div></li><li class="listitem"><div class="para">
+ Both direct and indirect <span class="emphasis"><em>maps</em></span>, using <code class="command">ipa automountmap*</code> commands
+ </div></li><li class="listitem"><div class="para">
+ <span class="emphasis"><em>Keys</em></span>, using <code class="command">ipa automountkey*</code> commands
+ </div></li></ul></div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+ Solaris uses a different schema for autofs configuration than the schema used by FreeIPA. FreeIPA uses the 2307bis-style automount schema which is defined for 389 Directory Server.
+ </div></div></div><div class="para">
+ For automount to work within the FreeIPA domain, the NFS server must be configured as a FreeIPA client. Configuring NFS itself is covered in the <a href="http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/ch-nfs.html">Red Hat Enterprise Linux Storage Administration Guide</a>.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Kerberos_Errors.html"><strong>Prev</strong>6.7. Troubleshooting Kerberos Errors</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="configuring-automount.html"><strong>Next</strong>7.2. Configuring Automount</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/basic-usage.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/basic-usage.html
index 3c5c4c3..957d49f 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/basic-usage.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/basic-usage.html
@@ -1,14 +1,14 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 3. Basic Usage</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 3. Basic Usage</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="uninstalling-clients.html" title="2.8. Uninstalling a FreeIPA Client" /><link rel="next" href="logging-in.html" title="3.2. Logging into FreeIPA" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="uninstalling-clients.html"><strong>Prev</strong></a></li><li class="next"><a a
ccesskey="n" href="logging-in.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="basic-usage" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 3. Basic Usage</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="basic-usage.html#running-scripts">3.1. Running FreeIPA Tools</a></span></dt><dt><span class="section"><a href="logging-in.html">3.2. Logging into FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="logging-in.html#logging-in-kinit">3.2.1. Logging into FreeIPA</a></span></dt><dt><span class="section"><a href="logging-in.html#switching-users">3.2.2. Logging in When an FreeIPA User Is Different Than the System User</a></span></dt><dt><span class="section"><a href="logging-in.html#checking-current-creds">3.2.3. Checking the Current Logged in User</a></span></dt></dl></dd><dt><span class="section"><a href="opening-the-web-ui.html">3.3. Opening the FreeIPA Web UI</a></span></dt><
dt><span class="section"><a href="config-browser.html">3.4. Configuring the Browser</a></span></dt><dt><span class="section"><a href="Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System.html">3.5. Using a Browser on Another System</a></span></dt><dt><span class="section"><a href="Enabling_UsernamePassword_Authentication_in_Your_Browser.html">3.6. Enabling Username/Password Authentication in Your Browser</a></span></dt><dt><span class="section"><a href="Troubleshooting-UI.html">3.7. Troubleshooting UI Connection Problems</a></span></dt></dl></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="uninstalling-clients.html" title="2.9. Uninstalling a FreeIPA Client" /><link rel="next" href="logging-in.html" title="3.2. Logging into FreeIPA" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="uninstalling-clients.html"><strong>Prev</strong></a></li><li class="next"><a a
ccesskey="n" href="logging-in.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="basic-usage" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 3. Basic Usage</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="basic-usage.html#running-scripts">3.1. Running FreeIPA Tools</a></span></dt><dt><span class="section"><a href="logging-in.html">3.2. Logging into FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="logging-in.html#logging-in-kinit">3.2.1. Logging into FreeIPA</a></span></dt><dt><span class="section"><a href="logging-in.html#switching-users">3.2.2. Logging in When an FreeIPA User Is Different Than the System User</a></span></dt><dt><span class="section"><a href="logging-in.html#checking-current-creds">3.2.3. Checking the Current Logged in User</a></span></dt></dl></dd><dt><span class="section"><a href="opening-the-web-ui.html">3.3. Opening the FreeIPA Web UI</a></span></dt><
dt><span class="section"><a href="config-browser.html">3.4. Configuring the Browser</a></span></dt><dt><span class="section"><a href="Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System.html">3.5. Using a Browser on Another System</a></span></dt><dt><span class="section"><a href="Enabling_UsernamePassword_Authentication_in_Your_Browser.html">3.6. Enabling Username/Password Authentication in Your Browser</a></span></dt><dt><span class="section"><a href="Troubleshooting-UI.html">3.7. Troubleshooting UI Connection Problems</a></span></dt></dl></div><div class="para">
All of the access to FreeIPA, both through the web UI and through the command line, is done by a user authenticating to the FreeIPA domain. This chapter covers the basics of setting up browsers to handle Kerberos authentication, logging into FreeIPA, and troubleshooting some common connection issues.
</div><div class="section" id="running-scripts"><div class="titlepage"><div><div><h2 class="title" id="running-scripts">3.1. Running FreeIPA Tools</h2></div></div></div><div class="para">
The FreeIPA command-line tools are run as any other utilities in a shell. If there are special characters in the command — such as angle brackets (> and <), ampersands (&), asterisks (*), and pipes (|) — the characters must be escaped. Otherwise, the command fails because the shell cannot properly parse the unescaped characters.
- </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="uninstalling-clients.html"><strong>Prev</strong>2.8. Uninstalling a FreeIPA Client</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="logging-in.html"><strong>Next</strong>3.2. Logging into FreeIPA</a></li></ul></body></html>
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="uninstalling-clients.html"><strong>Prev</strong>2.9. Uninstalling a FreeIPA Client</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="logging-in.html"><strong>Next</strong>3.2. Logging into FreeIPA</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/certmonger-tools.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/certmonger-tools.html
index f9059df..425b2ef 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/certmonger-tools.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/certmonger-tools.html
@@ -1,13 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>B.4. Certmonger Scripts</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.5" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
- addID('Fedora');
-
- addID('Fedora.15');
-
- addID('Fedora.15.books');
- addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="tools-reference.html" title="Appendix B. FreeIPA Tools Reference" /><link rel="prev" href="client-tools.html" title="B.3. Client Scripts" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html" title="Appendix C. Services: Working with certmonger" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="client-tools.
html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html"><strong>Next</strong></a></li></ul><div class="section" id="certmonger-tools"><div class="titlepage"><div><div><h2 class="title" id="certmonger-tools">B.4. Certmonger Scripts</h2></div></div></div><div class="para">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>B.4. Certmonger Scripts</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="tools-reference.html" title="Appendix B. FreeIPA Tools Reference" /><link rel="prev" href="client-tools.html" title="B.3. Client Scripts" /><link rel="next" href="Migrating_from_a_Directory_Server_to_IPA.html" title="Appendix C. Migrating from a Directory Server to IPA" /></head><body><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class=
"right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="client-tools.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Migrating_from_a_Directory_Server_to_IPA.html"><strong>Next</strong></a></li></ul><div class="section" id="certmonger-tools"><div class="titlepage"><div><div><h2 class="title" id="certmonger-tools">B.4. Certmonger Scripts</h2></div></div></div><div class="para">
XXXXXXXXXXXXX
</div><div class="section" id="getcert"><div class="titlepage"><div><div><h3 class="title" id="getcert">B.4.1. getcert</h3></div></div></div><div class="para">
Description
@@ -69,4 +62,4 @@
Package
</td><td>
Location
- </td></tr></tbody></table></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="client-tools.html"><strong>Prev</strong>B.3. Client Scripts</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Working_with_certmonger.html"><strong>Next</strong>Appendix C. Services: Working with certmonger</a></li></ul></body></html>
+ </td></tr></tbody></table></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="client-tools.html"><strong>Prev</strong>B.3. Client Scripts</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Migrating_from_a_Directory_Server_to_IPA.html"><strong>Next</strong>Appendix C. Migrating from a Directory Server to ...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/certmongerX.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/certmongerX.html
index 9a7978b..eae8890 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/certmongerX.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/certmongerX.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.6. Working with certmonger</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.6. Working with certmonger</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/changing-forwarder.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/changing-forwarder.html
new file mode 100644
index 0000000..4299a63
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/changing-forwarder.html
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.3. Changing Recursive Queries Against Forwarders</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.15');
+
+ addID('Fedora.15.books');
+ addID('Fedora.15.FreeIPA_Guide');
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Working_with_DNS.html" title="Chapter 10. Identity: Managing DNS" /><link rel="prev" href="enabling-dns.html" title="10.2. Configuring DNS" /><link rel="next" href="finding-dns-zones.html" title="10.4. Finding and Displaying DNS Zones" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="enabling-dns.html"><strong>Prev</strong></a></li><li class="next"><
a accesskey="n" href="finding-dns-zones.html"><strong>Next</strong></a></li></ul><div class="section" id="changing-forwarder"><div class="titlepage"><div><div><h2 class="title" id="changing-forwarder">10.3. Changing Recursive Queries Against Forwarders</h2></div></div></div><div class="para">
+ The <code class="command">ipa-client-install</code> script sets a configuration statement in the <code class="filename">/etc/named.conf</code> file that allows name resolution against hosts that are outside the FreeIPA DNS domain. (This requires that the FreeIPA server be set up with DNS configured and with forwarders configured.) What this means is that any host is permitted to issue recursive queries against configured forwarders.
+ </div><div class="para">
+ This behavior can be changed by changed the <code class="command">allow-recursion</code> statement.
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Open the <code class="filename">/etc/named.conf</code> file.
+ </div></li><li class="listitem"><div class="para">
+ Reset the <code class="command">allow-recursion</code> statement. This is set to <code class="command">any</code> by default, which allows all hosts to resolve names against all forwarders.
+ </div><pre class="screen"> forward first;
+ forwarders { 10.16.36.29; };
+ <strong class="userinput"><code>allow-recursion { any; };</code></strong></pre></li><li class="listitem"><div class="para">
+ Restart the <code class="command">named</code> service.
+ </div><pre class="screen">service named restart</pre></li></ol></div><div class="para">
+ The name server documentation has more details on editing configuration statements.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="enabling-dns.html"><strong>Prev</strong>10.2. Configuring DNS</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="finding-dns-zones.html"><strong>Next</strong>10.4. Finding and Displaying DNS Zones</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html
index ee601dd..a9d572a 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html
@@ -1,48 +1,48 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Appendix A. Frequently Asked Questions</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Appendix A. Frequently Asked Questions</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="certmongerX.html" title="14.6. Working with certmonger" /><link rel="next" href="Migrating_from_a_Directory_Server_to_IPA.html" title="Appendix B. Migrating from a Directory Server to IPA" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="certmongerX.html"><strong>Prev</st
rong></a></li><li class="next"><a accesskey="n" href="Migrating_from_a_Directory_Server_to_IPA.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="appendix" id="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Frequently Asked Questions</h1></div></div></div><div class="qandaset"><dl><dt>Q: <a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html#id3275963">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="certmongerX.html" title="14.6. Working with certmonger" /><link rel="next" href="tools-reference.html" title="Appendix B. FreeIPA Tools Reference" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="certmongerX.html"><strong>Prev</strong></a></li><li class="next"><a accesske
y="n" href="tools-reference.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="appendix" id="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions" lang="en-US"><div class="titlepage"><div><div><h1 class="title">Frequently Asked Questions</h1></div></div></div><div class="qandaset"><dl><dt>Q: <a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html#id2994392">
Is it possible to change the IP address of the master server?
- </a></dt><dt>Q: <a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html#id3171400">
+ </a></dt><dt>Q: <a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html#id3161201">
Why are there restrictions on the length of user and group names? How can I change this?
- </a></dt><dt>Q: <a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html#id3074373">
+ </a></dt><dt>Q: <a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html#id3181749">
What is the difference between a replica and a master server?
- </a></dt><dt>Q: <a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html#id3096028">
+ </a></dt><dt>Q: <a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html#id3379006">
Can I promote a replica to function as the master? How?
- </a></dt><dt>Q: <a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html#id2984105">
+ </a></dt><dt>Q: <a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html#id3138250">
Why does the ipa-client-install script fail to find the IPA server on a network that uses Active Directory DNS?
- </a></dt><dt>Q: <a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html#id3020189">
+ </a></dt><dt>Q: <a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html#id3056068">
Can an administrator who is connected to "Server B" revoke a certificate issued by "Server A"?
- </a></dt></dl><div class="qandaset"><div id="id3275963" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+ </a></dt></dl><div class="qandaset"><div id="id2994392" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
Is it possible to change the IP address of the master server?
</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
Yes. If you are only changing the IP address then it is sufficient to update the <code class="filename">/etc/hosts</code> file, the system configuration and the DNS entry.
- </div></div></div></div><div id="id3171400" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+ </div></div></div></div><div id="id3161201" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
Why are there restrictions on the length of user and group names? How can I change this?
</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
User and group name lengths are specified in the policy. The default maximum username length is 32 characters. The maximum configurable length for user or group names is 255 characters. This restriction was introduced because some non-Linux operating systems have limitations on the length of username that they can support.
</div><div class="para">
You can modify these settings either in the user interface or on the command line. For example, to specify the maximum username length, run the following command: <code class="command">ipa config-mod --maxusername=INT</code>
- </div></div></div></div><div id="id3074373" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+ </div></div></div></div><div id="id3181749" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
What is the difference between a replica and a master server?
</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
The only difference between a replica and the initial IPA install (the "master") is that the first server owns the self-signed CA.
- </div></div></div></div><div id="id3096028" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+ </div></div></div></div><div id="id3379006" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
Can I promote a replica to function as the master? How?
</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
- Yes. Refer to <a class="xref" href="promoting-replica.html">Section 13.8, “Promoting a Read-Only Replica to a FreeIPA Server”</a>.
- </div></div></div></div><div id="id2984105" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+ Yes. Refer to <a class="xref" href="promoting-replica.html">Section 13.9, “Promoting a Read-Only Replica to a FreeIPA Server”</a>.
+ </div></div></div></div><div id="id3138250" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
Why does the <code class="command">ipa-client-install</code> script fail to find the IPA server on a network that uses Active Directory DNS?
</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
This is probably due to the fact that Active Directory has its own SRV records for Kerberos and LDAP, and so the <code class="command">ipa-client-install</code> script retrieves those records instead of any that you may have added for IPA.
- </div></div></div></div><div id="id3020189" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
+ </div></div></div></div><div id="id3056068" class="qandaentry"><div class="question"><label>Q:</label><div class="data"><div class="para">
Can an administrator who is connected to "Server B" revoke a certificate issued by "Server A"?
</div></div></div><div class="answer"><label>A:</label><div class="data"><div class="para">
Yes, assuming that Servers A and B contain non-cloned CAs whose portion of internal storage has been replicated to share revocation information only.
- </div></div></div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="certmongerX.html"><strong>Prev</strong>14.6. Working with certmonger</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Migrating_from_a_Directory_Server_to_IPA.html"><strong>Next</strong>Appendix B. Migrating from a Directory Server to ...</a></li></ul></body></html>
+ </div></div></div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="certmongerX.html"><strong>Prev</strong>14.6. Working with certmonger</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="tools-reference.html"><strong>Next</strong>Appendix B. FreeIPA Tools Reference</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/client-tools.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/client-tools.html
index 8cf24c3..2c189bd 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/client-tools.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/client-tools.html
@@ -1,16 +1,20 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>B.3. Client Scripts</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.5" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>B.3. Client Scripts</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="tools-reference.html" title="Appendix B. FreeIPA Tools Reference" /><link rel="prev" href="server-tools.html" title="B.2. Server Scripts" /><link rel="next" href="certmonger-tools.html" title="B.4. Certmonger Scripts" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="server-tools.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" hr
ef="certmonger-tools.html"><strong>Next</strong></a></li></ul><div class="section" id="client-tools"><div class="titlepage"><div><div><h2 class="title" id="client-tools">B.3. Client Scripts</h2></div></div></div><div class="para">
- XXXXXXXXXXXXX
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="tools-reference.html" title="Appendix B. FreeIPA Tools Reference" /><link rel="prev" href="server-tools.html" title="B.2. Server Scripts" /><link rel="next" href="Migrating_from_a_Directory_Server_to_IPA.html" title="Appendix C. Migrating from a Directory Server to IPA" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="server-tools.html"><strong>Prev
</strong></a></li><li class="next"><a accesskey="n" href="Migrating_from_a_Directory_Server_to_IPA.html"><strong>Next</strong></a></li></ul><div class="section" id="client-tools"><div class="titlepage"><div><div><h2 class="title" id="client-tools">B.3. Client Scripts</h2></div></div></div><div class="para">
+ These tools are used to manage client machines.
</div><div class="section" id="ipa-client-install"><div class="titlepage"><div><div><h3 class="title" id="ipa-client-install">B.3.1. ipa-client-install</h3></div></div></div><div class="para">
- Description
+ Configures a client machine. This script uses the local SSSD service to connect to the FreeIPA server during the setup process. It is also possible to connect to the server through PAM/NSS using LDAP.
+ </div><div class="para">
+ This script is also used to uninstall clients, which removes them from the FreeIPA domain and removes all FreeIPA-related configuration.
+ </div><div class="para">
+ This script is only available for Fedora platforms.
</div><div class="section" id="ipa-client-install-location"><div class="titlepage"><div><div><h4 class="title" id="ipa-client-install-location">B.3.1.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
Description
</th><th>
@@ -18,115 +22,159 @@
</th></tr></thead><tbody><tr><td>
Tool directory
</td><td>
- Location
+ /usr/sbin/
</td></tr><tr><td>
Package
</td><td>
- Location
- </td></tr></tbody></table></div></div><div class="section" id="ipa-client-install-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-client-install-syntax">B.3.1.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">PKCS12Export</code>
- -d <em class="replaceable"><code>/path/to/cert-directory</code></em>
- [
- -debug
- ]</p></div></div><div class="section" id="ipa-client-install-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-client-install-options">B.3.1.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
+ ipa-client
+ </td></tr></tbody></table></div></div><div class="section" id="ipa-client-install-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-client-install-syntax">B.3.1.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">ipa-client-install</code> [
+ -d | --debug
+ ] [
+ --domain=<em class="replaceable"><code>domainName</code></em>
+ ] [
+ --enable-dns-updates
+ ] [
+ -f, --force
+ ] [
+ --hostname=<em class="replaceable"><code>clientHostname</code></em>
+ ] [
+ --mkhomedir
+ ] [
+ -N, --no-ntp
+ ] [
+ --no-krb5-offline-passwords
+ ] [
+ -ntp-server=<em class="replaceable"><code>NTP_server</code></em>
+ ] [
+ --on-master
+ ] [
+ -p | --principal
+ ] [
+ --permit
+ ] [
+ --realm=<em class="replaceable"><code>realmName</code></em>
+ ] [
+ -S | --no-sssd
+ ] [
+ --server=<em class="replaceable"><code>IPA_server</code></em>
+ ] [
+ -U | --unattended
+ ] [
+ --uninstall
+ ] [
+ -w <em class="replaceable"><code>password</code></em> | --password=<em class="replaceable"><code>password</code></em> | -W
+ ]</p></div></div><div class="section" id="ipa-client-install-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-client-install-options">B.3.1.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="33%" /><col width="33%" /><col width="33%" /></colgroup><thead><tr><th>
Parameter
</th><th>
+ Alternate Parameter
+ </th><th>
Description
</th></tr></thead><tbody><tr><td>
- Tool directory
+ --domain=<em class="replaceable"><code>domainName</code></em>
</td><td>
- Location
+
+ </td><td>
+ Gives the domain name for the FreeIPA domain.
</td></tr><tr><td>
- Package
+ --enable-dns-updates
</td><td>
- Location
- </td></tr></tbody></table></div></div></div><div class="section" id="ipa-getkeytab"><div class="titlepage"><div><div><h3 class="title" id="ipa-getkeytab">B.3.2. ipa-getkeytab</h3></div></div></div><div class="para">
- Description
- </div><div class="section" id="ipa-getkeytab-location"><div class="titlepage"><div><div><h4 class="title" id="ipa-getkeytab-location">B.3.2.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Description
- </th><th>
- Location
- </th></tr></thead><tbody><tr><td>
- Tool directory
+
</td><td>
- Location
+ Tells SSSD to update DNS with the IP address of this client.
</td></tr><tr><td>
- Package
+ -f
</td><td>
- ipa-server
- </td></tr></tbody></table></div></div><div class="section" id="ipa-getkeytab-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-getkeytab-syntax">B.3.2.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">PKCS12Export</code>
- -d <em class="replaceable"><code>/path/to/cert-directory</code></em>
- [
- -debug
- ]</p></div></div><div class="section" id="ipa-getkeytab-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-getkeytab-options">B.3.2.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Parameter
- </th><th>
- Description
- </th></tr></thead><tbody><tr><td>
- Tool directory
+ --force
</td><td>
- Location
+ Forces the script to apply the settings even if errors occur.
</td></tr><tr><td>
- Package
+ --hostname=<em class="replaceable"><code>clientHostname</code></em>
</td><td>
- Location
- </td></tr></tbody></table></div></div></div><div class="section" id="ipa-join"><div class="titlepage"><div><div><h3 class="title" id="ipa-join">B.3.3. ipa-join</h3></div></div></div><div class="para">
- Description
- </div><div class="section" id="ipa-join-location"><div class="titlepage"><div><div><h4 class="title" id="ipa-join-location">B.3.3.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Description
- </th><th>
- Location
- </th></tr></thead><tbody><tr><td>
- Tool directory
+
</td><td>
- Location
+ Sets the fully-qualified domain name of the client server. If this is not given, the script uses the nodename given in uname.
</td></tr><tr><td>
- Package
+ --mkhomedir
</td><td>
- ipa-server
- </td></tr></tbody></table></div></div><div class="section" id="ipa-join-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-join-syntax">B.3.3.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">PKCS12Export</code>
- -d <em class="replaceable"><code>/path/to/cert-directory</code></em>
- [
- -debug
- ]</p></div></div><div class="section" id="ipa-join-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-join-options">B.3.3.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Parameter
- </th><th>
- Description
- </th></tr></thead><tbody><tr><td>
- Tool directory
+
</td><td>
- Location
+ Configures PAM to create a user's home directory if it does not exist.
</td></tr><tr><td>
- Package
+ -N
</td><td>
- Location
- </td></tr></tbody></table></div></div></div><div class="section" id="ipa-rmkeytab"><div class="titlepage"><div><div><h3 class="title" id="ipa-rmkeytab">B.3.4. ipa-rmkeytab</h3></div></div></div><div class="para">
- Description
- </div><div class="section" id="ipa-rmkeytab-location"><div class="titlepage"><div><div><h4 class="title" id="ipa-rmkeytab-location">B.3.4.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Description
- </th><th>
- Location
- </th></tr></thead><tbody><tr><td>
- Tool directory
+ --no-ntp
</td><td>
- Location
+ Does not configure or enable NTP.
</td></tr><tr><td>
- Package
+
</td><td>
- ipa-server
- </td></tr></tbody></table></div></div><div class="section" id="ipa-rmkeytab-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-rmkeytab-syntax">B.3.4.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">PKCS12Export</code>
- -d <em class="replaceable"><code>/path/to/cert-directory</code></em>
- [
- -debug
- ]</p></div></div><div class="section" id="ipa-rmkeytab-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-rmkeytab-options">B.3.4.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Parameter
- </th><th>
- Description
- </th></tr></thead><tbody><tr><td>
- Tool directory
+ --no-krb5-offline-passwords
</td><td>
- Location
+ Prevents the SSSD services from storing Kerberos passwords in the SSSD cache. The cache is useful because a user may log into a system when a machine is offline and then attempt to access domain services after the machine is brought online. Using the cache stores the password, which can be referenced when the domain is accessed.
</td></tr><tr><td>
- Package
+ --ntp-server=<em class="replaceable"><code>NTP_server</code></em>
</td><td>
- Location
- </td></tr></tbody></table></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="server-tools.html"><strong>Prev</strong>B.2. Server Scripts</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="certmonger-tools.html"><strong>Next</strong>B.4. Certmonger Scripts</a></li></ul></body></html>
+
+ </td><td>
+ Configures the local <code class="systemitem">ntpd</code> service to use the FreeIPA NTP server.
+ </td></tr><tr><td>
+ --on-master
+ </td><td>
+
+ </td><td>
+ Indicates the client is being configured on a FreeIPA server. This is not for a normal invocation of the setup script; this option is used by <code class="command">ipa-server-install</code> when a server is configured.
+ </td></tr><tr><td>
+ -p
+ </td><td>
+ --principal
+ </td><td>
+ Passes an authorized Kerberos principal to use to join the FreeIPA realm. This is used during an automated deployment, such as a kickstart process.
+ </td></tr><tr><td>
+ --permit
+ </td><td>
+
+ </td><td>
+ Configures SSSD to permit all access. If this is not set, then access to the client is controlled by the host-based access controls on the FreeIPA server.
+ </td></tr><tr><td>
+ --realm=<em class="replaceable"><code>realmName</code></em>
+ </td><td>
+
+ </td><td>
+ Gives the FreeIPA realm name.
+ </td></tr><tr><td>
+ -S
+ </td><td>
+ --no-sssd
+ </td><td>
+ Tells the client to use <code class="systemitem">nss_ldap</code> for authentication instead of SSSD.
+ </td></tr><tr><td>
+ --server=<em class="replaceable"><code>IPA_server</code></em>
+ </td><td>
+
+ </td><td>
+ Gives the name of the FreeIPA server to connect to.
+ </td></tr><tr><td>
+ -U
+ </td><td>
+ --unattended
+ </td><td>
+ Performs an unattended installation, with no user prompts.
+ </td></tr><tr><td>
+ --uninstall
+ </td><td>
+
+ </td><td>
+ Removes the FreeIPA client software and configuration to restore the machine to a pre-FreeIPA state.
+ </td></tr><tr><td>
+ -w <span class="emphasis"><em>password</em></span>
+ </td><td>
+ --password=<span class="emphasis"><em>password</em></span>
+ </td><td>
+ Gives the Kerberos password to use to access the FreeIPA realm and join the machine. If only the password parameter is used, the script assumes this is a bulk enrollment and uses the machine name as the Kerberos principal. If the principal is given, the script binds as an FreeIPA user.
+ </td></tr><tr><td>
+ -W
+ </td><td>
+
+ </td><td>
+ Prompts for the password.
+ </td></tr></tbody></table></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="server-tools.html"><strong>Prev</strong>B.2. Server Scripts</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Migrating_from_a_Directory_Server_to_IPA.html"><strong>Next</strong>Appendix C. Migrating from a Directory Server to ...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/config-browser.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/config-browser.html
index 7e92500..08364f0 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/config-browser.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/config-browser.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.4. Configuring the Browser</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.4. Configuring the Browser</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/configuring-active-directory.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/configuring-active-directory.html
index a15c54b..c1bd2b0 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/configuring-active-directory.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/configuring-active-directory.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.3. Configuring Active Directory Synchronization</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.3. Configuring Active Directory Synchronization</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/configuring-automount.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/configuring-automount.html
index d6c6a72..fa62ec0 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/configuring-automount.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/configuring-automount.html
@@ -1,20 +1,16 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.2. Configuring Automount</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>7.2. Configuring Automount</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="automount.html" title="Chapter 7. Identity: Using Automount" /><link rel="prev" href="automount.html" title="Chapter 7. Identity: Using Automount" /><link rel="next" href="active-directory.html" title="Chapter 8. Identity: Integrating with Microsoft Active Directory" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="automount.html"><strong>Prev</str
ong></a></li><li class="next"><a accesskey="n" href="active-directory.html"><strong>Next</strong></a></li></ul><div class="section" id="configuring-automount"><div class="titlepage"><div><div><h2 class="title" id="configuring-automount">7.2. Configuring Automount</h2></div></div></div><div class="para">
- IPA natively supports automount and so only minimal configuration is required. IPA 2.0 also introduces the concept of a <em class="firstterm">location</em>, which allows for different sets of maps for different purposes, or locations.
- <div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
- You can direct different clients to use different map sets. These map sets use a tree structure, which means that you cannot share maps between locations.
- </div></div></div>
- Any extra steps required for configuring automount on Linux or Solaris are described below. Refer to the <code class="command">ipa help automount</code> help page for more information and a list of available commands.
- </div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_autofs_on_Linux"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_autofs_on_Linux">7.2.1. Configuring autofs on Linux</h3></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_autofs_on_Linux-To_configure_autofs_on_Linux"><h6>Procedure 7.1. To configure autofs on Linux:</h6><ol class="1"><li class="step"><div class="para">
- Edit the <code class="filename">/etc/sysconfig/autofs</code> file as follows. This specifies the attributes that <code class="command">autofs</code> searches for:
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="automount.html" title="Chapter 7. Identity: Using Automount" /><link rel="prev" href="automount.html" title="Chapter 7. Identity: Using Automount" /><link rel="next" href="adding-locations.html" title="7.3. Configuring Locations" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="automount.html"><strong>Prev</strong></a></li><li class="next"><a access
key="n" href="adding-locations.html"><strong>Next</strong></a></li></ul><div class="section" id="configuring-automount"><div class="titlepage"><div><div><h2 class="title" id="configuring-automount">7.2. Configuring Automount</h2></div></div></div><div class="note"><div class="admonition_header"><h2>TIP</h2></div><div class="admonition"><div class="para">
+ Test that the <code class="filename">/home</code> directory can be mounted from the command line successfully before changing the automount configuration. Making sure that NFS is already working properly makes it easier to troubleshoot any potential FreeIPA automount configuration errors later.
+ </div></div></div><div class="section" id="Configuring_Automount-Configuring_autofs_on_Linux"><div class="titlepage"><div><div><h3 class="title" id="Configuring_Automount-Configuring_autofs_on_Linux">7.2.1. Configuring autofs on Fedora</h3></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Edit the <code class="filename">/etc/sysconfig/autofs</code> file to specify the schema attributes that autofs searches for:
</div><pre class="programlisting">#
# Other common LDAP naming
#
@@ -23,135 +19,73 @@ ENTRY_OBJECT_CLASS="automount"
MAP_ATTRIBUTE="automountMapName"
ENTRY_ATTRIBUTE="automountKey"
VALUE_ATTRIBUTE="automountInformation"
-</pre></li><li class="step"><div class="para">
- You also need to specify which <code class="systemitem">LDAP</code> server to use, and the <em class="parameter"><code>basedn</code></em> for <code class="systemitem">LDAP</code> searches:
+</pre></li><li class="listitem"><div class="para">
+ Specify the LDAP configuration. There are two ways to do this. The simplest is to let the automount service discover the LDAP server and locations on its own:
+ </div><pre class="programlisting">LDAP_URI="ldap:///dc=example,dc=com"
+</pre><div class="para">
+ Alternatively, explicitly set which LDAP server to use and the base DN for LDAP searches:
</div><pre class="programlisting">LDAP_URI="ldap://ipa.example.com"
-SEARCH_BASE="cn=<location>,cn=automount,dc=example,dc=com"
+SEARCH_BASE="cn=<em class="replaceable"><code>location</code></em>,cn=automount,dc=example,dc=com"
</pre><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
- The default value for <em class="parameter"><code>location</code></em> is <code class="literal">default</code>.
- </div></div></div></li><li class="step"><div class="para">
- Save the file and restart <code class="systemitem">autofs</code>:
- </div><div class="para">
-
-<pre class="screen"><code class="command"># service autofs restart</code></pre>
-
- </div></li></ol></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_autofs_on_Linux-Testing_the_Configuration"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_autofs_on_Linux-Testing_the_Configuration">7.2.1.1. Testing the Configuration</h4></div></div></div><div class="para">
- Test the configuration by attempting to list a user's <code class="filename">/home</code> directory:
- </div><div class="para">
-
-<pre class="screen"><code class="command"># ls /home/<username></code></pre>
-
+ The default value for <span class="emphasis"><em>location</em></span> is <code class="literal">default</code>. If additional locations are added (<a class="xref" href="adding-locations.html">Section 7.3, “Configuring Locations”</a>), then the client can be pointed to use those locations, instead.
+ </div></div></div></li><li class="listitem"><div class="para">
+ Edit the <code class="filename">/etc/autofs_ldap_auth.conf</code> file so that autofs allows client authentication with the FreeIPA LDAP server. Change <em class="parameter"><code>authrequired</code></em> to yes and set the principal to the Kerberos host principal:
+ </div><pre class="programlisting"><span class="perl_Keyword"><autofs_ldap_sasl_conf</span>
+<span class="perl_Others"> usetls=</span><span class="perl_String">"no"</span>
+<span class="perl_Others"> tlsrequired=</span><span class="perl_String">"no"</span>
+<span class="perl_Others"> authrequired=</span><span class="perl_String">"yes"</span>
+<span class="perl_Others"> authtype=</span><span class="perl_String">"GSSAPI"</span>
+<span class="perl_Others"> clientprinc=</span><span class="perl_String">"host/server.example.com at EXAMPLE COM"</span>
+ <span class="perl_Keyword">/></span></pre><div class="para">
+ If necessary, run <code class="command">klist -k</code> to get the exact host principal information.
+ </div></li><li class="listitem"><div class="para">
+ Check the <code class="filename">/etc/nssswitch.conf</code> file, so that LDAP is listed as a source for automount configuration:
+ </div><pre class="screen">automount: files <strong class="userinput"><code>ldap</code></strong></pre></li><li class="listitem"><div class="para">
+ Restart autofs:
+ </div><pre class="screen"># service autofs restart</pre></li><li class="listitem"><div class="para">
+ Test the configuration by listing a user's <code class="filename">/home</code> directory:
+ </div><pre class="screen"># ls /home/<em class="replaceable"><code>userName</code></em></pre><div class="para">
+ If this does not mount the remote file system, check the <code class="filename">/var/log/messages</code> file for errors. If necessary, increase the debug level in the <code class="filename">/etc/sysconfig/autofs</code> file by setting the <em class="parameter"><code>LOGGING</code></em> parameter to <code class="literal">debug</code>.
+ </div></li></ol></div><div class="note"><div class="admonition_header"><h2>TIP</h2></div><div class="admonition"><div class="para">
+ If there are problems with automount, then cross-reference the automount attempts with the 389 Directory Server access logs, which will show the attempted access, user, and search base.
</div><div class="para">
- If this does not mount the remote file system, check the <code class="filename">/var/log/messages</code> file for errors or other indications of what the problem might be. You can also increase the debug level in the <code class="filename">/etc/sysconfig/autofs</code> file by setting the <em class="parameter"><code>LOGGING</code></em> parameter to <code class="literal">debug</code>.
- </div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Solaris_automount"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Solaris_automount">7.2.2. Solaris automount</h3></div></div></div><div class="para">
- The following procedure describes the steps required to configure <code class="command">automount</code> for <code class="systemitem">Solaris</code>.
- </div><div class="procedure"><ol class="1"><li class="step"><div class="para">
- If the <code class="systemitem">NFS</code> server is running on <code class="systemitem">Linux</code>, you need to specify on the <code class="systemitem">Solaris</code> machine that NFSv3 is the maximum supported version. Edit the <code class="filename">/etc/default/nfs</code> file and set the following parameter:
+ It is also simple to run automount in the foreground with debug logging on.
+<pre class="screen">automount -f -d</pre>
+ This prints the debug log information directly, without having to cross-check the LDAP access log with automount's log.
+ </div></div></div></div><div class="section" id="Configuring_Automount-Solaris_automount"><div class="titlepage"><div><div><h3 class="title" id="Configuring_Automount-Solaris_automount">7.2.2. Configuring Automount on Solaris</h3></div></div></div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ If the NFS server is running on Fedora, specify on the Solaris machine that NFSv3 is the maximum supported version. Edit the <code class="filename">/etc/default/nfs</code> file and set the following parameter:
</div><pre class="programlisting">NFS_CLIENT_VERSMAX=3
-</pre></li><li class="step"><div class="para">
- IPA does not configure automount by default, so you need to use the <code class="command">ldapclient</code> command to manually configure your host to use LDAP:
- </div><pre class="programlisting">ldapclient -v manual -a authenticationMethod=none \
--a defaultSearchBase=dc=example,dc=com \
--a defaultServerList=ipa.example.com \
--a serviceSearchDescriptor=passwd:cn=users,cn=accounts,dc=example,dc=com \
--a serviceSearchDescriptor=group:cn=groups,cn=compat,dc=example,dc=com \
--a serviceSearchDescriptor=auto_master:automountMapName=auto.master, \
- cn=<location>,cn=automount,dc=example,dc=com?one \
--a serviceSearchDescriptor=auto_home:automountMapName=auto_home, \
- cn=<location>,cn=automount,dc=example,dc=com?one \
--a objectClassMap=shadow:shadowAccount=posixAccount \
--a searchTimelimit=15 \
--a bindTimeLimit=5
-</pre></li><li class="step"><div class="para">
- Enable <code class="command">automount</code> as follows:
- </div><div class="para">
-
-<pre class="screen"><code class="command"># svcadm enable svc:/system/filesystem/autofs</code></pre>
+</pre></li><li class="listitem"><div class="para">
+ Use the <code class="command">ldapclient</code> command to configure the host to use LDAP:
+ </div><pre class="programlisting">ldapclient -v manual -a authenticationMethod=none
+ -a defaultSearchBase=dc=example,dc=com
+ -a defaultServerList=ipa.example.com
+ -a serviceSearchDescriptor=passwd:cn=users,cn=accounts,dc=example,dc=com
+ -a serviceSearchDescriptor=group:cn=groups,cn=compat,dc=example,dc=com
+ -a serviceSearchDescriptor=auto_master:automountMapName=auto.master,cn=<em class="replaceable"><code>location</code></em>,cn=automount,dc=example,dc=com?one
+ -a serviceSearchDescriptor=auto_home:automountMapName=auto_home,cn=<em class="replaceable"><code>location</code></em>,cn=automount,dc=example,dc=com?one
+ -a objectClassMap=shadow:shadowAccount=posixAccount
+ -a searchTimelimit=15
+ -a bindTimeLimit=5
+</pre></li><li class="listitem"><div class="para">
+ Enable <code class="command">automount</code>:
+ </div><pre class="screen"># svcadm enable svc:/system/filesystem/autofs</pre></li><li class="listitem"><div class="para">
+ Test the configuration.
+ </div><div class="orderedlist"><ol><li class="listitem"><div class="para">
+ Check the LDAP configuration:
+<pre class="screen"># ldapclient -l auto_master
- </div></li></ol></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Solaris_automount-Testing_the_Configuration"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Solaris_automount-Testing_the_Configuration">7.2.2.1. Testing the Configuration</h4></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Testing_the_Configuration-_To_test_the_automount_configuration_run_the_following_commands_"><h6>Procedure 7.2. To test the <code class="command">automount</code> configuration, run the following commands: </h6><ol class="1"><li class="step"><div class="para">
-
-<pre class="screen"><code class="command"># ldapclient -l auto_master</code>
-dn: automountkey=/home,automountmapname=auto.master,cn=<location>,cn=automount,dc=example,dc=com
+dn: automountkey=/home,automountmapname=auto.master,cn=<em class="replaceable"><code>location</code></em>,cn=automount,dc=example,dc=com
objectClass: automount
objectClass: top
automountKey: /home
automountInformation: auto.home
</pre>
- </div></li><li class="step"><div class="para">
- Attempt to list a user's <code class="filename">/home</code> directory:
- </div><div class="para">
-
-<pre class="screen"><code class="command"># ls /home/<username></code></pre>
+ </div></li><li class="listitem"><div class="para">
+ List a user's <code class="filename">/home</code> directory:
+ </div><div class="para">
+
+<pre class="screen"># ls /home/<em class="replaceable"><code>userName</code></em></pre>
- </div></li></ol></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_Indirect_Maps"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_Indirect_Maps">7.2.3. Configuring Indirect Maps</h3></div></div></div><div class="para">
- An indirect map defines a container for mount points. For example, if you create an indirect map <code class="filename">/share</code>, then all automount keys are relative to that map. If you define an automount key <code class="systemitem">ipauser</code>, the map would appear as <code class="filename">/share/ipauser</code>. In other words, indirect maps specify relative paths. Compare this to the absolute paths specified by direct maps.
- </div><div class="para">
- The following example creates an indirect map for <code class="filename">/usr/man</code> using the built-in IPA commands. This creates a single indirect map, <code class="filename">/usr/man/man1</code>, which:
- </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- Creates a new <code class="command">automount</code> map called <code class="filename">auto.man</code>
- </div></li><li class="listitem"><div class="para">
- Adds <code class="filename">auto.man</code> to <code class="filename">auto.master</code> on the mount point <code class="filename">/usr/man</code>
- </div></li><li class="listitem"><div class="para">
- Adds an indirect mount of <code class="filename">man1</code> to <code class="filename">auto.man</code>
- </div></li></ul></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-How_to_create_an_indirect_map"><h6>Procedure 7.3. How to create an indirect map:</h6><ol class="1"><li class="step"><div class="para">
- Create a new location:
- </div><pre class="screen"><code class="command">$ ipa automountlocation-add baltimore</code>
- Location: baltimore</pre></li><li class="step"><div class="para">
- Create a map for man pages:
- </div><pre class="screen"><code class="command">$ ipa automountmap-add baltimore auto.man</code>
- Map: auto.man</pre></li><li class="step"><div class="para">
- Add this map to the location's auto.master on the mount point /usr/man:
- </div><pre class="screen"><code class="command">$ ipa automountkey-add baltimore auto.master --key=/usr/man --info=auto.man</code>
- Key: /usr/man
- Mount information: auto.man</pre></li></ol></div><div class="para">
- Use the following command to export information on the automount configuration for a specific location. This is useful if you perform file-based automount. For example:
- </div><pre class="screen"><code class="command">$ ipa automountlocation-tofiles baltimore</code>
-/etc/auto.master:
-/- /etc/auto.direct
-/usr/man /etc/auto.man
----------------------------
-/etc/auto.direct:
----------------------------
-/etc/auto.man:</pre><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-Configuring_an_Indirect_Map_on_Solaris"><h5 class="formalpara">Configuring an Indirect Map on Solaris</h5>
- On <code class="systemitem">Solaris</code>, use the following arguments with the <code class="command">ldapclient</code> command:
- </div><pre class="programlisting">-a serviceSearchDescriptor=auto_man:automountMapName=auto.man, \
- cn=<location>,cn=automount,dc=example,dc=com?one \
-</pre><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-Configuring_Direct_Maps"><div class="titlepage"><div><div><h4 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Indirect_Maps-Configuring_Direct_Maps">7.2.3.1. Configuring Direct Maps</h4></div></div></div><div class="para">
- Direct maps list exact locations to mount specified maps, for example <code class="filename">/usr/local/bin</code> or <code class="filename">/mnt</code>. That is, they specify absolute paths as mount points. Compare this to the relative paths specified by indirect maps.
- </div><div class="para">
- To add a direct map configuration, IPA requires a number of modifications to the <code class="filename">auto.direct</code> file. The following two entries are created during the installation process:
- </div><pre class="programlisting">dn: automountkey=/-,automountmapname=auto.master,cn=default,cn=automount,dc=example,dc=com
- objectClass: automount
- automountKey: '/-'
- automountInformation: auto.direct
-</pre><pre class="programlisting">automountmapname=auto.direct,cn=default,cn=automount,dc=example,dc=com
- objectClass: automountMap
- automountMapName: auto.direct
-</pre><div class="para">
- Use the following procedure to add a mount to this direct map for the <code class="filename">/share</code> directory:
- </div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Configuring_Direct_Maps-How_to_create_a_direct_map"><h6>Procedure 7.4. How to create a direct map:</h6><ol class="1"><li class="step"><div class="para">
- Create a new location:
- </div><pre class="screen"><code class="command">$ ipa automountlocation-add brisbane</code>
- Location: brisbane</pre></li><li class="step"><div class="para">
- Add the map to the location's <code class="filename">auto.direct</code> file on the mount point <code class="filename">/share</code>:
- </div><pre class="screen"><code class="command">$ ipa automountkey-add brisbane auto.direct --key=/share \</code>
- <code class="command">--info="-ro,soft, ipaserver.ipadocs.org:/home/share"</code>
- Key: /share
- Mount information: -ro,soft, ipaserver.ipadocs.org:/home/share</pre></li></ol></div><div class="para">
- On <code class="systemitem">Solaris</code>, use the following arguments with the <code class="command">ldapclient</code> command:
- </div><pre class="programlisting">-a serviceSearchDescriptor=auto_direct:automountMapName=auto.direct, \
- cn=<location>,cn=automount,dc=example,dc=com?one \
-</pre></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Links"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Links">7.2.4. Links</h3></div></div></div><div class="para">
- The following pages were used as references for this work:
- </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
- <a href="http://efod.se/blog/archive/2006/06/27/autofs-and-ldap">http://efod.se/blog/archive/2006/06/27/autofs-and-ldap</a>
- </div></li><li class="listitem"><div class="para">
- <a href="http://www.linuxjournal.com/article/6266">http://www.linuxjournal.com/article/6266</a>
- </div></li><li class="listitem"><div class="para">
- <a href="http://forums.fedoraforum.org/showthread.php?t=138992">http://forums.fedoraforum.org/showthread.php?t=138992</a>
- </div></li><li class="listitem"><div class="para">
- <a href="http://forums.fedoraforum.org/forum/showthread.php?t=135635&highlight=autofs+ldap">http://forums.fedoraforum.org/forum/showthread.php?t=135635&highlight=autofs+ldap</a>
- </div></li><li class="listitem"><div class="para">
- <a href="http://blogs.sun.com/rohanpinto/entry/nis_to_ldap_migration_guide">http://blogs.sun.com/rohanpinto/entry/nis_to_ldap_migration_guide</a>
- </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="automount.html"><strong>Prev</strong>Chapter 7. Identity: Using Automount</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="active-directory.html"><strong>Next</strong>Chapter 8. Identity: Integrating with Microsoft A...</a></li></ul></body></html>
+ </div></li></ol></div></li></ol></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="automount.html"><strong>Prev</strong>Chapter 7. Identity: Using Automount</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="adding-locations.html"><strong>Next</strong>7.3. Configuring Locations</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/configuring-sudo.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/configuring-sudo.html
index 8a718c1..e0ae270 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/configuring-sudo.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/configuring-sudo.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.2. Configuring sudo</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>12.2. Configuring sudo</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/creating-server.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/creating-server.html
index fb1ffba..01dade2 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/creating-server.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/creating-server.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3. Creating a FreeIPA Server Instance</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>1.3. Creating a FreeIPA Server Instance</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
@@ -30,202 +30,64 @@
</div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
The port numbers and directory locations used by FreeIPA are all defined automatically, as defined in <a class="xref" href="installing-ipa.html#prereq-ports">Section 1.1.3.3, “System Ports”</a> and . These ports and directories <span class="emphasis"><em>cannot</em></span> be changed or customized.
</div></div></div><div class="section" id="install-command"><div class="titlepage"><div><div><h3 class="title" id="install-command">1.3.1. About ipa-server-install</h3></div></div></div><div class="para">
- A FreeIPA server instance is created by running the <code class="command">ipa-server-install</code> script. This script can accept user-defined settings for services, like DNS nad Kerberos, that are used by the FreeIPA instance, or it can supply predefined values for minimal input from the administrator.
+ A FreeIPA server instance is created by running the <code class="command">ipa-server-install</code> script. This script can accept user-defined settings for services, like DNS and Kerberos, that are used by the FreeIPA instance, or it can supply predefined values for minimal input from the administrator.
</div><div class="para">
While <code class="command">ipa-server-install</code> can be run without any options, so that it prompts for the required information, it has numerous arguments which allow the configuration process to be easily scripted or to supply additional information which is not requested during an interactive installation.
</div><div class="para">
- <a class="xref" href="creating-server.html#tab.ipa-server-install-param">Table 1.3, “ipa-server-install Options”</a> lists the possible arguments with <code class="command">ipa-server-install</code>, while <a class="xref" href="creating-server.html#install-examples">Section 1.3.3, “Examples of Creating the FreeIPA Server”</a> has examples of some common installation scenarios. In real life, the <code class="command">ipa-server-install</code> options are versatile enough to be customized to the specific deployment environment.
- </div><div class="table" id="tab.ipa-server-install-param"><h6>Table 1.3. ipa-server-install Options</h6><div class="table-contents"><table summary="ipa-server-install Options" border="1"><colgroup><col width="33%" /><col width="33%" /><col width="33%" /></colgroup><thead><tr><th>
+ <a class="xref" href="creating-server.html#tab.ipa-server-install-param">Table 1.3, “ipa-server-install Options”</a> lists some common arguments with <code class="command">ipa-server-install</code>, while <a class="xref" href="creating-server.html#install-examples">Section 1.3.3, “Examples of Creating the FreeIPA Server”</a> has examples of some common installation scenarios. The full list of options are in <a class="xref" href="server-tools.html#ipa-server-install">Section B.2.3, “ipa-server-install”</a>. In real life, the <code class="command">ipa-server-install</code> options are versatile enough to be customized to the specific deployment environment.
+ </div><div class="table" id="tab.ipa-server-install-param"><h6>Table 1.3. ipa-server-install Options</h6><div class="table-contents"><table summary="ipa-server-install Options" border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
Argument
</th><th>
- Alternate Argument
- </th><th>
Description
- </th></tr></thead><tbody><tr><td colspan="3">
- <span class="bold bold"><strong>Required Options</strong></span><sup>[<a id="id3009664" href="#ftn.id3009664" class="footnote">a</a>]</sup>
- </td></tr><tr><td>
+ </th></tr></thead><tbody><tr><td>
-a <span class="emphasis"><em>ipa_admin_password</em></span>
</td><td>
- --admin-password=<span class="emphasis"><em>ipa_admin_password</em></span>
- </td><td>
The password for the FreeIPA administrator. This is used for the admin user to authenticate to the Kerberos realm.
</td></tr><tr><td>
--hostname=<span class="emphasis"><em>hostname</em></span>
</td><td>
-
- </td><td>
The fully-qualified domain name of the FreeIPA server machine.
</td></tr><tr><td>
-n <span class="emphasis"><em>domain_name</em></span>
</td><td>
- --domain=<span class="emphasis"><em>domain_name</em></span>
- </td><td>
The name of the LDAP server domain to use for the FreeIPA domain. This is usually based on the FreeIPA server's hostname.
</td></tr><tr><td>
-p <span class="emphasis"><em>directory_manager_password</em></span>
</td><td>
- --ds-password=<span class="emphasis"><em>directory_manager_password</em></span>
- </td><td>
The password for the superuser, <code class="command">cn=Directory Manager</code>, for the LDAP service.
</td></tr><tr><td>
-r <span class="emphasis"><em>realm_name</em></span>
</td><td>
- --realm=<span class="emphasis"><em>realm_name</em></span>
- </td><td>
The name of the Kerberos realm to create for the FreeIPA domain.
- </td></tr><tr><td colspan="3">
- <span class="bold bold"><strong>Certificate Authority Options</strong></span>
- </td></tr><tr><td>
- --external-ca
- </td><td>
-
- </td><td>
- Instructs the installation script to generate a certificate request that can be submitted to an external or third-party CA.
- </td></tr><tr><td>
- --external_ca_file=<span class="emphasis"><em>CA_cert_chain_file</em></span>
- </td><td>
-
- </td><td>
- Points to the PKCS#10 file which contains the CA certificate chain of the external CA. This is required to validate the certificate issued by the CA for the FreeIPA server. If an external CA is used, this is required in a second invocation of <code class="command">ipa-server-install</code> to complete the setup process.
- </td></tr><tr><td>
- --external_cert_file=<span class="emphasis"><em>certificate_file</em></span>
- </td><td>
-
- </td><td>
- Points to the PKCS#10 file which contains the certificate that was generated by an external CA. If an external CA is used, this is required in a second invocation of <code class="command">ipa-server-install</code> to complete the setup process.
- </td></tr><tr><td>
- --selfsign
- </td><td>
-
- </td><td>
- Uses a self-signed certificate instead of a certificate issued by the internal Dogtag Certificate System or by an external CA. If this option is selected, then no Dogtag Certificate System instance is configured as part of the setup process, and the FreeIPA server itself functionally serves as a CA for clients in the domain. This is not recommended for production environments, but can be used in test or development environments.
</td></tr><tr><td>
--subject=<span class="emphasis"><em>subject_DN</em></span>
</td><td>
-
- </td><td>
Sets the base element for the subject DN of the issued certificates. This defaults to <code class="command">O=</code><span class="emphasis"><em>realm</em></span>.
- </td></tr><tr><td colspan="3">
- <span class="bold bold"><strong>DNS Options</strong></span>
</td></tr><tr><td>
--forwarder=<span class="emphasis"><em>forwarder</em></span>
</td><td>
-
- </td><td>
Gives a comma-separated list of DNS forwarders to use with the DNS service.
</td></tr><tr><td>
--no-forwarders
</td><td>
-
- </td><td>
Uses root servers with the DNS service instead of forwarders.
</td></tr><tr><td>
--no-reverse
</td><td>
-
- </td><td>
Uses root servers with the DNS service instead of forwarders.
</td></tr><tr><td>
--setup-dns
</td><td>
-
- </td><td>
Tells the installation script to set up a DNS service within the FreeIPA domain. Using an integrated DNS service is optional, so if this option is not passed with the installation script, then no DNS is configured.
</td></tr><tr><td>
- --zonemgr=<span class="emphasis"><em>email_address</em></span>
- </td><td>
-
- </td><td>
- Gives the email address to use for the DNS zone manager. If none is given, this defaults to root.
- </td></tr><tr><td colspan="3">
- <span class="bold bold"><strong>Kerberos Options</strong></span>
- </td></tr><tr><td>
- --ip-address=<span class="emphasis"><em>ip_address</em></span>
- </td><td>
-
- </td><td>
- Gives the IP address of the Kerberos master KDC. This can be used if there are multiple FreeIPA servers in the same realm.
- </td></tr><tr><td>
- -P <span class="emphasis"><em>kerberos_master_password</em></span>
- </td><td>
- --master-password=<span class="emphasis"><em>kerberos_master_password</em></span>
- </td><td>
- The password for the KDC account. This is randomly generated if no value is given.
- </td></tr><tr><td colspan="3">
- <span class="bold bold"><strong>NTP Options</strong></span>
- </td></tr><tr><td>
- -N, --no-ntp
- </td><td>
-
- </td><td>
- Does <span class="emphasis"><em>not</em></span> configure the NTP service for the FreeIPA server. This is normally done by default.
- <div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
- If the FreeIPA server is running as a virtual guest, it should not run an NTP service.
- </div></div></div>
-
- </td></tr><tr><td colspan="3">
- <span class="bold bold"><strong>FreeIPA Server Configuration Options</strong></span>
- </td></tr><tr><td>
--idmax=<span class="emphasis"><em>number</em></span>
</td><td>
-
- </td><td>
Sets the upper bound for IDs which can be assigned by the FreeIPA server. The default value is the ID start value plus 199999.
</td></tr><tr><td>
--idstart=<span class="emphasis"><em>number</em></span>
</td><td>
-
- </td><td>
Sets the lower bound (starting value) for IDs which can be assigned by the FreeIPA server. The default value is randomly selected.
- </td></tr><tr><td>
- --no_hbac_allow
- </td><td>
-
- </td><td>
- Disables the <code class="command">allow_all</code> rule for host-based access control in the FreeIPA domain.
- </td></tr><tr><td colspan="3">
- <span class="bold bold"><strong>Other Setup Options</strong></span>
- </td></tr><tr><td>
- --no-host-dns
- </td><td>
-
- </td><td>
- Does <span class="emphasis"><em>not</em></span> use DNS to look up the hostname of the FreeIPA server machine during the installation process.
- </td></tr><tr><td>
- -U
- </td><td>
- --unattended
- </td><td>
- Runs the <code class="command">ipa-server-install</code> command without any interactive prompts.
- </td></tr><tr><td>
- --uninstall
- </td><td>
-
- </td><td>
- Uninstalls an existing FreeIPA server.
- </td></tr><tr><td colspan="3">
- <span class="bold bold"><strong>General Tool Options</strong></span>
- </td></tr><tr><td>
- -d
- </td><td>
- --debug
- </td><td>
- Runs the <code class="command">ipa-server-install</code> command in debug mode and outputs debugging information.
- </td></tr><tr><td>
- -h
- </td><td>
- --help
- </td><td>
- Prints the help information for the <code class="command">ipa-server-install</code> command.
- </td></tr><tr><td>
- --version
- </td><td>
-
- </td><td>
- Prints the version number of the <code class="command">ipa-server-install</code> command.
- </td></tr></tbody><tbody class="footnotes"><tr><td colspan="3"><div class="footnote"><p><sup>[<a id="ftn.id3009664" href="#id3009664" class="para">a</a>] </sup>
- The installation script will prompt for these options if they are not passed with the script.
- </p></div></td></tr></tbody></table></div></div><br class="table-break" /></div><div class="section" id="install-interactive"><div class="titlepage"><div><div><h3 class="title" id="install-interactive">1.3.2. Setting up a FreeIPA Server: Basic Interactive Installation</h3></div></div></div><div class="para">
+ </td></tr></tbody></table></div></div><br class="table-break" /></div><div class="section" id="install-interactive"><div class="titlepage"><div><div><h3 class="title" id="install-interactive">1.3.2. Setting up a FreeIPA Server: Basic Interactive Installation</h3></div></div></div><div class="para">
All that is required to set up a FreeIPA server is to run the <code class="command">ipa-server-install</code> script. This launchs the script interactively, which prompts for the required information to set up a server, but without more advanced configuration like DNS and CA options.
</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
Run the <code class="command">ipa-server-install</code> script.
@@ -401,7 +263,7 @@ Setup <span class="perl_Reserved">complete</span></pre></li><li class="listitem"
Some kind of forwarder information is required. If no external forwarders will be used with the FreeIPA DNS service, then use the <code class="option">--no-forwarders</code> option to indicate that only root servers will be used.
</div><div class="para">
The script always assumes that reverse DNS is configured along with DNS, so it is not necessary to use any options to <span class="emphasis"><em>enable</em></span> reverse DNS. To disable reverse DNS, use the <code class="option">--no-reverse</code> option.
- </div><pre class="programlisting"><span class="perl_Comment"># ipa-server-install ... --setup-dns --no-reverse</span></pre></div></div><br class="example-break" /></div></div><div class="section" id="troubleshooting-install"><div class="titlepage"><div><div><h3 class="title" id="troubleshooting-install">1.3.4. Troubleshooting Installation Problems</h3></div></div></div><div class="formalpara"><h5 class="formalpara" id="id3286220">GSS Failures When Running IPA Commands</h5>
+ </div><pre class="programlisting"><span class="perl_Comment"># ipa-server-install ... --setup-dns --no-reverse</span></pre></div></div><br class="example-break" /></div></div><div class="section" id="troubleshooting-install"><div class="titlepage"><div><div><h3 class="title" id="troubleshooting-install">1.3.4. Troubleshooting Installation Problems</h3></div></div></div><div class="formalpara"><h5 class="formalpara" id="id3278657">GSS Failures When Running IPA Commands</h5>
Immediately after installation, there can be Kerberos problems when trying to run an <code class="command">ipa-*</code> command. For example:
</div><pre class="programlisting">ipa: ERROR: Kerberos error: ('Unspecified GSS failure. Minor code may provide more information', 851968)/('Decrypt integrity check failed', -1765328353)</pre><div class="para">
There are two potential causes for this:
@@ -409,7 +271,7 @@ Setup <span class="perl_Reserved">complete</span></pre></li><li class="listitem"
DNS is not properly configured.
</div></li><li class="listitem"><div class="para">
Active Directory is in the same domain as the FreeIPA server.
- </div></li></ul></div><div class="formalpara"><h5 class="formalpara" id="id3286270">named Daemon Fails to Start</h5>
+ </div></li></ul></div><div class="formalpara"><h5 class="formalpara" id="id3278706">named Daemon Fails to Start</h5>
If a FreeIPA server is configured to manage DNS and is set up successfully, but the <code class="systemitem">named</code> service fails to start, this can indicate that there is a package conflict. Check the <code class="filename">/var/log/messages</code> file for error messages related to the <code class="command">named</code> service and the <code class="filename">ldap.so</code> library:
</div><pre class="screen">ipaserver named[6886]: failed to dynamically load driver 'ldap.so': libldap-2.4.so.2: cannot open shared object file: No such file or directory</pre><div class="para">
This usually means that the <span class="package">bind-chroot</span> package is installed and is preventing the <code class="systemitem">named</code> service from starting. To resolve this issue, remove the <span class="package">bind-chroot</span> package and then restart the FreeIPA server.
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/disabling-anon-binds.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/disabling-anon-binds.html
index 50d6eee..f30c28e 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/disabling-anon-binds.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/disabling-anon-binds.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.2. Disabling Anonymous Binds</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.2. Disabling Anonymous Binds</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/dns-resolve.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/dns-resolve.html
index 9965b3b..7dcf168 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/dns-resolve.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/dns-resolve.html
@@ -1,14 +1,14 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.10. Resolving Hostnames in the FreeIPA Domain</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.11. Resolving Hostnames in the FreeIPA Domain</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Working_with_DNS.html" title="Chapter 10. Policy: Managing DNS" /><link rel="prev" href="Managing_DNS_Zones-Deleting_Records_from_DNS_Zones.html" title="10.9. Deleting Records from DNS Zones" /><link rel="next" href="authz.html" title="Chapter 11. Policy: Configuring Authorization" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Managing_DNS_Zones-
Deleting_Records_from_DNS_Zones.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="authz.html"><strong>Next</strong></a></li></ul><div class="section" id="dns-resolve"><div class="titlepage"><div><div><h2 class="title" id="dns-resolve">10.10. Resolving Hostnames in the FreeIPA Domain</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Working_with_DNS.html" title="Chapter 10. Identity: Managing DNS" /><link rel="prev" href="Managing_DNS_Zones-Deleting_Records_from_DNS_Zones.html" title="10.10. Deleting Records from DNS Zones" /><link rel="next" href="authz.html" title="Chapter 11. Policy: Configuring Authorization" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Managing_DNS_Zon
es-Deleting_Records_from_DNS_Zones.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="authz.html"><strong>Next</strong></a></li></ul><div class="section" id="dns-resolve"><div class="titlepage"><div><div><h2 class="title" id="dns-resolve">10.11. Resolving Hostnames in the FreeIPA Domain</h2></div></div></div><div class="para">
It is possible to check the DNS entries for FreeIPA domain members using the <code class="command">dns-resolve</code> command. If the record exists and is properly formatted in the DNS configuration, then the command returns the DNS record. If not, the command returns an error, that the hostname is not recognized within the DNS service.
</div><pre class="screen">$ipa dns-resolve server1.example.com</pre><div class="para">
This can be helpful with troubleshooting connection problems between servers, clients, and services.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Managing_DNS_Zones-Deleting_Records_from_DNS_Zones.html"><strong>Prev</strong>10.9. Deleting Records from DNS Zones</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="authz.html"><strong>Next</strong>Chapter 11. Policy: Configuring Authorization</a></li></ul></body></html>
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Managing_DNS_Zones-Deleting_Records_from_DNS_Zones.html"><strong>Prev</strong>10.10. Deleting Records from DNS Zones</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="authz.html"><strong>Next</strong>Chapter 11. Policy: Configuring Authorization</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/doc-history.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/doc-history.html
index 41e4456..54ffaba 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/doc-history.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/doc-history.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4. Document Change History</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4. Document Change History</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
@@ -8,8 +8,87 @@
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
</script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Preface.html" title="Preface" /><link rel="prev" href="feedback.html" title="3. Giving Feedback" /><link rel="next" href="installing-ipa.html" title="Chapter 1. Installing a FreeIPA Server" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="feedback.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="installing-ipa.html"><strong>
Next</strong></a></li></ul><div xml:lang="en-US" class="section" id="doc-history" lang="en-US"><div class="titlepage"><div><div><h2 class="title" id="doc-history">4. Document Change History</h2></div></div></div><div class="para">
- <div class="revhistory"><table border="0" width="100%" summary="Revision history"><tr><th align="left" valign="top" colspan="3"><b>Revision History</b></th></tr><tr><td align="left">Revision 2.1.0-1</td><td align="left">May 10, 2011</td><td align="left"><span class="author"><span class="firstname">Ella Deon</span> <span class="surname">Lackey</span></span></td></tr><tr><td align="left" colspan="3">
- <table border="0" summary="Simple list" class="simplelist"><tr><td>Beginning draft for the Fedora docs project.</td></tr></table>
+ <div class="revhistory"><table border="0" width="100%" summary="Revision history"><tr><th align="left" valign="top" colspan="3"><b>Revision History</b></th></tr><tr><td align="left">Revision 2.1.0-2</td><td align="left">July 22, 2011</td><td align="left"><span class="author"><span class="firstname">Ella Deon</span> <span class="surname">Lackey</span></span></td></tr><tr><td align="left" colspan="3">
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Completing first round of content revisions on the chapters for server installation, client installation, DNS, basic usage, managing clients, and the preface.
+ </div></li><li class="listitem"><div class="para">
+ Beginning content revisions on the chapters for users, Kerberos, automount, and managing servers.
+ </div></li><li class="listitem"><div class="para">
+ Bare initial draft of a tools appendix.
+ </div></li><li class="listitem"><div class="para">
+ Bugzilla work:
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 646226
+ </div></li><li class="listitem"><div class="para">
+ 646240
+ </div></li><li class="listitem"><div class="para">
+ 646257
+ </div></li><li class="listitem"><div class="para">
+ 646267
+ </div></li><li class="listitem"><div class="para">
+ 681731
+ </div></li><li class="listitem"><div class="para">
+ 693843
+ </div></li><li class="listitem"><div class="para">
+ 701465
+ </div></li><li class="listitem"><div class="para">
+ 709385
+ </div></li><li class="listitem"><div class="para">
+ 714603
+ </div></li><li class="listitem"><div class="para">
+ 715015
+ </div></li></ul></div>
+
+ </div></li><li class="listitem"><div class="para">
+ FreeIPA.org tickets:
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 1183
+ </div></li><li class="listitem"><div class="para">
+ 1359
+ </div></li><li class="listitem"><div class="para">
+ 1449
+ </div></li><li class="listitem"><div class="para">
+ 1058
+ </div></li><li class="listitem"><div class="para">
+ 1335
+ </div></li><li class="listitem"><div class="para">
+ 1107
+ </div></li><li class="listitem"><div class="para">
+ 1355
+ </div></li><li class="listitem"><div class="para">
+ 1430
+ </div></li><li class="listitem"><div class="para">
+ 803
+ </div></li><li class="listitem"><div class="para">
+ 991
+ </div></li><li class="listitem"><div class="para">
+ 615
+ </div></li><li class="listitem"><div class="para">
+ 969
+ </div></li><li class="listitem"><div class="para">
+ 594
+ </div></li><li class="listitem"><div class="para">
+ 593
+ </div></li></ul></div>
+
+ </div></li><li class="listitem"><div class="para">
+ freeipa-guide trac tickets:
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ 18
+ </div></li><li class="listitem"><div class="para">
+ 19
+ </div></li><li class="listitem"><div class="para">
+ 16
+ </div></li><li class="listitem"><div class="para">
+ 17
+ </div></li></ul></div>
+
+ </div></li></ul></div>
+
+ </td></tr><tr><td align="left">Revision 2.1.0-1</td><td align="left">May 10, 2011</td><td align="left"><span class="author"><span class="firstname">Ella Deon</span> <span class="surname">Lackey</span></span></td></tr><tr><td align="left" colspan="3">
+ <div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Beginning draft for the Fedora docs project.
+ </div></li></ul></div>
</td></tr></table></div>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/editing-users.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/editing-users.html
index cdc160e..98f85f6 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/editing-users.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/editing-users.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.3. Editing Users</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.3. Editing Users</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/enabling-dns.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/enabling-dns.html
index 41ea267..6a3ddf9 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/enabling-dns.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/enabling-dns.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.2. Configuring DNS</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.2. Configuring DNS</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Working_with_DNS.html" title="Chapter 10. Policy: Managing DNS" /><link rel="prev" href="Working_with_DNS.html" title="Chapter 10. Policy: Managing DNS" /><link rel="next" href="finding-dns-zones.html" title="10.3. Finding and Displaying DNS Zones" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Working_with_DNS.html"><strong>Prev</strong></a></li>
<li class="next"><a accesskey="n" href="finding-dns-zones.html"><strong>Next</strong></a></li></ul><div class="section" id="enabling-dns"><div class="titlepage"><div><div><h2 class="title" id="enabling-dns">10.2. Configuring DNS</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Working_with_DNS.html" title="Chapter 10. Identity: Managing DNS" /><link rel="prev" href="Working_with_DNS.html" title="Chapter 10. Identity: Managing DNS" /><link rel="next" href="changing-forwarder.html" title="10.3. Changing Recursive Queries Against Forwarders" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Working_with_DNS.html"><strong>Prev
</strong></a></li><li class="next"><a accesskey="n" href="changing-forwarder.html"><strong>Next</strong></a></li></ul><div class="section" id="enabling-dns"><div class="titlepage"><div><div><h2 class="title" id="enabling-dns">10.2. Configuring DNS</h2></div></div></div><div class="para">
DNS can be configured as part of the FreeIPA server installation, simply by using the <code class="option">--setup-dns</code> option. If DNS is not configured then, it can be configured later using the <code class="command">ipa-dns-install</code> command. For example:
</div><pre class="screen">ipa-dns-install -p secret --ip-address=1.2.34.56 --no-forwarders</pre><div class="itemizedlist"><ul><li class="listitem"><div class="para">
<code class="option">-p</code> gives the password for the Directory Manager user in the 389 Directory Server. All of th DNS entries are stored in the LDAP directory, so this directory must be accessed to add the DNS configuration.
@@ -17,4 +17,4 @@
<code class="option">--no-forwarders</code> means that there are no forwarders used with the DNS service, only root servers. Alternatively, a comma-separated list of forwarders can be given, using the <code class="option">--forwarders</code> option.
</div></li><li class="listitem"><div class="para">
Reverse DNS is configured automatically. It is possible to disable reverse DNS by using the <code class="option">--no-reverse</code> option.
- </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Working_with_DNS.html"><strong>Prev</strong>Chapter 10. Policy: Managing DNS</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="finding-dns-zones.html"><strong>Next</strong>10.3. Finding and Displaying DNS Zones</a></li></ul></body></html>
+ </div></li></ul></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Working_with_DNS.html"><strong>Prev</strong>Chapter 10. Identity: Managing DNS</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="changing-forwarder.html"><strong>Next</strong>10.3. Changing Recursive Queries Against Forwarde...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/enabling-zones.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/enabling-zones.html
index fe5b498..aa4c779 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/enabling-zones.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/enabling-zones.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.7. Enabling and Disabling Zones</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.8. Enabling and Disabling Zones</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Working_with_DNS.html" title="Chapter 10. Policy: Managing DNS" /><link rel="prev" href="Adding_DNS_Zones-Using_Dynamic_DNS_Updates.html" title="10.6. Enabling Dynamic DNS Updates" /><link rel="next" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html" title="10.8. Adding Records to DNS Zones" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Ad
ding_DNS_Zones-Using_Dynamic_DNS_Updates.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html"><strong>Next</strong></a></li></ul><div class="section" id="enabling-zones"><div class="titlepage"><div><div><h2 class="title" id="enabling-zones">10.7. Enabling and Disabling Zones</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Working_with_DNS.html" title="Chapter 10. Identity: Managing DNS" /><link rel="prev" href="Adding_DNS_Zones-Using_Dynamic_DNS_Updates.html" title="10.7. Enabling Dynamic DNS Updates" /><link rel="next" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html" title="10.9. Adding Records to DNS Zones" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="
Adding_DNS_Zones-Using_Dynamic_DNS_Updates.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html"><strong>Next</strong></a></li></ul><div class="section" id="enabling-zones"><div class="titlepage"><div><div><h2 class="title" id="enabling-zones">10.8. Enabling and Disabling Zones</h2></div></div></div><a id="id3090157" class="indexterm"></a><div class="para">
Active zones can have clients added to them, are available for lookups, and are used by FreeIPA services like Kerberos. Deleting a DNS zone removes the zone entry and all the associated configuration.
</div><div class="para">
There can be situations when it is necessary to remove a zone from activity without permanently removing the zone. This can be done by using the <code class="command">dnszone-disable</code> command.
@@ -15,4 +15,4 @@
For example:
</div><pre class="screen">$ ipa dnszone-disable server.example.com</pre><div class="para">
When the zone needs to be brought back online, it can be re-enabled using the <code class="command">dnszone-enable</code> command.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Adding_DNS_Zones-Using_Dynamic_DNS_Updates.html"><strong>Prev</strong>10.6. Enabling Dynamic DNS Updates</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html"><strong>Next</strong>10.8. Adding Records to DNS Zones</a></li></ul></body></html>
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Adding_DNS_Zones-Using_Dynamic_DNS_Updates.html"><strong>Prev</strong>10.7. Enabling Dynamic DNS Updates</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html"><strong>Next</strong>10.9. Adding Records to DNS Zones</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/enrolling-machines.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/enrolling-machines.html
index 9f4c365..9a7d9f9 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/enrolling-machines.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/enrolling-machines.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.2. Enrolling Clients Manually</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.2. Enrolling Clients Manually</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/feedback.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/feedback.html
index c4f02e5..669473c 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/feedback.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/feedback.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3. Giving Feedback</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3. Giving Feedback</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/finding-dns-zones.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/finding-dns-zones.html
index 243e01f..a8610a2 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/finding-dns-zones.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/finding-dns-zones.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.3. Finding and Displaying DNS Zones</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.4. Finding and Displaying DNS Zones</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Working_with_DNS.html" title="Chapter 10. Policy: Managing DNS" /><link rel="prev" href="enabling-dns.html" title="10.2. Configuring DNS" /><link rel="next" href="Managing_DNS_Zones-Adding_DNS_Zones.html" title="10.4. Adding DNS Zones" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="enabling-dns.html"><strong>Prev</strong></a></li><li class="next"><
a accesskey="n" href="Managing_DNS_Zones-Adding_DNS_Zones.html"><strong>Next</strong></a></li></ul><div class="section" id="finding-dns-zones"><div class="titlepage"><div><div><h2 class="title" id="finding-dns-zones">10.3. Finding and Displaying DNS Zones</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Working_with_DNS.html" title="Chapter 10. Identity: Managing DNS" /><link rel="prev" href="changing-forwarder.html" title="10.3. Changing Recursive Queries Against Forwarders" /><link rel="next" href="Managing_DNS_Zones-Adding_DNS_Zones.html" title="10.5. Adding DNS Zones" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="changing-forwarder.html"><str
ong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Managing_DNS_Zones-Adding_DNS_Zones.html"><strong>Next</strong></a></li></ul><div class="section" id="finding-dns-zones"><div class="titlepage"><div><div><h2 class="title" id="finding-dns-zones">10.4. Finding and Displaying DNS Zones</h2></div></div></div><div class="para">
The first part of managing a DNS domain is simply knowing what the domain configuration is. This is done by finding and displaying DNS zone records.
</div><div class="para">
Finding and displaying records can be done using the <code class="command">dnszone-find</code> command. This command can be used either to return a list of all zones or to find a specific record based on any of the attirbutes in the zone entry. Using either the <code class="command">dnszone-find</code> or the <code class="command">dnszone-show</code> command lists the full start of authority (SOA) record for the DNS zone.
@@ -40,4 +40,4 @@ Number of entries returned 2
Alternatively, the DNS zones can be filtered by searching for a particular attribute in the SOA record. For example, this searches for the <code class="command">example.com</code> zone by the hostname:
</div><pre class="screen">$ ipa dnszone-find --name-server=server1.example.com</pre><div class="para">
The <code class="command">dnszone-show</code> command is equivalent to the <code class="command">dnszone-find --name</code> command because it only displays the record for the specific zone by its fully-qualified domain name.
- </div><pre class="screen">$ ipa dnszone-show example.com</pre></div><ul class="docnav"><li class="previous"><a accesskey="p" href="enabling-dns.html"><strong>Prev</strong>10.2. Configuring DNS</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Managing_DNS_Zones-Adding_DNS_Zones.html"><strong>Next</strong>10.4. Adding DNS Zones</a></li></ul></body></html>
+ </div><pre class="screen">$ ipa dnszone-show example.com</pre></div><ul class="docnav"><li class="previous"><a accesskey="p" href="changing-forwarder.html"><strong>Prev</strong>10.3. Changing Recursive Queries Against Forwarde...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Managing_DNS_Zones-Adding_DNS_Zones.html"><strong>Next</strong>10.5. Adding DNS Zones</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/hosts.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/hosts.html
index fe3d3be..e9d451b 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/hosts.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/hosts.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 5. Identity: Managing Hosts and Host Groups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 5. Identity: Managing Hosts and Host Groups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/index.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/index.html
index b79e3a9..0018b03 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/index.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/index.html
@@ -1,16 +1,16 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>FreeIPA: Identity/Policy Management</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><meta name="description" content="Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and cl
ients. This guide is intended for IT and systems administrators." /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>FreeIPA: Identity/Policy Management</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><meta name="description" content="Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and cl
ients. This guide is intended for IT and systems administrators." /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="next" href="Preface.html" title="Preface" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"></li><li class="next"><a accesskey="n" href="Preface.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="book" id="id4275740" lang="en-US"><div class="titlepage"><div><div class="producttitle"><span class="productname">Fedora</span> <span class="productnumber">15</span></div><div
><h1 id="id4275740" class="title">FreeIPA: Identity/Policy Management</h1></div><div><h2 class="subtitle">Managing Identity and Authorization Policies for Linux-Based Enterprise Networks</h2></div><p class="edition">Edition 0.1</p><div><h3 class="corpauthor">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="next" href="Preface.html" title="Preface" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"></li><li class="next"><a accesskey="n" href="Preface.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="book" id="id4272211" lang="en-US"><div class="titlepage"><div><div class="producttitle"><span class="productname">Fedora</span> <span class="productnumber">15</span></div><div
><h1 id="id4272211" class="title">FreeIPA: Identity/Policy Management</h1></div><div><h2 class="subtitle">Managing Identity and Authorization Policies for Linux-Based Enterprise Networks</h2></div><p class="edition">Edition 2.1</p><div><h3 class="corpauthor">
<span class="inlinemediaobject"><object data="Common_Content/images/title_logo.svg" type="image/svg+xml"> </object></span>
- </h3></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Ella Deon</span> <span class="surname">Lackey</span></h3><code class="email"><a class="email" href="mailto:dlackey at redhat.com">dlackey at redhat.com</a></code></div></div></div><hr /><div><div id="id3005970" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class="para">
+ </h3></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Ella Deon</span> <span class="surname">Lackey</span></h3><code class="email"><a class="email" href="mailto:dlackey at redhat.com">dlackey at redhat.com</a></code></div></div></div><hr /><div><div id="id3338109" class="legalnotice"><h1 class="legalnotice">Legal Notice</h1><div class="para">
Copyright <span class="trademark"></span>© 2011 Red Hat.
</div><div class="para">
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at <a href="http://creativecommons.org/licenses/by-sa/3.0/">http://creativecommons.org/licenses/by-sa/3.0/</a>. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
@@ -26,4 +26,4 @@
All other trademarks are the property of their respective owners.
</div></div></div><div><div class="abstract"><h6>Abstract</h6><div class="para">
Identity and policy management — for both users and machines — is a core function for almost any enterprise environment. IPA provides a way to create an identity domain that allows machines to enroll to a domain and immediately access identity information reuqired for single sign-on and authentication services, as well as policy settings that govern authorization and access. This manual covers all aspects of installing, configuring, and managing IPA domains, including both servers and clients. This guide is intended for IT and systems administrators.
- </div></div></div></div><hr /></div><div class="toc"><dl><dt><span class="preface"><a href="Preface.html">Preface</a></span></dt><dd><dl><dt><span class="section"><a href="Preface.html#audience">1. Audience and Purpose</a></span></dt><dt><span class="section"><a href="Document_Conventions.html">2. Examples and Formatting</a></span></dt><dd><dl><dt><span class="section"><a href="Document_Conventions.html#bracketsexamples">2.1. Brackets</a></span></dt><dt><span class="section"><a href="Document_Conventions.html#tool-locations">2.2. Client Tool Information</a></span></dt><dt><span class="section"><a href="Document_Conventions.html#guide-formatting">2.3. Text Formatting and Styles</a></span></dt></dl></dd><dt><span class="section"><a href="feedback.html">3. Giving Feedback</a></span></dt><dt><span class="section"><a href="doc-history.html">4. Document Change History</a></span></dt></dl></dd><dt><span class="chapter"><a href="installing-ipa.html">1. Installing a FreeIPA Server<
/a></span></dt><dd><dl><dt><span class="section"><a href="installing-ipa.html#Preparing_for_an_IPA_Installation">1.1. Preparing to Install the FreeIPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="installing-ipa.html#Preparing_for_an_IPA_Installation-Hardware_Requirements">1.1.1. Hardware Requirements</a></span></dt><dt><span class="section"><a href="installing-ipa.html#Preparing_for_an_IPA_Installation-Software_Requirements">1.1.2. Software Requirements</a></span></dt><dt><span class="section"><a href="installing-ipa.html#prerequisites">1.1.3. System Prerequisites</a></span></dt></dl></dd><dt><span class="section"><a href="Installing_the_IPA_Server_Packages.html">1.2. Installing the FreeIPA Server Packages</a></span></dt><dt><span class="section"><a href="creating-server.html">1.3. Creating a FreeIPA Server Instance</a></span></dt><dd><dl><dt><span class="section"><a href="creating-server.html#install-command">1.3.1. About ipa-server-install</a></span></d
t><dt><span class="section"><a href="creating-server.html#install-interactive">1.3.2. Setting up a FreeIPA Server: Basic Interactive Installation</a></span></dt><dt><span class="section"><a href="creating-server.html#install-examples">1.3.3. Examples of Creating the FreeIPA Server</a></span></dt><dt><span class="section"><a href="creating-server.html#troubleshooting-install">1.3.4. Troubleshooting Installation Problems</a></span></dt></dl></dd><dt><span class="section"><a href="Setting_up_IPA_Replicas.html">1.4. Setting up FreeIPA Replicas</a></span></dt><dd><dl><dt><span class="section"><a href="Setting_up_IPA_Replicas.html#installing-replica">1.4.1. Prepping and Installing the Replica Server</a></span></dt><dt><span class="section"><a href="Setting_up_IPA_Replicas.html#creating-the-replica">1.4.2. Creating the Replica</a></span></dt><dt><span class="section"><a href="Setting_up_IPA_Replicas.html#troubleshooting-replica-install">1.4.3. Troubleshooting Replica Installation</
a></span></dt></dl></dd><dt><span class="section"><a href="Uninstalling_IPA_Servers.html">1.5. Uninstalling FreeIPA Servers and Replicas</a></span></dt></dl></dd><dt><span class="chapter"><a href="setting-up-clients.html">2. Setting up Systems as FreeIPA Clients</a></span></dt><dd><dl><dt><span class="section"><a href="setting-up-clients.html#what-happens-clients">2.1. What Happens in Client Setup</a></span></dt><dt><span class="section"><a href="Installing_the_IPA_Client_on_Linux.html">2.2. Configuring a Fedora System as a FreeIPA Client</a></span></dt><dt><span class="section"><a href="Configuring_Microsoft_Windows.html">2.3. Configuring a Microsoft Windows System as a FreeIPA Client</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html">2.4. Configuring a Solaris System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_10">2.4.1.
Configuring Solaris 10</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_9">2.4.2. Configuring Solaris 9</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html">2.5. Configuring an HP-UX System as a FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_NTP">2.5.1. Configuring NTP</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_LDAP_Authentication">2.5.2. Configuring LDAP Authentication</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_Kerberos_and_PAM-Configuring_Kerberos">2.5.3. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP
_UX.html#Configuring_Kerberos_and_PAM-Configuring_PAM">2.5.4. Configuring PAM</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_SSH">2.5.5. Configuring SSH</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_Access_Control">2.5.6. Configuring Access Control</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#hp-test">2.5.7. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html">2.6. Configuring an AIX System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Prerequisites">2.6.1. Prerequisites</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Clien
t_on_AIX-Configuring_Client_Authentication">2.6.2. Configuring the AIX Client</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html">2.7. Configuring a Macintosh OS X System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication">2.7.1. Configuring Kerberos Authentication</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_LDAP_Authorization">2.7.2. Configuring LDAP Authorization</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_the_LDAP_Authorization_Options">2.7.3. Configuring the LDAP Authorization Options</a></span></dt><dt><span class="section"><a href="Configuri
ng_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_NTP">2.7.4. Configuring NTP</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#testing-config-on-mac">2.7.5. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="uninstalling-clients.html">2.8. Uninstalling a FreeIPA Client</a></span></dt></dl></dd><dt><span class="chapter"><a href="basic-usage.html">3. Basic Usage</a></span></dt><dd><dl><dt><span class="section"><a href="basic-usage.html#running-scripts">3.1. Running FreeIPA Tools</a></span></dt><dt><span class="section"><a href="logging-in.html">3.2. Logging into FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="logging-in.html#logging-in-kinit">3.2.1. Logging into FreeIPA</a></span></dt><dt><span class="section"><a href="logging-in.html#switching-users">3.2.2. Logging in When an FreeIPA User Is Different Than the System User</a></sp
an></dt><dt><span class="section"><a href="logging-in.html#checking-current-creds">3.2.3. Checking the Current Logged in User</a></span></dt></dl></dd><dt><span class="section"><a href="opening-the-web-ui.html">3.3. Opening the FreeIPA Web UI</a></span></dt><dt><span class="section"><a href="config-browser.html">3.4. Configuring the Browser</a></span></dt><dt><span class="section"><a href="Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System.html">3.5. Using a Browser on Another System</a></span></dt><dt><span class="section"><a href="Enabling_UsernamePassword_Authentication_in_Your_Browser.html">3.6. Enabling Username/Password Authentication in Your Browser</a></span></dt><dt><span class="section"><a href="Troubleshooting-UI.html">3.7. Troubleshooting UI Connection Problems</a></span></dt></dl></dd><dt><span class="chapter"><a href="users.html">4. Identity: Managing Users and User Groups</a></span></dt><dd><dl><dt><span class="section"><a href="users.htm
l#home-directories">4.1. Setting up User Home Directories</a></span></dt><dd><dl><dt><span class="section"><a href="users.html#homedir-reqs">4.1.1. About Home Directories</a></span></dt><dt><span class="section"><a href="users.html#homedir-pammod">4.1.2. Enabling the PAM Home Directory Module</a></span></dt><dt><span class="section"><a href="users.html#automounting-home-dirs">4.1.3. Manually Automounting Home Directories</a></span></dt></dl></dd><dt><span class="section"><a href="adding-users.html">4.2. Adding Users</a></span></dt><dt><span class="section"><a href="editing-users.html">4.3. Editing Users</a></span></dt><dt><span class="section"><a href="Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html">4.4. Activating and Deactivating User Accounts</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html#Activating_and_Deactivating_User_Accounts-Using_the_Command_Line">4.4.1. Using the C
ommand Line</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_IPA_Users-Specifying_Default_User_Settings.html">4.5. Specifying Default User Settings</a></span></dt><dt><span class="section"><a href="search-limits.html">4.6. Setting Default Search Limits</a></span></dt><dt><span class="section"><a href="Configuring_IPA_Users-Deleting_IPA_Users.html">4.7. Deleting FreeIPA Users</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_IPA_Users-Deleting_IPA_Users.html#Deleting_IPA_Users-Using_the_Command_Line">4.7.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="user-groups.html">4.8. Creating User Groups</a></span></dt><dd><dl><dt><span class="section"><a href="user-groups.html#Configuring_IPA_Groups-Creating_IPA_Groups">4.8.1. Creating FreeIPA Groups</a></span></dt><dt><span class="section"><a href="user-groups.html#Configuring_IPA_Groups-Editing_IPA_Groups">4.8.2. Editing FreeIPA Groups</a></span></dt><d
t><span class="section"><a href="user-groups.html#Configuring_IPA_Groups-Deleting_IPA_Groups">4.8.3. Deleting FreeIPA Groups</a></span></dt></dl></dd><dt><span class="section"><a href="user-pwdpolicy.html">4.9. Setting an Individual Password Policy</a></span></dt><dd><dl><dt><span class="section"><a href="user-pwdpolicy.html#The_IPA_Password_Policy-Changing_Passwords_as_the_Directory_Manager">4.9.1. Changing Passwords as the Directory Manager</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#The_IPA_Password_Policy-Changing_Passwords_as_the_IPA_Administrator">4.9.2. Changing Passwords as the FreeIPA Administrator</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#The_IPA_Password_Policy-Changing_Passwords_as_a_Regular_User">4.9.3. Changing Passwords as a Regular User</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#The_IPA_Password_Policy-Editing_the_Password_Policy">4.9.4. Editing the Password Policy</a></span></dt
><dt><span class="section"><a href="user-pwdpolicy.html#The_IPA_Password_Policy-Setting_Different_Password_Policies_for_Different_User_Groups">4.9.5. Setting Different Password Policies for Different User Groups</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#The_IPA_Password_Policy-Password_Policy_Attributes">4.9.6. Password Policy Attributes</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#The_IPA_Password_Policy-Notifying_Users_of_Password_Expiration">4.9.7. Notifying Users of Password Expiration</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#The_IPA_Password_Policy-Using_SSH_for_Password_Authentication">4.9.8. Using SSH for Password Authentication</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#The_IPA_Password_Policy-Using_Local_Logins">4.9.9. Using Local Logins</a></span></dt></dl></dd><dt><span class="section"><a href="searching.html">4.10. Searching for Users and Groups</a></span>
</dt><dd><dl><dt><span class="section"><a href="searching.html#Searching_for_Users_and_Groups-Searching_for_Users">4.10.1. Searching for Users</a></span></dt><dt><span class="section"><a href="searching.html#Searching_for_Users_and_Groups-Searching_for_Groups">4.10.2. Searching for Groups</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="hosts.html">5. Identity: Managing Hosts and Host Groups</a></span></dt><dd><dl><dt><span class="section"><a href="hosts.html#host-tools">5.1. A Summary of Host and Host Group Tools</a></span></dt><dt><span class="section"><a href="adding-host-entry.html">5.2. Adding Host Entries</a></span></dt><dt><span class="section"><a href="Extending_the_Permissions_of_IPA_Managed_Hosts.html">5.3. Extending the Permissions of FreeIPA Managed Hosts</a></span></dt><dd><dl><dt><span class="section"><a href="Extending_the_Permissions_of_IPA_Managed_Hosts.html#Delegating_Service_Management">5.3.1. Delegating Service Management</a></span></
dt><dt><span class="section"><a href="Extending_the_Permissions_of_IPA_Managed_Hosts.html#Delegating_Host_Management">5.3.2. Delegating Host Management</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="kerberos.html">6. Identity: Using FreeIPA for a Kerberos Domain</a></span></dt><dd><dl><dt><span class="section"><a href="kerberos.html#about-kerberos">6.1. About Kerberos</a></span></dt><dt><span class="section"><a href="kerb-policies.html">6.2. Setting Kerberos Ticket Policies</a></span></dt><dt><span class="section"><a href="Configuring_Service_Principals-Creating_and_Using_Service_Principals.html">6.3. Creating and Using Service Principals</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_Service_Principals-Creating_and_Using_Service_Principals.html#Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service">6.3.1. Creating a FreeIPA Service</a></span></dt><dt><span class="section"><a href="Configuring_Serv
ice_Principals-Creating_and_Using_Service_Principals.html#Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server">6.3.2. Configuring an NFS Service Principal on the FreeIPA Server</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_Authentication-Refreshing_Kerberos_Tickets.html">6.4. Refreshing Kerberos Tickets</a></span></dt><dt><span class="section"><a href="rotating-keys.html">6.5. Rotating Keys</a></span></dt><dt><span class="section"><a href="General_Troubleshooting_Tips-Kerberos_Errors.html">6.6. Kerberos Errors</a></span></dt></dl></dd><dt><span class="chapter"><a href="automount.html">7. Identity: Using Automount</a></span></dt><dd><dl><dt><span class="section"><a href="automount.html#about-automount">7.1. About Automount and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Known_Issues_with_Automount">7.1.1. Known Issues wit
h Automount</a></span></dt><dt><span class="section"><a href="automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Assumptions">7.1.2. Assumptions</a></span></dt></dl></dd><dt><span class="section"><a href="configuring-automount.html">7.2. Configuring Automount</a></span></dt><dd><dl><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_autofs_on_Linux">7.2.1. Configuring autofs on Linux</a></span></dt><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Solaris_automount">7.2.2. Solaris automount</a></span></dt><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_Management_Guide-Configuring_Automount-Configuring_Indirect_Maps">7.2.3. Configuring Indirect Maps</a></span></dt><dt><span class="section"><a href="configuring-automount.html#sect-Enterprise_Identity_
Management_Guide-Configuring_Automount-Links">7.2.4. Links</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="active-directory.html">8. Identity: Integrating with Microsoft Active Directory</a></span></dt><dd><dl><dt><span class="section"><a href="active-directory.html#about-active-directory">8.1. About Active Directory, IPA, and Identity Management</a></span></dt><dd><dl><dt><span class="section"><a href="active-directory.html#sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations">8.1.1. Domain Name Considerations</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html">8.2. Setting up Active Directory</a></span></dt><dt><span class="section"><a href="configuring-active-directory.html">8.3. Configuring Active Directory Synchronization</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up
_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html">8.4. Creating Synchronization Agreements</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html">8.5. Modifying Synchronization Agreements</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html#sect-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Changing_the_Default_Synchronization_Subtree">8.5.1. Changing the Default Synchronization Subtree</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html">8.6. Deleting Synchronization Agreem
ents</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html">8.7. Winsync Agreement Failures</a></span></dt></dl></dd><dt><span class="chapter"><a href="nis.html">9. Identity: Integrating with NIS Domains and Netgroups</a></span></dt><dd><dl><dt><span class="section"><a href="nis.html#about-nis">9.1. About NIS and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="nis.html#sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-What_are_Netgroups">9.1.1. What are Netgroups?</a></span></dt><dt><span class="section"><a href="nis.html#sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-The_IPA_Approach_to_Netgroups">9.1.2. The IPA Approach to Netgroups</a></span></dt><dt><span class="section"><a href="nis.html#adding-netgroups">9.1.3. Adding Netgroups</a></span></dt><dt><span class="section"><a href="nis.html#sect-Enterprise_Identity_Management_Guide
-Configuring_Netgroups-IPA_Netgroup_Commands">9.1.4. IPA Netgroup Commands</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html">9.2. Configuring the Network Information Service (NIS)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html#sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS-Exposing_Automount_Maps_to_NIS_Clients">9.2.1. Exposing Automount Maps to NIS Clients</a></span></dt></dl></dd><dt><span class="section"><a href="migrintg-from-nis.html">9.3. Migrating from NIS to IPA</a></span></dt><dd><dl><dt><span class="section"><a href="migrintg-from-nis.html#sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Preparing_Your_Environment">9.3.1. Preparing Your Environment</a></span></dt><dt><span class="section"><a hre
f="migrintg-from-nis.html#sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Migrating_Netgroups">9.3.2. Migrating Netgroups</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="Working_with_DNS.html">10. Policy: Managing DNS</a></span></dt><dd><dl><dt><span class="section"><a href="Working_with_DNS.html#about-dns">10.1. About DNS in FreeIPA</a></span></dt><dt><span class="section"><a href="enabling-dns.html">10.2. Configuring DNS</a></span></dt><dt><span class="section"><a href="finding-dns-zones.html">10.3. Finding and Displaying DNS Zones</a></span></dt><dt><span class="section"><a href="Managing_DNS_Zones-Adding_DNS_Zones.html">10.4. Adding DNS Zones</a></span></dt><dt><span class="section"><a href="modifying-dns-zones.html">10.5. Modifying DNS Zones</a></span></dt><dt><span class="section"><a href="Adding_DNS_Zones-Using_Dynamic_DNS_Updates.html">10.6. Enabling Dynamic DNS Updates</a></span></dt><dt><span class="section"><a href="enabl
ing-zones.html">10.7. Enabling and Disabling Zones</a></span></dt><dt><span class="section"><a href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html">10.8. Adding Records to DNS Zones</a></span></dt><dt><span class="section"><a href="Managing_DNS_Zones-Deleting_Records_from_DNS_Zones.html">10.9. Deleting Records from DNS Zones</a></span></dt><dt><span class="section"><a href="dns-resolve.html">10.10. Resolving Hostnames in the FreeIPA Domain</a></span></dt></dl></dd><dt><span class="chapter"><a href="authz.html">11. Policy: Configuring Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="authz.html#configuring-host-access">11.1. Configuring Host-Based Access Control</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html">11.2. HBAC Service Groups</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Co
ntrol_Policies-HBAC_Services.html">11.3. HBAC Services</a></span></dt></dl></dd><dt><span class="chapter"><a href="sudo.html">12. Policy: Using sudo</a></span></dt><dd><dl><dt><span class="section"><a href="sudo.html#about-sudo">12.1. About sudo and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="sudo.html#sect-Enterprise_Identity_Management_Guide-Introduction-Sudo_with_LDAP">12.1.1. Sudo with LDAP</a></span></dt><dt><span class="section"><a href="sudo.html#sect-Enterprise_Identity_Management_Guide-Introduction-Limitations_of_the_Existing_Sudo_LDAP_Schema">12.1.2. Limitations of the Existing Sudo LDAP Schema</a></span></dt><dt><span class="section"><a href="sudo.html#sect-Enterprise_Identity_Management_Guide-Introduction-Benefits_of_the_IPA_Alternative_Schema">12.1.3. Benefits of the IPA Alternative Schema</a></span></dt><dt><span class="section"><a href="sudo.html#sect-Enterprise_Identity_Management_Guide-Introduction-Compatibility_and_Managed_Entry_Plug_in_Co
nfiguration">12.1.4. Compatibility and Managed Entry Plug-in Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="configuring-sudo.html">12.2. Configuring sudo</a></span></dt><dd><dl><dt><span class="section"><a href="configuring-sudo.html#sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Server_Configuration_for_Sudo_Rules">12.2.1. Server Configuration for Sudo Rules</a></span></dt><dt><span class="section"><a href="configuring-sudo.html#sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Client_Configuration_for_Sudo_Rules">12.2.2. Client Configuration for Sudo Rules</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="server-config.html">13. Configuring the FreeIPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="server-config.html#managing-access-to-ipa">13.1. Defining Access Controls within FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="server-config.html#Server_side_Acces
s_Control">13.1.1. Server-side Access Control</a></span></dt><dt><span class="section"><a href="server-config.html#creating-roles">13.1.2. Creating Roles</a></span></dt><dt><span class="section"><a href="server-config.html#self-service">13.1.3. Defining Self-Service Settings</a></span></dt></dl></dd><dt><span class="section"><a href="disabling-anon-binds.html">13.2. Disabling Anonymous Binds</a></span></dt><dt><span class="section"><a href="Managing-Unique_UID_and_GID_Attributes.html">13.3. Managing Unique UID and GID Number Assignments</a></span></dt><dd><dl><dt><span class="section"><a href="Managing-Unique_UID_and_GID_Attributes.html#id-ranges-at-install">13.3.1. About ID Range Assignments During Installation</a></span></dt><dt><span class="section"><a href="Managing-Unique_UID_and_GID_Attributes.html#Assigning_UIDs_and_GIDs-Adding_New_Ranges">13.3.2. Adding New Ranges</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_Certificates_and_Certificate_Aut
horities.html">13.4. Configuring Certificates and Certificate Authorities</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_Certificates_and_Certificate_Authorities.html#Configuring_Certificates_and_Certificate_Authorities-Installing_Your_Own_Certificate">13.4.1. Installing Your Own Certificate</a></span></dt><dt><span class="section"><a href="Configuring_Certificates_and_Certificate_Authorities.html#Configuring_Certificates_and_Certificate_Authorities-Using_Your_Own_Certificate_with_Firefox">13.4.2. Using Your Own Certificate with Firefox</a></span></dt><dt><span class="section"><a href="Configuring_Certificates_and_Certificate_Authorities.html#Using_OCSP">13.4.3. Using OCSP</a></span></dt></dl></dd><dt><span class="section"><a href="ipa-apache.html">13.5. Setting a FreeIPA Server as an Apache Virtual Host</a></span></dt><dt><span class="section"><a href="ipa-cluster.html">13.6. Using FreeIPA in a Cluster</a></span></dt><dd><dl><dt><span class="section">
<a href="ipa-cluster.html#Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment">13.6.1. Configuring Kerberos Credentials for a Clustered Environment</a></span></dt><dt><span class="section"><a href="ipa-cluster.html#Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services">13.6.2. Using the Same Service Principal for Multiple Services</a></span></dt></dl></dd><dt><span class="section"><a href="logging.html">13.7. FreeIPA Server Logging</a></span></dt><dt><span class="section"><a href="promoting-replica.html">13.8. Promoting a Read-Only Replica to a FreeIPA Server</a></span></dt><dt><span class="section"><a href="upgrading-server.html">13.9. Testing Before Upgrading the FreeIPA Server</a></span></dt></dl></dd><dt><span class="chapter"><a href="managing-clients.html">14. Managing Client Machines in the FreeIPA Domain</a></span></dt><dd><dl><dt><span class="section"><a href="managing-c
lients.html#about-machine-auth">14.1. About Machine Identity and Authentication</a></span></dt><dt><span class="section"><a href="enrolling-machines.html">14.2. Enrolling Clients Manually</a></span></dt><dd><dl><dt><span class="section"><a href="enrolling-machines.html#Enrollment_with_Separation_of_Duties">14.2.1. Performing a Split Enrollment</a></span></dt><dt><span class="section"><a href="enrolling-machines.html#bulk-enrollment">14.2.2. Performing a Bulk or Kickstart Enrollment</a></span></dt></dl></dd><dt><span class="section"><a href="renaming-machines.html">14.3. Renaming Machines and Reconfiguring FreeIPA Client Configuration</a></span></dt><dt><span class="section"><a href="manually-unconfig-machines.html">14.4. Manually Unconfiguring Client Machines</a></span></dt><dt><span class="section"><a href="Client_Problems.html">14.5. Debugging Client Connection Problems</a></span></dt><dt><span class="section"><a href="certmongerX.html">14.6. Working with certmonger</a></s
pan></dt><dd><dl><dt><span class="section"><a href="certmongerX.html#certmonger-req">14.6.1. Requesting a Certificate with certmonger</a></span></dt><dt><span class="section"><a href="certmongerX.html#Working_with_certmonger-Using_certmonger_with_NSS">14.6.2. Storing Certificates in NSS Databases</a></span></dt><dt><span class="section"><a href="certmongerX.html#certmonger-tracking-certs">14.6.3. Tracking Certificates with certmonger</a></span></dt></dl></dd></dl></dd><dt><span class="appendix"><a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html">A. Frequently Asked Questions</a></span></dt><dt><span class="appendix"><a href="Migrating_from_a_Directory_Server_to_IPA.html">B. Migrating from a Directory Server to IPA</a></span></dt><dd><dl><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview">B.1. Overview</a></span></dt><dd><dl
><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Assumptions">B.1.1. Assumptions</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues">B.1.2. Known Issues</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios">B.1.3. Possible Scenarios</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States">B.1.4. Initial and Final States</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps">B.1.5. Recommended Sequence of Steps</a></span></dt><dt><span class
="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details">B.1.6. Implementation Details</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html">B.2. Performing a Server-based Migration</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">B.2.1. Phase 1: Migrating Existing Data to IPA</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Mig
ration-Phase_2_Updating_the_Client_Configuration">B.2.2. Phase 2: Updating the Client Configuration</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">B.2.3. Phase 3: Installing and Configuring SSSD</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users">B.2.4. Phase 4: Migrating Users</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_bas
ed_Migration-Phase_5_Decommission_the_DS">B.2.5. Phase 5: Decommission the DS</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html">B.3. Performing a Client-based Migration</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_Configuring_SSSD">B.3.1. Phase 1: Installing and Configuring SSSD</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA">B.3.2. Phase 2: Migrating Existing Data to I
PA</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA">B.3.3. Phase 3: Migrate SSSD Clients from LDAP to IPA</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients">B.3.4. Phase 4: Reconfigure non-SSSD Clients</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server">B.3
.5. Phase 5: Decommission the Directory Server</a></span></dt></dl></dd></dl></dd><dt><span class="glossary"><a href="Glossary.html">Glossary</a></span></dt><dt><span class="index"><a href="ix01.html">Index</a></span></dt></dl></div></div><ul class="docnav"><li class="previous"></li><li class="next"><a accesskey="n" href="Preface.html"><strong>Next</strong>Preface</a></li></ul></body></html>
+ </div></div></div></div><hr /></div><div class="toc"><dl><dt><span class="preface"><a href="Preface.html">Preface</a></span></dt><dd><dl><dt><span class="section"><a href="Preface.html#audience">1. Audience and Purpose</a></span></dt><dt><span class="section"><a href="Document_Conventions.html">2. Examples and Formatting</a></span></dt><dd><dl><dt><span class="section"><a href="Document_Conventions.html#bracketsexamples">2.1. Brackets</a></span></dt><dt><span class="section"><a href="Document_Conventions.html#tool-locations">2.2. Client Tool Information</a></span></dt><dt><span class="section"><a href="Document_Conventions.html#guide-formatting">2.3. Text Formatting and Styles</a></span></dt></dl></dd><dt><span class="section"><a href="feedback.html">3. Giving Feedback</a></span></dt><dt><span class="section"><a href="doc-history.html">4. Document Change History</a></span></dt></dl></dd><dt><span class="chapter"><a href="installing-ipa.html">1. Installing a FreeIPA Server<
/a></span></dt><dd><dl><dt><span class="section"><a href="installing-ipa.html#Preparing_for_an_IPA_Installation">1.1. Preparing to Install the FreeIPA Server</a></span></dt><dd><dl><dt><span class="section"><a href="installing-ipa.html#Preparing_for_an_IPA_Installation-Hardware_Requirements">1.1.1. Hardware Requirements</a></span></dt><dt><span class="section"><a href="installing-ipa.html#Preparing_for_an_IPA_Installation-Software_Requirements">1.1.2. Software Requirements</a></span></dt><dt><span class="section"><a href="installing-ipa.html#prerequisites">1.1.3. System Prerequisites</a></span></dt></dl></dd><dt><span class="section"><a href="Installing_the_IPA_Server_Packages.html">1.2. Installing the FreeIPA Server Packages</a></span></dt><dt><span class="section"><a href="creating-server.html">1.3. Creating a FreeIPA Server Instance</a></span></dt><dd><dl><dt><span class="section"><a href="creating-server.html#install-command">1.3.1. About ipa-server-install</a></span></d
t><dt><span class="section"><a href="creating-server.html#install-interactive">1.3.2. Setting up a FreeIPA Server: Basic Interactive Installation</a></span></dt><dt><span class="section"><a href="creating-server.html#install-examples">1.3.3. Examples of Creating the FreeIPA Server</a></span></dt><dt><span class="section"><a href="creating-server.html#troubleshooting-install">1.3.4. Troubleshooting Installation Problems</a></span></dt></dl></dd><dt><span class="section"><a href="Setting_up_IPA_Replicas.html">1.4. Setting up FreeIPA Replicas</a></span></dt><dd><dl><dt><span class="section"><a href="Setting_up_IPA_Replicas.html#installing-replica">1.4.1. Prepping and Installing the Replica Server</a></span></dt><dt><span class="section"><a href="Setting_up_IPA_Replicas.html#creating-the-replica">1.4.2. Creating the Replica</a></span></dt><dt><span class="section"><a href="Setting_up_IPA_Replicas.html#troubleshooting-replica-install">1.4.3. Troubleshooting Replica Installation</
a></span></dt></dl></dd><dt><span class="section"><a href="Uninstalling_IPA_Servers.html">1.5. Uninstalling FreeIPA Servers and Replicas</a></span></dt></dl></dd><dt><span class="chapter"><a href="setting-up-clients.html">2. Setting up Systems as FreeIPA Clients</a></span></dt><dd><dl><dt><span class="section"><a href="setting-up-clients.html#what-happens-clients">2.1. What Happens in Client Setup</a></span></dt><dt><span class="section"><a href="Installing_the_IPA_Client_on_Linux.html">2.2. Configuring a Fedora System as a FreeIPA Client</a></span></dt><dt><span class="section"><a href="Configuring_Microsoft_Windows.html">2.3. Configuring a Microsoft Windows System as a FreeIPA Client</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html">2.4. Configuring a Solaris System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_10">2.4.1.
Configuring Solaris 10</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_9">2.4.2. Configuring Solaris 9</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html">2.5. Configuring an HP-UX System as a FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_NTP">2.5.1. Configuring NTP</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_LDAP_Authentication">2.5.2. Configuring LDAP Authentication</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_Kerberos_and_PAM-Configuring_Kerberos">2.5.3. Configuring Kerberos</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP
_UX.html#Configuring_Kerberos_and_PAM-Configuring_PAM">2.5.4. Configuring PAM</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_SSH">2.5.5. Configuring SSH</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_Access_Control">2.5.6. Configuring Access Control</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#hp-test">2.5.7. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html">2.6. Configuring an AIX System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Prerequisites">2.6.1. Prerequisites</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Clien
t_on_AIX-Configuring_Client_Authentication">2.6.2. Configuring the AIX Client</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html">2.7. Configuring a Macintosh OS X System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication">2.7.1. Configuring Kerberos Authentication</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_LDAP_Authorization">2.7.2. Configuring LDAP Authorization</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_the_LDAP_Authorization_Options">2.7.3. Configuring the LDAP Authorization Options</a></span></dt><dt><span class="section"><a href="Configuri
ng_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_NTP">2.7.4. Configuring NTP</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#testing-config-on-mac">2.7.5. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="troubleshooting-client-install.html">2.8. Troubleshooting Client Installations</a></span></dt><dt><span class="section"><a href="uninstalling-clients.html">2.9. Uninstalling a FreeIPA Client</a></span></dt></dl></dd><dt><span class="chapter"><a href="basic-usage.html">3. Basic Usage</a></span></dt><dd><dl><dt><span class="section"><a href="basic-usage.html#running-scripts">3.1. Running FreeIPA Tools</a></span></dt><dt><span class="section"><a href="logging-in.html">3.2. Logging into FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="logging-in.html#logging-in-kinit">3.2.1. Logging into FreeIPA</a></span></dt><dt><span class="se
ction"><a href="logging-in.html#switching-users">3.2.2. Logging in When an FreeIPA User Is Different Than the System User</a></span></dt><dt><span class="section"><a href="logging-in.html#checking-current-creds">3.2.3. Checking the Current Logged in User</a></span></dt></dl></dd><dt><span class="section"><a href="opening-the-web-ui.html">3.3. Opening the FreeIPA Web UI</a></span></dt><dt><span class="section"><a href="config-browser.html">3.4. Configuring the Browser</a></span></dt><dt><span class="section"><a href="Configuring_a_Browser_to_Work_with_IPA-Using_a_Browser_on_Another_System.html">3.5. Using a Browser on Another System</a></span></dt><dt><span class="section"><a href="Enabling_UsernamePassword_Authentication_in_Your_Browser.html">3.6. Enabling Username/Password Authentication in Your Browser</a></span></dt><dt><span class="section"><a href="Troubleshooting-UI.html">3.7. Troubleshooting UI Connection Problems</a></span></dt></dl></dd><dt><span class="chapter"><a
href="users.html">4. Identity: Managing Users and User Groups</a></span></dt><dd><dl><dt><span class="section"><a href="users.html#home-directories">4.1. Setting up User Home Directories</a></span></dt><dd><dl><dt><span class="section"><a href="users.html#homedir-reqs">4.1.1. About Home Directories</a></span></dt><dt><span class="section"><a href="users.html#homedir-pammod">4.1.2. Enabling the PAM Home Directory Module</a></span></dt><dt><span class="section"><a href="users.html#automounting-home-dirs">4.1.3. Manually Automounting Home Directories</a></span></dt></dl></dd><dt><span class="section"><a href="adding-users.html">4.2. Adding Users</a></span></dt><dt><span class="section"><a href="editing-users.html">4.3. Editing Users</a></span></dt><dt><span class="section"><a href="Configuring_IPA_Users-Activating_and_Deactivating_User_Accounts.html">4.4. Activating and Deactivating User Accounts</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_IPA_Users-Ac
tivating_and_Deactivating_User_Accounts.html#Activating_and_Deactivating_User_Accounts-Using_the_Command_Line">4.4.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_IPA_Users-Specifying_Default_User_Settings.html">4.5. Specifying Default User Settings</a></span></dt><dt><span class="section"><a href="search-limits.html">4.6. Setting Default Search Limits</a></span></dt><dt><span class="section"><a href="Configuring_IPA_Users-Deleting_IPA_Users.html">4.7. Deleting FreeIPA Users</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_IPA_Users-Deleting_IPA_Users.html#Deleting_IPA_Users-Using_the_Command_Line">4.7.1. Using the Command Line</a></span></dt></dl></dd><dt><span class="section"><a href="user-groups.html">4.8. Creating User Groups</a></span></dt><dd><dl><dt><span class="section"><a href="user-groups.html#Configuring_IPA_Groups-Creating_IPA_Groups">4.8.1. Creating FreeIPA Groups</a></span></dt><dt><span cla
ss="section"><a href="user-groups.html#Configuring_IPA_Groups-Editing_IPA_Groups">4.8.2. Editing FreeIPA Groups</a></span></dt><dt><span class="section"><a href="user-groups.html#Configuring_IPA_Groups-Deleting_IPA_Groups">4.8.3. Deleting FreeIPA Groups</a></span></dt></dl></dd><dt><span class="section"><a href="user-pwdpolicy.html">4.9. Setting an Individual Password Policy</a></span></dt><dd><dl><dt><span class="section"><a href="user-pwdpolicy.html#The_IPA_Password_Policy-Changing_Passwords_as_the_Directory_Manager">4.9.1. Changing Passwords as the Directory Manager</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#The_IPA_Password_Policy-Changing_Passwords_as_the_IPA_Administrator">4.9.2. Changing Passwords as the FreeIPA Administrator</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#The_IPA_Password_Policy-Changing_Passwords_as_a_Regular_User">4.9.3. Changing Passwords as a Regular User</a></span></dt><dt><span class="section"><a
href="user-pwdpolicy.html#The_IPA_Password_Policy-Editing_the_Password_Policy">4.9.4. Editing the Password Policy</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#The_IPA_Password_Policy-Setting_Different_Password_Policies_for_Different_User_Groups">4.9.5. Setting Different Password Policies for Different User Groups</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#The_IPA_Password_Policy-Password_Policy_Attributes">4.9.6. Password Policy Attributes</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#The_IPA_Password_Policy-Notifying_Users_of_Password_Expiration">4.9.7. Notifying Users of Password Expiration</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#The_IPA_Password_Policy-Using_SSH_for_Password_Authentication">4.9.8. Using SSH for Password Authentication</a></span></dt><dt><span class="section"><a href="user-pwdpolicy.html#The_IPA_Password_Policy-Using_Local_Logins">4.9.9. Using Local L
ogins</a></span></dt></dl></dd><dt><span class="section"><a href="searching.html">4.10. Searching for Users and Groups</a></span></dt><dd><dl><dt><span class="section"><a href="searching.html#Searching_for_Users_and_Groups-Searching_for_Users">4.10.1. Searching for Users</a></span></dt><dt><span class="section"><a href="searching.html#Searching_for_Users_and_Groups-Searching_for_Groups">4.10.2. Searching for Groups</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="hosts.html">5. Identity: Managing Hosts and Host Groups</a></span></dt><dd><dl><dt><span class="section"><a href="hosts.html#host-tools">5.1. A Summary of Host and Host Group Tools</a></span></dt><dt><span class="section"><a href="adding-host-entry.html">5.2. Adding Host Entries</a></span></dt><dt><span class="section"><a href="Extending_the_Permissions_of_IPA_Managed_Hosts.html">5.3. Extending the Permissions of FreeIPA Managed Hosts</a></span></dt><dd><dl><dt><span class="section"><a href="Ext
ending_the_Permissions_of_IPA_Managed_Hosts.html#Delegating_Service_Management">5.3.1. Delegating Service Management</a></span></dt><dt><span class="section"><a href="Extending_the_Permissions_of_IPA_Managed_Hosts.html#Delegating_Host_Management">5.3.2. Delegating Host Management</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="kerberos.html">6. Identity: Using FreeIPA for a Kerberos Domain</a></span></dt><dd><dl><dt><span class="section"><a href="kerberos.html#about-kerberos">6.1. About Kerberos</a></span></dt><dt><span class="section"><a href="kerb-policies.html">6.2. Setting Kerberos Ticket Policies</a></span></dt><dd><dl><dt><span class="section"><a href="kerb-policies.html#kerb-policies-global">6.2.1. Setting Global Ticket Policies</a></span></dt><dt><span class="section"><a href="kerb-policies.html#user-ticket-policies">6.2.2. Setting User-Level Ticket Policies</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_Service_Principa
ls-Creating_and_Using_Service_Principals.html">6.3. Creating and Using Service Principals</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_Service_Principals-Creating_and_Using_Service_Principals.html#Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service">6.3.1. Creating a FreeIPA Service</a></span></dt><dt><span class="section"><a href="Configuring_Service_Principals-Creating_and_Using_Service_Principals.html#Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server">6.3.2. Configuring an NFS Service Principal on the FreeIPA Server</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_Authentication-Refreshing_Kerberos_Tickets.html">6.4. Refreshing Kerberos Tickets</a></span></dt><dt><span class="section"><a href="rotating-keys.html">6.5. Rotating Keys</a></span></dt><dt><span class="section"><a href="kerberos-pwd-cache.html">6.6. Caching Kerberos Passwords</a></span></dt><dt>
<span class="section"><a href="Kerberos_Errors.html">6.7. Troubleshooting Kerberos Errors</a></span></dt></dl></dd><dt><span class="chapter"><a href="automount.html">7. Identity: Using Automount</a></span></dt><dd><dl><dt><span class="section"><a href="automount.html#about-automount">7.1. About Automount and FreeIPA</a></span></dt><dt><span class="section"><a href="configuring-automount.html">7.2. Configuring Automount</a></span></dt><dd><dl><dt><span class="section"><a href="configuring-automount.html#Configuring_Automount-Configuring_autofs_on_Linux">7.2.1. Configuring autofs on Fedora</a></span></dt><dt><span class="section"><a href="configuring-automount.html#Configuring_Automount-Solaris_automount">7.2.2. Configuring Automount on Solaris</a></span></dt></dl></dd><dt><span class="section"><a href="adding-locations.html">7.3. Configuring Locations</a></span></dt><dt><span class="section"><a href="Configuring_Automount-Configuring_Indirect_Maps.html">7.4. Configuring Indir
ect Maps</a></span></dt><dt><span class="section"><a href="Configuring_Indirect_Maps-Configuring_Direct_Maps.html">7.5. Configuring Direct Maps</a></span></dt></dl></dd><dt><span class="chapter"><a href="active-directory.html">8. Identity: Integrating with Microsoft Active Directory</a></span></dt><dd><dl><dt><span class="section"><a href="active-directory.html#about-active-directory">8.1. About Active Directory, IPA, and Identity Management</a></span></dt><dd><dl><dt><span class="section"><a href="active-directory.html#sect-Enterprise_Identity_Management_Guide-Prerequisites-Domain_Name_Considerations">8.1.1. Domain Name Considerations</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html">8.2. Setting up Active Directory</a></span></dt><dt><span class="section"><a href="configuring-active-directory.html">8.3. Configuring Active Directory Synchronization</a></span></dt><dt><span cl
ass="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html">8.4. Creating Synchronization Agreements</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html">8.5. Modifying Synchronization Agreements</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html#sect-Enterprise_Identity_Management_Guide-Modifying_Synchronization_Agreements-Changing_the_Default_Synchronization_Subtree">8.5.1. Changing the Default Synchronization Subtree</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Del
eting_Synchronization_Agreements.html">8.6. Deleting Synchronization Agreements</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html">8.7. Winsync Agreement Failures</a></span></dt></dl></dd><dt><span class="chapter"><a href="nis.html">9. Identity: Integrating with NIS Domains and Netgroups</a></span></dt><dd><dl><dt><span class="section"><a href="nis.html#about-nis">9.1. About NIS and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="nis.html#sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-What_are_Netgroups">9.1.1. What are Netgroups?</a></span></dt><dt><span class="section"><a href="nis.html#sect-Enterprise_Identity_Management_Guide-How_IPA_Uses_Netgroups-The_IPA_Approach_to_Netgroups">9.1.2. The IPA Approach to Netgroups</a></span></dt><dt><span class="section"><a href="nis.html#adding-netgroups">9.1.3. Adding Netgroups</a></span></dt><dt><span
class="section"><a href="nis.html#sect-Enterprise_Identity_Management_Guide-Configuring_Netgroups-IPA_Netgroup_Commands">9.1.4. IPA Netgroup Commands</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html">9.2. Configuring the Network Information Service (NIS)</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html#sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS-Exposing_Automount_Maps_to_NIS_Clients">9.2.1. Exposing Automount Maps to NIS Clients</a></span></dt></dl></dd><dt><span class="section"><a href="migrintg-from-nis.html">9.3. Migrating from NIS to IPA</a></span></dt><dd><dl><dt><span class="section"><a href="migrintg-from-nis.html#sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Preparing_Your_Environment">9.3.1.
Preparing Your Environment</a></span></dt><dt><span class="section"><a href="migrintg-from-nis.html#sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Migrating_Netgroups">9.3.2. Migrating Netgroups</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="Working_with_DNS.html">10. Identity: Managing DNS</a></span></dt><dd><dl><dt><span class="section"><a href="Working_with_DNS.html#about-dns">10.1. About DNS in FreeIPA</a></span></dt><dt><span class="section"><a href="enabling-dns.html">10.2. Configuring DNS</a></span></dt><dt><span class="section"><a href="changing-forwarder.html">10.3. Changing Recursive Queries Against Forwarders</a></span></dt><dt><span class="section"><a href="finding-dns-zones.html">10.4. Finding and Displaying DNS Zones</a></span></dt><dt><span class="section"><a href="Managing_DNS_Zones-Adding_DNS_Zones.html">10.5. Adding DNS Zones</a></span></dt><dt><span class="section"><a href="modifying-dns-zones.html">10.6. Modif
ying DNS Zones</a></span></dt><dt><span class="section"><a href="Adding_DNS_Zones-Using_Dynamic_DNS_Updates.html">10.7. Enabling Dynamic DNS Updates</a></span></dt><dt><span class="section"><a href="enabling-zones.html">10.8. Enabling and Disabling Zones</a></span></dt><dt><span class="section"><a href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html">10.9. Adding Records to DNS Zones</a></span></dt><dt><span class="section"><a href="Managing_DNS_Zones-Deleting_Records_from_DNS_Zones.html">10.10. Deleting Records from DNS Zones</a></span></dt><dt><span class="section"><a href="dns-resolve.html">10.11. Resolving Hostnames in the FreeIPA Domain</a></span></dt></dl></dd><dt><span class="chapter"><a href="authz.html">11. Policy: Configuring Authorization</a></span></dt><dd><dl><dt><span class="section"><a href="authz.html#configuring-host-access">11.1. Configuring Host-Based Access Control</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_
Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html">11.2. HBAC Service Groups</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html">11.3. HBAC Services</a></span></dt></dl></dd><dt><span class="chapter"><a href="sudo.html">12. Policy: Using sudo</a></span></dt><dd><dl><dt><span class="section"><a href="sudo.html#about-sudo">12.1. About sudo and IPA</a></span></dt><dd><dl><dt><span class="section"><a href="sudo.html#sect-Enterprise_Identity_Management_Guide-Introduction-Sudo_with_LDAP">12.1.1. Sudo with LDAP</a></span></dt><dt><span class="section"><a href="sudo.html#sect-Enterprise_Identity_Management_Guide-Introduction-Limitations_of_the_Existing_Sudo_LDAP_Schema">12.1.2. Limitations of the Existing Sudo LDAP Schema</a></span></dt><dt><span class="section"><a href="sudo.html#sect-Enterprise_Identity_Management_Guide-Introduction-Benefits_of_the_IPA_Alternative_Schema"
>12.1.3. Benefits of the IPA Alternative Schema</a></span></dt><dt><span class="section"><a href="sudo.html#sect-Enterprise_Identity_Management_Guide-Introduction-Compatibility_and_Managed_Entry_Plug_in_Configuration">12.1.4. Compatibility and Managed Entry Plug-in Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="configuring-sudo.html">12.2. Configuring sudo</a></span></dt><dd><dl><dt><span class="section"><a href="configuring-sudo.html#sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Server_Configuration_for_Sudo_Rules">12.2.1. Server Configuration for Sudo Rules</a></span></dt><dt><span class="section"><a href="configuring-sudo.html#sect-Enterprise_Identity_Management_Guide-Setting_up_Sudo_Rules-Client_Configuration_for_Sudo_Rules">12.2.2. Client Configuration for Sudo Rules</a></span></dt></dl></dd></dl></dd><dt><span class="chapter"><a href="server-config.html">13. Configuring the FreeIPA Server</a></span></dt><dd><dl><dt><span cla
ss="section"><a href="server-config.html#managing-access-to-ipa">13.1. Defining Access Controls within FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="server-config.html#Server_side_Access_Control">13.1.1. Server-side Access Control</a></span></dt><dt><span class="section"><a href="server-config.html#creating-roles">13.1.2. Creating Roles</a></span></dt><dt><span class="section"><a href="server-config.html#self-service">13.1.3. Defining Self-Service Settings</a></span></dt></dl></dd><dt><span class="section"><a href="disabling-anon-binds.html">13.2. Disabling Anonymous Binds</a></span></dt><dt><span class="section"><a href="Managing-Unique_UID_and_GID_Attributes.html">13.3. Managing Unique UID and GID Number Assignments</a></span></dt><dd><dl><dt><span class="section"><a href="Managing-Unique_UID_and_GID_Attributes.html#id-ranges-at-install">13.3.1. About ID Range Assignments During Installation</a></span></dt><dt><span class="section"><a href="Managing-Uni
que_UID_and_GID_Attributes.html#Assigning_UIDs_and_GIDs-Adding_New_Ranges">13.3.2. Adding New Ranges</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_Certificates_and_Certificate_Authorities.html">13.4. Configuring Alternate Certificate Authorities</a></span></dt><dt><span class="section"><a href="Using_OCSP.html">13.5. Configuring OCSP Responders</a></span></dt><dd><dl><dt><span class="section"><a href="Using_OCSP.html#ocsp-interval">13.5.1. Changing the CRL Update Interval</a></span></dt><dt><span class="section"><a href="Using_OCSP.html#ocsp-location">13.5.2. Changing the OCSP Responder Location</a></span></dt></dl></dd><dt><span class="section"><a href="ipa-apache.html">13.6. Setting a FreeIPA Server as an Apache Virtual Host</a></span></dt><dt><span class="section"><a href="ipa-cluster.html">13.7. Using FreeIPA in a Cluster</a></span></dt><dd><dl><dt><span class="section"><a href="ipa-cluster.html#Implementing_IPA_in_a_Clustered_Environment-Config
uring_Kerberos_Credentials_for_a_Clustered_Environment">13.7.1. Configuring Kerberos Credentials for a Clustered Environment</a></span></dt><dt><span class="section"><a href="ipa-cluster.html#Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services">13.7.2. Using the Same Service Principal for Multiple Services</a></span></dt></dl></dd><dt><span class="section"><a href="logging.html">13.8. FreeIPA Server Logging</a></span></dt><dt><span class="section"><a href="promoting-replica.html">13.9. Promoting a Read-Only Replica to a FreeIPA Server</a></span></dt><dt><span class="section"><a href="upgrading-server.html">13.10. Testing Before Upgrading the FreeIPA Server</a></span></dt></dl></dd><dt><span class="chapter"><a href="managing-clients.html">14. Managing Client Machines in the FreeIPA Domain</a></span></dt><dd><dl><dt><span class="section"><a href="managing-clients.html#about-machine-auth">14.1. About Machine Identity and Authentica
tion</a></span></dt><dt><span class="section"><a href="enrolling-machines.html">14.2. Enrolling Clients Manually</a></span></dt><dd><dl><dt><span class="section"><a href="enrolling-machines.html#Enrollment_with_Separation_of_Duties">14.2.1. Performing a Split Enrollment</a></span></dt><dt><span class="section"><a href="enrolling-machines.html#bulk-enrollment">14.2.2. Performing a Bulk or Kickstart Enrollment</a></span></dt></dl></dd><dt><span class="section"><a href="renaming-machines.html">14.3. Renaming Machines and Reconfiguring FreeIPA Client Configuration</a></span></dt><dt><span class="section"><a href="manually-unconfig-machines.html">14.4. Manually Unconfiguring Client Machines</a></span></dt><dt><span class="section"><a href="Client_Problems.html">14.5. Debugging Client Connection Problems</a></span></dt><dt><span class="section"><a href="certmongerX.html">14.6. Working with certmonger</a></span></dt><dd><dl><dt><span class="section"><a href="certmongerX.html#certmo
nger-req">14.6.1. Requesting a Certificate with certmonger</a></span></dt><dt><span class="section"><a href="certmongerX.html#Working_with_certmonger-Using_certmonger_with_NSS">14.6.2. Storing Certificates in NSS Databases</a></span></dt><dt><span class="section"><a href="certmongerX.html#certmonger-tracking-certs">14.6.3. Tracking Certificates with certmonger</a></span></dt></dl></dd></dl></dd><dt><span class="appendix"><a href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html">A. Frequently Asked Questions</a></span></dt><dt><span class="appendix"><a href="tools-reference.html">B. FreeIPA Tools Reference</a></span></dt><dd><dl><dt><span class="section"><a href="tools-reference.html#special-chars">B.1. Using Special Characters</a></span></dt><dt><span class="section"><a href="server-tools.html">B.2. Server Scripts</a></span></dt><dd><dl><dt><span class="section"><a href="server-tools.html#ipa-replica-install">B.2.1. ipa-replica-install</a></span></d
t><dt><span class="section"><a href="server-tools.html#ipa-replica-prepare">B.2.2. ipa-replica-prepare</a></span></dt><dt><span class="section"><a href="server-tools.html#ipa-server-install">B.2.3. ipa-server-install</a></span></dt></dl></dd><dt><span class="section"><a href="client-tools.html">B.3. Client Scripts</a></span></dt><dd><dl><dt><span class="section"><a href="client-tools.html#ipa-client-install">B.3.1. ipa-client-install</a></span></dt></dl></dd></dl></dd><dt><span class="appendix"><a href="Migrating_from_a_Directory_Server_to_IPA.html">C. Migrating from a Directory Server to IPA</a></span></dt><dd><dl><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Overview">C.1. Overview</a></span></dt><dd><dl><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Assumptions">C.1.1. Ass
umptions</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Known_Issues">C.1.2. Known Issues</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Possible_Scenarios">C.1.3. Possible Scenarios</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Initial_and_Final_States">C.1.4. Initial and Final States</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Recommended_Sequence_of_Steps">C.1.5. Recommended Sequence of Steps</a></span></dt><dt><span class="section"><a href="Migrating_from_a_Directory_Server_to_IPA.html#sect-Enterprise_Identity_Management_Guide-Overview-Implementation_Details">C.1.6. Implemen
tation Details</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html">C.2. Performing a Server-based Migration</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">C.2.1. Phase 1: Migrating Existing Data to IPA</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration">C.2.2. Phase 2: Updating the Client Configuration</a></span></dt><dt><span class="section"><a href="sect-E
nterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">C.2.3. Phase 3: Installing and Configuring SSSD</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users">C.2.4. Phase 4: Migrating Users</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS">C.2.5. Phase 5: Decommission the DS</a></span></dt></dl></dd><dt><span class="section"><a href="sect-Enterprise_Id
entity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html">C.3. Performing a Client-based Migration</a></span></dt><dd><dl><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_Configuring_SSSD">C.3.1. Phase 1: Installing and Configuring SSSD</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA">C.3.2. Phase 2: Migrating Existing Data to IPA</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_
based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA">C.3.3. Phase 3: Migrate SSSD Clients from LDAP to IPA</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients">C.3.4. Phase 4: Reconfigure non-SSSD Clients</a></span></dt><dt><span class="section"><a href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server">C.3.5. Phase 5: Decommission the Directory Server</a></span></dt></dl></dd></dl></dd><dt><span class="glossary"><a href="Glossary.html">Glossary</a></span></dt
><dt><span class="index"><a href="ix01.html">Index</a></span></dt></dl></div></div><ul class="docnav"><li class="previous"></li><li class="next"><a accesskey="n" href="Preface.html"><strong>Next</strong>Preface</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/installing-ipa.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/installing-ipa.html
index 00ffd65..6a88e67 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/installing-ipa.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/installing-ipa.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 1. Installing a FreeIPA Server</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 1. Installing a FreeIPA Server</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
@@ -89,7 +89,7 @@
</td><td>
53
</td></tr><tr><td>
- NTP<sup>[<a id="id3139397" href="#ftn.id3139397" class="footnote">b</a>]</sup>
+ NTP<sup>[<a id="id3364478" href="#ftn.id3364478" class="footnote">b</a>]</sup>
</td><td>
123
</td></tr><tr><td>
@@ -99,7 +99,7 @@
</td></tr></tbody><tbody class="footnotes"><tr><td colspan="2"><div class="footnote" id="ft.udp-tcp"><p><sup>[<a id="ftn.ft.udp-tcp" href="#ft.udp-tcp" class="para">a</a>] </sup>
This service uses both TCP and UDP ports.
- </p></div><div class="footnote"><p><sup>[<a id="ftn.id3139397" href="#id3139397" class="para">b</a>] </sup>
+ </p></div><div class="footnote"><p><sup>[<a id="ftn.id3364478" href="#id3364478" class="para">b</a>] </sup>
This service uses UDP ports only.
</p></div></td></tr></tbody></table></div></div><br class="table-break" /></div><div class="section" id="Preparing_for_an_IPA_Installation-DNS"><div class="titlepage"><div><div><h4 class="title" id="Preparing_for_an_IPA_Installation-DNS">1.1.3.4. DNS</h4></div></div></div><div class="para">
FreeIPA uses DNS for the FreeIPA clients to find (<span class="emphasis"><em>discover</em></span>) the FreeIPA servers. The DNS service can be managed by FreeIPA itself, or FreeIPA can use an existing DNS server. Without a properly configured and working DNS, server discovery for clients and FreeIPA services like, LDAP, Kerberos, and SSL may fail to work.
@@ -115,37 +115,43 @@
The DNS must be correctly configured to resolve forward and reverse addresses. The DNS does not need to be on the same machine as the FreeIPA server, but it does need to be fully functional.
</div><div class="para">
If you do not have a functional DNS, you can use the <code class="option">--setup-dns</code> option when you install FreeIPA to automatically configure a suitable DNS.
- </div></li></ul></div></div><div class="section" id="dns-file"><div class="titlepage"><div><div><h5 class="title" id="dns-file">1.1.3.4.2. FreeIPA-Generated DNS File</h5></div></div></div><div class="para">
+ </div></li><li class="listitem"><div class="para">
+ The installation process checks that the FreeIPA server name is a DNS A record and that its reverse and forward addresses match. This check is not performed if a FreeIPA DNS server is installed using the <code class="option">--setup-dns</code> option because the script assumes that the FreeIPA server will use itself as a DNS.
+ </div></li></ul></div></div><div class="section" id="dns-file"><div class="titlepage"><div><div><h5 class="title" id="dns-file">1.1.3.4.2. The FreeIPA-Generated DNS File</h5></div></div></div><div class="para">
To help create and configure a suitable DNS setup, the FreeIPA installation script creates a sample zone file. During the installation, FreeIPA displays a message similar to the following:
</div><pre class="screen">Sample zone file for bind has been created in /tmp/sample.zone.F_uMf4.db
</pre><div class="para">
- You should use this file in your DNS zone file.
+ Use this file in the DNS zone file.
</div></div><div class="section" id="DNS-IPA_DNS_and_NSCD"><div class="titlepage"><div><div><h5 class="title" id="DNS-IPA_DNS_and_NSCD">1.1.3.4.3. IPA, DNS, and NSCD</h5></div></div></div><div class="para">
- <span class="emphasis"><em>It is strongly recommended</em></span> that you avoid or restrict the use of <code class="systemitem">nscd</code> (Name Service Caching Daemon) in a FreeIPA deployment. The <code class="systemitem">nscd</code> service is extremely useful for reducing the load on the server, and for making clients more responsive, but drawbacks also exist. This is especially true in deployments that take advantage of SSSD, which performs its own caching.
+ <span class="emphasis"><em>It is strongly recommended</em></span> that you avoid or restrict the use of <code class="systemitem">nscd</code> (Name Service Caching Daemon) in a FreeIPA deployment. The <code class="systemitem">nscd</code> service is extremely useful for reducing the load on the server, and for making clients more responsive, but there can be problems when a system is also using SSSD, which performs its own caching.
</div><div class="para">
- <code class="systemitem">nscd</code> performs caching operations for all services that perform queries via the nsswitch interface, including <code class="command">getent</code>. Because <code class="systemitem">nscd</code> performs both positive and negative caching, if a request determines that a specific FreeIPA user does not exist, it marks this as a negative cache. Values stored in the cache remain until the cache expires, regardless of any changes that may occur on the server. The results of such caching is that new users and memberships may not be visible, and users and memberships that have been removed may still be visible.
+ <code class="systemitem">nscd</code> caches authentication and identity information for all services that perform queries through nsswitch, including <code class="command">getent</code>. Because <code class="systemitem">nscd</code> performs both positive and negative caching, if a request determines that a specific FreeIPA user does not exist, it marks this as a negative cache. Values stored in the cache remain until the cache expires, regardless of any changes that may occur on the server. The results of such caching is that new users and memberships may not be visible, and users and memberships that have been removed may still be visible.
</div><div class="para">
- To alleviate these effects, you can avoid the use of <code class="systemitem">nscd</code> altogether, or use a shorter cache time. In particular, consider changing the following values in the <code class="filename">/etc/nscd.conf</code> file to suit the usage patterns of your deployment:
+ Avoid clashes with SSSD caches and to prevent locking out users, avoid using <code class="systemitem">nscd</code> altogether. Alternatively, use a shorter cache time by resetting the time-to-live caching values in the <code class="filename">/etc/nscd.conf</code> file:
</div><pre class="programlisting">positive-time-to-live group 3600
negative-time-to-live group 60
positive-time-to-live hosts 3600
negative-time-to-live hosts 20
</pre></div><div class="section" id="DNS-DNS_and_Kerberos"><div class="titlepage"><div><div><h5 class="title" id="DNS-DNS_and_Kerberos">1.1.3.4.4. DNS and Kerberos</h5></div></div></div><div class="para">
- The Kerberos server requires a valid DNS A record, and reverse DNS needs to work correctly. It is safe to use CNAMEs if they point to the A name that corresponds to the principal name used to create SPNs (Service Principal Names) for the host. You should avoid the use of DDNS names, however, as this can cause major problems later on.
+ The Kerberos server requires a valid DNS A record, and reverse DNS needs to work correctly. It is safe to use CNAMEs if they point to the A name that corresponds to the principal name used to create SPNs (service principal names) for the host. Avoid the use of DDNS names, however.
</div><div class="para">
If necessary, add the hostname to the <code class="filename">/etc/hosts</code> file, as long as the fully qualified hostname must be listed first. For example:
<pre class="programlisting">10.0.0.1 ipa.example.com ipa</pre>
- The realm name does not have to match any or all of the domain name. You can use the domain name <code class="systemitem">example.com</code> and the realm <code class="systemitem">TESTIPA</code>. It is only a convention that they match. FreeIPA adds the appropriate domain to realm mapping in the <code class="filename">/etc/krb5.conf</code> file.
- </div><div class="para">
- A typical resolver looks in the <code class="filename">/etc/hosts</code> file first and DNS second. If <code class="systemitem">nscd</code> is running this may also cause issues because it caches lookups. The FreeIPA installer does not kill <code class="systemitem">nscd</code> until after the installation process has started, so beware of cached entries if you modify <code class="filename">/etc/hosts</code> (killing <code class="systemitem">nscd</code> is recommended if you do).
+ The realm name does not have to match any or all of the domain name. For example, the domain name can be <code class="systemitem">example.com</code> and the realm name can be <code class="systemitem">TESTIPA</code>. It is only a convention that they match. FreeIPA adds the appropriate domain to realm mapping in the <code class="filename">/etc/krb5.conf</code> file.
</div><div class="para">
- The FreeIPA installation process includes checks to ensure that the FreeIPA server name is a DNS A record and that its reverse and forward addresses match. This check is not performed if you are installing a FreeIPA DNS server (that is, if you are using the <code class="option">--setup-dns</code> option), as it is assumed that the FreeIPA server will use itself as a DNS from that point forward.
+ A typical resolver looks in the <code class="filename">/etc/hosts</code> file first and DNS second. If <code class="systemitem">nscd</code> is running this may also cause issues because it caches lookups. The FreeIPA installer does not kill <code class="systemitem">nscd</code> until after the installation process has started, so there can be cached entries that interfere with any changes to the <code class="filename">/etc/hosts</code>. If you need to edit the <code class="filename">/etc/hosts</code> file, kill the <code class="systemitem">nscd</code> daemon first.
+ </div></div><div class="section" id="dns-and-forwarders"><div class="titlepage"><div><div><h5 class="title" id="dns-and-forwarders">1.1.3.4.5. FreeIPA DNS and DNS Forwarders</h5></div></div></div><div class="para">
+ There is an option to configure DNS <span class="emphasis"><em>forwarders</em></span> as part of the FreeIPA DNS configuration. This is beneficial if there is limited direct access to root name servers, such as an organization's main DNS server or even an externam DNS server.
</div><div class="para">
- The FreeIPA DNS set-up procedure allows for the configuration of <em class="firstterm">forwarders</em>. In some instances, for example within some companies, you may not have direct access to root name servers, so the implementation of forwarders is necessary. These could be the company main DNS servers.
- <div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
- DNS forwarders must be specified as IP addresses, not as hostnames.
- </div></div></div>
-
+ Either interactively or through the install argument, forwarders can be listed as a comma-separated list of IP addresses.
+ </div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+ DNS forwarders must be specified as IP addresses, not as hostnames.
+ </div></div></div><div class="para">
+ By default, any host is permitted to issue recursive queries against configured forwarders. The client installation script automatically adds a line to the <code class="filename">/etc/named.conf</code> file to allow these recursive queries.
+ </div><pre class="screen"> forward first;
+ forwarders { 10.16.36.29; };
+ <strong class="userinput"><code>allow-recursion { any; };</code></strong></pre><div class="para">
+ This default behavior can be changed by changing the <code class="command">allow-recursion</code> statement. The name server documentation has more details on editing configuration statements.
</div></div></div><div class="section" id="Preparing_for_an_IPA_Installation-Configuring_Networking"><div class="titlepage"><div><div><h4 class="title" id="Preparing_for_an_IPA_Installation-Configuring_Networking">1.1.3.5. Networking</h4></div></div></div><div class="section" id="Configuring_Networking-Configuring_Networking_Services"><div class="titlepage"><div><div><h5 class="title" id="Configuring_Networking-Configuring_Networking_Services">1.1.3.5.1. Configuring Networking Services</h5></div></div></div><div class="para">
The default networking service used by Fedora is NetworkManager, and due to the way this service works, it can cause problems with FreeIPA and the KDC. Consequently, it is highly recommended that you use the <code class="systemitem">network</code> service to manage the networking requirements in a FreeIPA environment and disable the NetworkManager service.
</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ipa-apache.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ipa-apache.html
index 54a0ebe..b9c04b2 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ipa-apache.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ipa-apache.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.5. Setting a FreeIPA Server as an Apache Virtual Host</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.6. Setting a FreeIPA Server as an Apache Virtual Host</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 13. Configuring the FreeIPA Server" /><link rel="prev" href="Configuring_Certificates_and_Certificate_Authorities.html" title="13.4. Configuring Certificates and Certificate Authorities" /><link rel="next" href="ipa-cluster.html" title="13.6. Using FreeIPA in a Cluster" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" hre
f="Configuring_Certificates_and_Certificate_Authorities.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="ipa-cluster.html"><strong>Next</strong></a></li></ul><div class="section" id="ipa-apache"><div class="titlepage"><div><div><h2 class="title" id="ipa-apache">13.5. Setting a FreeIPA Server as an Apache Virtual Host</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 13. Configuring the FreeIPA Server" /><link rel="prev" href="Using_OCSP.html" title="13.5. Configuring OCSP Responders" /><link rel="next" href="ipa-cluster.html" title="13.7. Using FreeIPA in a Cluster" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Using_OCSP.html"><strong>Prev</strong></a></li><li class="next">
<a accesskey="n" href="ipa-cluster.html"><strong>Next</strong></a></li></ul><div class="section" id="ipa-apache"><div class="titlepage"><div><div><h2 class="title" id="ipa-apache">13.6. Setting a FreeIPA Server as an Apache Virtual Host</h2></div></div></div><div class="para">
If you have a standard Apache instance running on port 80, you can configure FreeIPA to run on a secondary port, for example, on port 8089. You should be aware, however, that in this configuration, FreeIPA does not use <code class="systemitem">SSL</code>; all requests will use standard <code class="systemitem">HTTP</code>.
</div><div class="para">
The following procedure assumes that FreeIPA is configured to run on port 80, and that you want to move it to port 8089.
@@ -47,4 +47,4 @@ RewriteRule ^/(.*) https://host.foo.com/$1 [L,R=301,NC]
</div></li></ol></div><div class="para">
This configures FreeIPA to run on port 8089, leaving port 80 free for your normal web site.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Configuring_Certificates_and_Certificate_Authorities.html"><strong>Prev</strong>13.4. Configuring Certificates and Certificate Au...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ipa-cluster.html"><strong>Next</strong>13.6. Using FreeIPA in a Cluster</a></li></ul></body></html>
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Using_OCSP.html"><strong>Prev</strong>13.5. Configuring OCSP Responders</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="ipa-cluster.html"><strong>Next</strong>13.7. Using FreeIPA in a Cluster</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ipa-cluster.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ipa-cluster.html
index 6849028..09e7161 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ipa-cluster.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ipa-cluster.html
@@ -1,15 +1,15 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.6. Using FreeIPA in a Cluster</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.7. Using FreeIPA in a Cluster</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 13. Configuring the FreeIPA Server" /><link rel="prev" href="ipa-apache.html" title="13.5. Setting a FreeIPA Server as an Apache Virtual Host" /><link rel="next" href="logging.html" title="13.7. FreeIPA Server Logging" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ipa-apache.html"><strong>Prev</strong></a></li><l
i class="next"><a accesskey="n" href="logging.html"><strong>Next</strong></a></li></ul><div class="section" id="ipa-cluster"><div class="titlepage"><div><div><h2 class="title" id="ipa-cluster">13.6. Using FreeIPA in a Cluster</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 13. Configuring the FreeIPA Server" /><link rel="prev" href="ipa-apache.html" title="13.6. Setting a FreeIPA Server as an Apache Virtual Host" /><link rel="next" href="logging.html" title="13.8. FreeIPA Server Logging" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ipa-apache.html"><strong>Prev</strong></a></li><l
i class="next"><a accesskey="n" href="logging.html"><strong>Next</strong></a></li></ul><div class="section" id="ipa-cluster"><div class="titlepage"><div><div><h2 class="title" id="ipa-cluster">13.7. Using FreeIPA in a Cluster</h2></div></div></div><div class="para">
The FreeIPA server currently does not specifically handle the case of a service running in a cluster. That is, the FreeIPA server is not <em class="firstterm">cluster aware</em>. It is possible to configure a clustered service to be part of FreeIPA, although a certain amount of manual configuration is required. This involves sharing and synchronizing Kerberos keys across all of the participating hosts, and also configuring services running on the hosts to respond to whatever names the clients want to use.
- </div><div class="section" id="Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment"><div class="titlepage"><div><div><h3 class="title" id="Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment">13.6.1. Configuring Kerberos Credentials for a Clustered Environment</h3></div></div></div><div class="para">
+ </div><div class="section" id="Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment"><div class="titlepage"><div><div><h3 class="title" id="Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment">13.7.1. Configuring Kerberos Credentials for a Clustered Environment</h3></div></div></div><div class="para">
Use the following procedure to set up the Kerberos credentials for an environment where your managed host is a cluster of nodes.
</div><div class="orderedlist"><h6>Configuring Kerberos Credentials for a Clustered Environment</h6><ol><li class="listitem"><div class="para">
Enroll all of the hosts in the FreeIPA domain, and collect any keytabs that have been set up. At a minimum, this is <code class="filename">/etc/krb5.keytab</code>, although additional services may have their keys in other files.
@@ -23,7 +23,7 @@
Replace the keytab files on each host with the newly-created keytab file.
</div></li></ol></div><div class="para">
Each host in this cluster should now be able to impersonate any other host.
- </div><div class="section" id="Configuring_Kerberos_Credentials_for_a_Clustered_Environment-Service_specific_Configuration"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_Credentials_for_a_Clustered_Environment-Service_specific_Configuration">13.6.1.1. Service-specific Configuration</h4></div></div></div><div class="para">
+ </div><div class="section" id="Configuring_Kerberos_Credentials_for_a_Clustered_Environment-Service_specific_Configuration"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_Credentials_for_a_Clustered_Environment-Service_specific_Configuration">13.7.1.1. Service-specific Configuration</h4></div></div></div><div class="para">
Additional service-specific configuration may be required if cluster members do not reset their hostnames when they take over for a failed service.
<div class="itemizedlist"><ul><li class="listitem"><div class="para">
For <code class="systemitem">sshd</code>, set <em class="parameter"><code>GSSAPIStrictAcceptorCheck no</code></em> in <code class="filename">/etc/ssh/sshd_config</code>
@@ -31,9 +31,9 @@
For <code class="systemitem">mod_auth_kerb</code>, set <em class="parameter"><code>KrbServiceName Any</code></em> in <code class="filename">/etc/httpd/conf.d/auth_kerb.conf</code>
</div></li></ul></div>
- </div></div><div class="section" id="Configuring_Kerberos_Credentials_for_a_Clustered_Environment-SSL_Server_Configuration"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_Credentials_for_a_Clustered_Environment-SSL_Server_Configuration">13.6.1.2. SSL Server Configuration</h4></div></div></div><div class="para">
+ </div></div><div class="section" id="Configuring_Kerberos_Credentials_for_a_Clustered_Environment-SSL_Server_Configuration"><div class="titlepage"><div><div><h4 class="title" id="Configuring_Kerberos_Credentials_for_a_Clustered_Environment-SSL_Server_Configuration">13.7.1.2. SSL Server Configuration</h4></div></div></div><div class="para">
For SSL servers, it is important that the subject name or a <em class="parameter"><code>subjectAlternativeName</code></em> value for the server's certificate look correct when a client connects to the clustered item. The simplest way to do this is to keep the private key and certificate synchronized across all of the hosts, but it is better to share the private key if possible. Ensuring that certificates issued to each cluster member contain <em class="parameter"><code>subjectAlternativeName</code></em> values naming all of the cluster members should satisfy any client connection requirements.
- </div></div></div><div class="section" id="Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services"><div class="titlepage"><div><div><h3 class="title" id="Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services">13.6.2. Using the Same Service Principal for Multiple Services</h3></div></div></div><div class="para">
+ </div></div></div><div class="section" id="Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services"><div class="titlepage"><div><div><h3 class="title" id="Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services">13.7.2. Using the Same Service Principal for Multiple Services</h3></div></div></div><div class="para">
One aspect of applying FreeIPA in a cluster use case is using the same service principal for multiple services, spread across different machines. This is a simple procedure and could be implemented as follows:
<div class="orderedlist"><ol><li class="listitem"><div class="para">
Retrieve a service principal in the normal way, using the <code class="command">ipa-getkeytab</code> command, or use the keytab that is set up when the host joins the realm. That is, by using <code class="command">ipa-join</code>, which creates or updates the <code class="filename">/etc/krb5.keytab</code> file with a host/principal.
@@ -41,4 +41,4 @@
When you have the principal in a keytab on the system, you can direct multiple servers or services to use the same file, or you can copy the file to discrete locations as required.
</div></li></ol></div>
- </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ipa-apache.html"><strong>Prev</strong>13.5. Setting a FreeIPA Server as an Apache Virtu...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="logging.html"><strong>Next</strong>13.7. FreeIPA Server Logging</a></li></ul></body></html>
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ipa-apache.html"><strong>Prev</strong>13.6. Setting a FreeIPA Server as an Apache Virtu...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="logging.html"><strong>Next</strong>13.8. FreeIPA Server Logging</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ix01.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ix01.html
index 64e8c82..1cfe2ee 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ix01.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/ix01.html
@@ -1,10 +1,10 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Index</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Index</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="Glossary.html" title="Glossary" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Glossary.html"><strong>Prev</strong></a></li><li class="next"></li></ul><div class="index" id="id3396181"><div class="titlepage"><div><div><h2 class="title">Index</h2></div></div></div><div clas
s="index"></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Glossary.html"><strong>Prev</strong>Glossary</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li></ul></body></html>
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="Glossary.html" title="Glossary" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Glossary.html"><strong>Prev</strong></a></li><li class="next"></li></ul><div class="index" id="id3385192"><div class="titlepage"><div><div><h2 class="title">Index</h2></div></div></div><div clas
s="index"><div class="indexdiv"><h3>C</h3><dl><dt>client</dt><dd><dl><dt>troubleshooting</dt><dd><dl><dt>installation, <a class="indexterm" href="troubleshooting-client-install.html">Troubleshooting Client Installations</a></dt></dl></dd><dt>uninstalling, <a class="indexterm" href="uninstalling-clients.html">Uninstalling a FreeIPA Client</a></dt></dl></dd></dl></div><div class="indexdiv"><h3>D</h3><dl><dt>DNS</dt><dd><dl><dt>adding zone records, <a class="indexterm" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html">Adding Records to DNS Zones</a></dt><dt>adding zones, <a class="indexterm" href="Managing_DNS_Zones-Adding_DNS_Zones.html">Adding DNS Zones</a></dt><dt>disabling zones, <a class="indexterm" href="enabling-zones.html">Enabling and Disabling Zones</a></dt><dt>dynamic updates, <a class="indexterm" href="Adding_DNS_Zones-Using_Dynamic_DNS_Updates.html">Enabling Dynamic DNS Updates</a></dt></dl></dd><dt>DNS zone records, <a class="indexterm" href="Managing_DNS
_Zones-Adding_Records_to_DNS_Zones.html">Adding Records to DNS Zones</a></dt><dd><dl><dt>deleting, <a class="indexterm" href="Managing_DNS_Zones-Deleting_Records_from_DNS_Zones.html">Deleting Records from DNS Zones</a></dt><dt>format for adding, <a class="indexterm" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html">Adding Records to DNS Zones</a></dt><dt>IPv4 example, <a class="indexterm" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html">Adding Records to DNS Zones</a></dt><dt>IPv6 example, <a class="indexterm" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html">Adding Records to DNS Zones</a></dt><dt>PTR example, <a class="indexterm" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html">Adding Records to DNS Zones</a></dt><dt>SRV example, <a class="indexterm" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html">Adding Records to DNS Zones</a></dt><dt>types of records, <a class="indexterm" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zon
es.html">Adding Records to DNS Zones</a></dt></dl></dd></dl></div><div class="indexdiv"><h3>K</h3><dl><dt>Kerberos, <a class="indexterm" href="kerberos.html#about-kerberos">About Kerberos</a></dt><dd><dl><dt>service principals, <a class="indexterm" href="Configuring_Service_Principals-Creating_and_Using_Service_Principals.html">Creating and Using Service Principals</a></dt><dt>SSSD password cache, <a class="indexterm" href="kerberos-pwd-cache.html">Caching Kerberos Passwords</a></dt><dt>ticket policies, <a class="indexterm" href="kerb-policies.html">Setting Kerberos Ticket Policies</a></dt><dd><dl><dt>global, <a class="indexterm" href="kerb-policies.html#kerb-policies-global">Setting Global Ticket Policies</a></dt><dt>user-level, <a class="indexterm" href="kerb-policies.html#user-ticket-policies">Setting User-Level Ticket Policies</a></dt></dl></dd><dt>troubleshooting Windows problems, <a class="indexterm" href="troubleshooting-client-install.html">Troubleshooting Client Ins
tallations</a></dt></dl></dd></dl></div><div class="indexdiv"><h3>S</h3><dl><dt>service principals, <a class="indexterm" href="Configuring_Service_Principals-Creating_and_Using_Service_Principals.html">Creating and Using Service Principals</a></dt><dt>SSSD</dt><dd><dl><dt>and Kerberos passwords, <a class="indexterm" href="kerberos-pwd-cache.html">Caching Kerberos Passwords</a></dt><dd><dl><dt>disabling cache, <a class="indexterm" href="kerberos-pwd-cache.html">Caching Kerberos Passwords</a></dt></dl></dd></dl></dd></dl></div><div class="indexdiv"><h3>T</h3><dl><dt>ticket policies, <a class="indexterm" href="kerb-policies.html">Setting Kerberos Ticket Policies</a></dt><dt>troubleshooting</dt><dd><dl><dt>client installation, <a class="indexterm" href="troubleshooting-client-install.html">Troubleshooting Client Installations</a></dt><dt>Kerberos on Windows, <a class="indexterm" href="troubleshooting-client-install.html">Troubleshooting Client Installations</a></dt><dt>Kerberos,
unknown server error, <a class="indexterm" href="troubleshooting-client-install.html">Troubleshooting Client Installations</a></dt><dt>resolving hostnames on client, <a class="indexterm" href="troubleshooting-client-install.html">Troubleshooting Client Installations</a></dt></dl></dd></dl></div><div class="indexdiv"><h3>U</h3><dl><dt>uninstalling</dt><dd><dl><dt>clients, <a class="indexterm" href="uninstalling-clients.html">Uninstalling a FreeIPA Client</a></dt></dl></dd></dl></div><div class="indexdiv"><h3>W</h3><dl><dt>Windows</dt><dd><dl><dt>troubleshooting Kerberos problems, <a class="indexterm" href="troubleshooting-client-install.html">Troubleshooting Client Installations</a></dt></dl></dd></dl></div><div class="indexdiv"><h3>Z</h3><dl><dt>zone records, <a class="indexterm" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html">Adding Records to DNS Zones</a></dt><dd><dl><dt>deleting, <a class="indexterm" href="Managing_DNS_Zones-Deleting_Records_from_DNS_Zones.ht
ml">Deleting Records from DNS Zones</a></dt><dt>format for adding, <a class="indexterm" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html">Adding Records to DNS Zones</a></dt><dt>IPv4 example, <a class="indexterm" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html">Adding Records to DNS Zones</a></dt><dt>IPv6 example, <a class="indexterm" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html">Adding Records to DNS Zones</a></dt><dt>PTR example, <a class="indexterm" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html">Adding Records to DNS Zones</a></dt><dt>SRV example, <a class="indexterm" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html">Adding Records to DNS Zones</a></dt><dt>types, <a class="indexterm" href="Managing_DNS_Zones-Adding_Records_to_DNS_Zones.html">Adding Records to DNS Zones</a></dt></dl></dd></dl></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Glossary.html"><strong>Prev</strong>Glossary</a><
/li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/kerb-policies.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/kerb-policies.html
index a4f436f..49de400 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/kerb-policies.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/kerb-policies.html
@@ -1,26 +1,31 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.2. Setting Kerberos Ticket Policies</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.2. Setting Kerberos Ticket Policies</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="kerberos.html" title="Chapter 6. Identity: Using FreeIPA for a Kerberos Domain" /><link rel="prev" href="kerberos.html" title="Chapter 6. Identity: Using FreeIPA for a Kerberos Domain" /><link rel="next" href="Configuring_Service_Principals-Creating_and_Using_Service_Principals.html" title="6.3. Creating and Using Service Principals" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class=
"previous"><a accesskey="p" href="kerberos.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Configuring_Service_Principals-Creating_and_Using_Service_Principals.html"><strong>Next</strong></a></li></ul><div class="section" id="kerb-policies"><div class="titlepage"><div><div><h2 class="title" id="kerb-policies">6.2. Setting Kerberos Ticket Policies</h2></div></div></div><div class="para">
- Kerberos tickets are issued subject to the restraints of the <em class="firstterm">Kerberos ticket policy</em>. This policy defines the maximum ticket lifetime and also the maximum renewal age, the period during which the ticket is renewable. You can use the <code class="command">ipa krbtpolicy-mod</code> command to modify the policy to suit your environment. You can also use the <code class="command">ipa krbtpolicy-reset</code> command to reset the policy to the default values.
- </div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
- Any change to the global Kerberos ticket policy requires a restart of the KDC for the changes to take effect. Use the following command to restart the KDC:
-<pre class="screen"><code class="command"># service krb5kdc restart</code></pre>
-
- </div></div></div><div class="para">
- Kerberos authentication is the core of the FreeIPA server. For a full discussion of how Kerberos works, configuration, and other aspects of Kerberos, see the MIT Kerberos project documentation at <a href="http://web.mit.edu/kerberos/www/">http://web.mit.edu/kerberos/www/</a>.
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="kerberos.html" title="Chapter 6. Identity: Using FreeIPA for a Kerberos Domain" /><link rel="prev" href="kerberos.html" title="Chapter 6. Identity: Using FreeIPA for a Kerberos Domain" /><link rel="next" href="Configuring_Service_Principals-Creating_and_Using_Service_Principals.html" title="6.3. Creating and Using Service Principals" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class=
"previous"><a accesskey="p" href="kerberos.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Configuring_Service_Principals-Creating_and_Using_Service_Principals.html"><strong>Next</strong></a></li></ul><div class="section" id="kerb-policies"><div class="titlepage"><div><div><h2 class="title" id="kerb-policies">6.2. Setting Kerberos Ticket Policies</h2></div></div></div><a id="id3147820" class="indexterm"></a><a id="id3147828" class="indexterm"></a><div class="para">
+ The Kerberos <span class="emphasis"><em>ticket policy</em></span> sets basic restructions on managing tickets within the Kerberos realm, such as the maximum ticket lifetime and the maximum renewal age (the period during which the ticket is renewable).
</div><div class="para">
- FreeIPA uses a single Kerberos ticket policy. This policy defines the maximum ticket lifetime and the maximum renewal age; that is, the period during which the ticket is renewable. You can also create a per-user ticket policy by specifying the user login.
- </div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
- Changes to the global policy require a restart of the KDC service to take effect, as follows:
-<pre class="screen"><code class="command"># service krb5kdc restart</code></pre>
+ The Kerberos ticket policy is set globally so that it applies to every ticket issued within the realm. FreeIPA also has the ability to set user-level ticket policies which override the global policies. This can be used, for example, to set extended expiration times for administrators or to set shorter expiration times for some employees.
+ </div><div class="section" id="kerb-policies-global"><div class="titlepage"><div><div><h3 class="title" id="kerb-policies-global">6.2.1. Setting Global Ticket Policies</h3></div></div></div><a id="id3143575" class="indexterm"></a><div class="para">
+ The <code class="command">ipa krbtpolicy-mod</code> command modifies the policy, while the <code class="command">ipa krbtpolicy-reset</code> command resets the policy to the default values.
+ </div><div class="para">
+ For example:
+ </div><pre class="screen"># ipa krbtpolicy-mod --maxlife=3600 --maxrenew=18000
+ Max life: 3600
+ Max renew: 18000</pre><div class="important"><div class="admonition_header"><h2>IMPORTANT</h2></div><div class="admonition"><div class="para">
+ Any change to the global Kerberos ticket policy requires a restart of the KDC for the changes to take effect. Restart the KDC:
+<pre class="screen"># service krb5kdc restart</pre>
+ </div></div></div></div><div class="section" id="user-ticket-policies"><div class="titlepage"><div><div><h3 class="title" id="user-ticket-policies">6.2.2. Setting User-Level Ticket Policies</h3></div></div></div><a id="id3143639" class="indexterm"></a><div class="para">
+ User-level Kerberos ticket policies are set using the same commands as global policies, but the user is specified in the command.
</div><div class="para">
- Changes to per-user policies take effect immediately for newly-requested tickets, for example, when the user next runs <code class="command">kinit</code>.
- </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="kerberos.html"><strong>Prev</strong>Chapter 6. Identity: Using FreeIPA for a Kerberos...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Configuring_Service_Principals-Creating_and_Using_Service_Principals.html"><strong>Next</strong>6.3. Creating and Using Service Principals</a></li></ul></body></html>
+ For example:
+ </div><pre class="screen"># ipa krbtpolicy-mod jsmith --maxlife=3600
+ Max life: 3600</pre><div class="important"><div class="admonition_header"><h2>IMPORTANT</h2></div><div class="admonition"><div class="para">
+ User-level policies take effect immediately on the next requested ticket (such as running <code class="command">kinit</code>), without having to restart the KDC service.
+ </div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="kerberos.html"><strong>Prev</strong>Chapter 6. Identity: Using FreeIPA for a Kerberos...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Configuring_Service_Principals-Creating_and_Using_Service_Principals.html"><strong>Next</strong>6.3. Creating and Using Service Principals</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/kerberos-pwd-cache.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/kerberos-pwd-cache.html
new file mode 100644
index 0000000..4161a6f
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/kerberos-pwd-cache.html
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.6. Caching Kerberos Passwords</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.15');
+
+ addID('Fedora.15.books');
+ addID('Fedora.15.FreeIPA_Guide');
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="kerberos.html" title="Chapter 6. Identity: Using FreeIPA for a Kerberos Domain" /><link rel="prev" href="rotating-keys.html" title="6.5. Rotating Keys" /><link rel="next" href="Kerberos_Errors.html" title="6.7. Troubleshooting Kerberos Errors" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="rotating-keys.html"><strong>Prev</strong></a></li><li class
="next"><a accesskey="n" href="Kerberos_Errors.html"><strong>Next</strong></a></li></ul><div class="section" id="kerberos-pwd-cache"><div class="titlepage"><div><div><h2 class="title" id="kerberos-pwd-cache">6.6. Caching Kerberos Passwords</h2></div></div></div><a id="id3014180" class="indexterm"></a><a id="id3143693" class="indexterm"></a><div class="para">
+ A machine may not always be on the same network as the FreeIPA domain; for example, a machine may need to be logged into a VPN before it can access the FreeIPA domain. If a user logs into a system when it is offline and then later attempts to connect to FreeIPA services, then the user is blocked because there is no FreeIPA Kerberos ticket for that user. FreeIPA works around that limitation by using SSSD to store the Kerberos passwords in the SSSD cache.
+ </div><div class="para">
+ This is configured by default by the <code class="command">ipa-client-install</code> script. A configuration parameter is added to the <code class="filename">/etc/sssd/sssd.conf</code> file which specifically instructs SSSD to store those Kerberos passwords for the FreeIPA domain:
+ </div><pre class="programlisting"><span class="perl_String">[</span><span class="perl_Reserved">domain</span><span class="perl_String">/example.com]</span><span class="perl_String"></span>
+<span class="perl_String"></span><span class="perl_String">cache_credentials = True</span><span class="perl_String"></span>
+<span class="perl_String"></span><span class="perl_String">ipa_domain = example.com</span><span class="perl_String"></span>
+<span class="perl_String"></span><span class="perl_String">id_provider = ipa</span><span class="perl_String"></span>
+<span class="perl_String"></span><span class="perl_String">auth_provider = ipa</span><span class="perl_String"></span>
+<span class="perl_String"></span><span class="perl_String">access_provider = ipa</span><span class="perl_String"></span>
+<span class="perl_String"></span><span class="perl_String">chpass_provider = ipa</span><span class="perl_String"></span>
+<span class="perl_String"></span><span class="perl_String">ipa_server = _srv_, server.example.com</span><span class="perl_String"></span>
+<span class="perl_String"></span><span class="perl_String">krb5_store_password_if_offline = true</span></pre><a id="id3143739" class="indexterm"></a><div class="para">
+ This default behavior can be disabled during the client installation by using the <code class="option">--no-krb5-offline-passwords</code> option.
+ </div><div class="para">
+ This behavior can also be disabled by editing the <code class="filename">/etc/sssd/sssd.conf</code> file and removing the <code class="option">krb5_store_password_if_offline</code> line or changing its value to false.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="rotating-keys.html"><strong>Prev</strong>6.5. Rotating Keys</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Kerberos_Errors.html"><strong>Next</strong>6.7. Troubleshooting Kerberos Errors</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/kerberos.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/kerberos.html
index 3a842ac..b9f0630 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/kerberos.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/kerberos.html
@@ -1,18 +1,20 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 6. Identity: Using FreeIPA for a Kerberos Domain</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 6. Identity: Using FreeIPA for a Kerberos Domain</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="Extending_the_Permissions_of_IPA_Managed_Hosts.html" title="5.3. Extending the Permissions of FreeIPA Managed Hosts" /><link rel="next" href="kerb-policies.html" title="6.2. Setting Kerberos Ticket Policies" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Extending_the_Pe
rmissions_of_IPA_Managed_Hosts.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="kerb-policies.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="kerberos" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 6. Identity: Using FreeIPA for a Kerberos Domain</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="kerberos.html#about-kerberos">6.1. About Kerberos</a></span></dt><dt><span class="section"><a href="kerb-policies.html">6.2. Setting Kerberos Ticket Policies</a></span></dt><dt><span class="section"><a href="Configuring_Service_Principals-Creating_and_Using_Service_Principals.html">6.3. Creating and Using Service Principals</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_Service_Principals-Creating_and_Using_Service_Principals.html#Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service">6.3.1. Creating a FreeIPA Ser
vice</a></span></dt><dt><span class="section"><a href="Configuring_Service_Principals-Creating_and_Using_Service_Principals.html#Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server">6.3.2. Configuring an NFS Service Principal on the FreeIPA Server</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_Authentication-Refreshing_Kerberos_Tickets.html">6.4. Refreshing Kerberos Tickets</a></span></dt><dt><span class="section"><a href="rotating-keys.html">6.5. Rotating Keys</a></span></dt><dt><span class="section"><a href="General_Troubleshooting_Tips-Kerberos_Errors.html">6.6. Kerberos Errors</a></span></dt></dl></div><div class="section" id="about-kerberos"><div class="titlepage"><div><div><h2 class="title" id="about-kerberos">6.1. About Kerberos</h2></div></div></div><div class="para">
- The Kerberos server is a part of FreeIPA. When you run the <code class="command">kinit</code> command you invoke a client that connects to the Kerberos server. As a result of the authentication the client receives a <em class="firstterm">ticket</em>. This ticket is a temporary pass; or a better description might be a pass-book. The best example from real life might be a pass to a movie festival. A single pass to such a festival would allow someone to attend different movies at their discretion. Kerberos is very similar. When a user tries to access any resource that is protected by Kerberos, that resource requires the user to present a valid ticket, the same as in the movies.
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="Extending_the_Permissions_of_IPA_Managed_Hosts.html" title="5.3. Extending the Permissions of FreeIPA Managed Hosts" /><link rel="next" href="kerb-policies.html" title="6.2. Setting Kerberos Ticket Policies" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Extending_the_Pe
rmissions_of_IPA_Managed_Hosts.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="kerb-policies.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="kerberos" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 6. Identity: Using FreeIPA for a Kerberos Domain</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="kerberos.html#about-kerberos">6.1. About Kerberos</a></span></dt><dt><span class="section"><a href="kerb-policies.html">6.2. Setting Kerberos Ticket Policies</a></span></dt><dd><dl><dt><span class="section"><a href="kerb-policies.html#kerb-policies-global">6.2.1. Setting Global Ticket Policies</a></span></dt><dt><span class="section"><a href="kerb-policies.html#user-ticket-policies">6.2.2. Setting User-Level Ticket Policies</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_Service_Principals-Creating_and_Using_Service_Principals.html">6.3. Creati
ng and Using Service Principals</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_Service_Principals-Creating_and_Using_Service_Principals.html#Creating_Service_Principals_and_Certificates_for_New_Services-Creating_an_IPA_Service">6.3.1. Creating a FreeIPA Service</a></span></dt><dt><span class="section"><a href="Configuring_Service_Principals-Creating_and_Using_Service_Principals.html#Configuring_Service_Principals-Configuring_an_NFS_Service_Principal_on_the_IPA_Server">6.3.2. Configuring an NFS Service Principal on the FreeIPA Server</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_Authentication-Refreshing_Kerberos_Tickets.html">6.4. Refreshing Kerberos Tickets</a></span></dt><dt><span class="section"><a href="rotating-keys.html">6.5. Rotating Keys</a></span></dt><dt><span class="section"><a href="kerberos-pwd-cache.html">6.6. Caching Kerberos Passwords</a></span></dt><dt><span class="section"><a href="Kerberos_Errors.html">6.7.
Troubleshooting Kerberos Errors</a></span></dt></dl></div><div class="section" id="about-kerberos"><div class="titlepage"><div><div><h2 class="title" id="about-kerberos">6.1. About Kerberos</h2></div></div></div><a id="id3349669" class="indexterm"></a><div class="para">
+ Kerberos authentication is the core of the FreeIPA server. For a full discussion of how Kerberos works, configuration, and other aspects of Kerberos, see the MIT Kerberos project documentation at <a href="http://web.mit.edu/kerberos/www/">http://web.mit.edu/kerberos/www/</a>.
</div><div class="para">
- To obtain such a ticket the user needs to prove their identity; that they are who they claim to be. Asking the user to constantly authenticate with their password would soon prove to be too annoying and hard to manage. This is why a multi-tier process exists, where the user first authenticates and obtains a so-called <em class="firstterm">ticket-granting ticket</em> (TGT). This ticket can then be presented to the Kerberos server at any time and a new ticket specific to the resource that the user wants to access can be acquired. All of these tickets have a configurable expiration time, so the user occasionally needs to re-authenticate, but it is much less of a burden.
+ The Kerberos server is a part of FreeIPA. When you run the <code class="command">kinit</code> command you invoke a client that connects to the Kerberos server. As a result of the authentication the client receives a <span class="emphasis"><em>ticket</em></span>. This ticket is a temporary pass; or a better description might be a pass-book. The best example from real life might be a pass to a movie festival. A single pass to such a festival would allow someone to attend different movies at their discretion. Kerberos is very similar. When a user tries to access any resource that is protected by Kerberos, that resource requires the user to present a valid ticket, the same as in the movies.
</div><div class="para">
- <code class="systemitem">Kerberos</code> is a network authentication protocol which allows users to authenticate to services with the help of a KDC. <code class="systemitem">Kerberos</code> authentication requires that both the user and the service be known to the KDC and that each has previously shared a set of encryption keys with the KDC. A user's keys are derived from the user's password, and while a service's keys can also be derived from a password, it is more likely that they are randomly generated. Users and services are known to the KDC by what are referred to as their <em class="firstterm">principal names</em>, and those users and services are often referred to simply as <em class="firstterm">principals</em>.
+ To obtain such a ticket the user needs to prove their identity; that they are who they claim to be. Asking the user to constantly authenticate with their password would soon prove to be too annoying and hard to manage. This is why a multi-tier process exists, where the user first authenticates and obtains a so-called <span class="emphasis"><em>ticket-granting ticket</em></span> (TGT). This ticket can then be presented to the Kerberos server at any time and a new ticket specific to the resource that the user wants to access can be acquired. All of these tickets have a configurable expiration time, so the user occasionally needs to re-authenticate, but it is much less of a burden.
+ </div><div class="para">
+ Kerberos is a network authentication protocol which allows users to authenticate to services with the help of a KDC. Kerberos authentication requires that both the user and the service be known to the KDC and that each has previously shared a set of encryption keys with the KDC. A user's keys are derived from the user's password, and while a service's keys can also be derived from a password, it is more likely that they are randomly generated. Users and services are known to the KDC by what are referred to as their <span class="emphasis"><em>principal names</em></span>, and those users and services are often referred to simply as <span class="emphasis"><em>principals</em></span>.
</div><div class="para">
A service principal consists of three components:
<div class="itemizedlist"><ul><li class="listitem"><div class="para">
@@ -24,7 +26,7 @@
</div></li></ul></div>
</div><div class="para">
- The service name is an arbitrary case-sensitive string, such as <code class="systemitem">host</code>, <code class="systemitem">HTTP</code>, <code class="systemitem">ldap</code>, or <code class="systemitem">DNS</code>. By convention, daemons use a specific service; sometimes this service name is obvious, but not always. The <code class="systemitem">sshd</code> daemon, for example, uses the <code class="systemitem">host</code> service principal.
+ The service name is an arbitrary case-sensitive string, such as host, HTTP, LDAP, or DNS. By convention, daemons use a specific service; sometimes this service name is obvious, but not always. The <code class="systemitem">sshd</code> daemon, for example, uses the host service principal.
</div><div class="para">
The syntax, or structure, of a service principal is as follows: <code class="systemitem">service/FQDN at REALM</code>. For example, the host service principal for a machine named <code class="systemitem">test.example.com</code> in the Kerberos realm <code class="systemitem">EXAMPLE.COM</code> would be <code class="systemitem">host/test.example.com at EXAMPLE.COM</code>. By convention, this principal is stored in <code class="filename">/etc/krb5.keytab</code>.
</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
@@ -34,9 +36,9 @@
</div><div class="para">
Service principals are typically released per service, although it is possible for one service principal to be used for more than one service.
</div><div class="formalpara" id="Service_Principals_and_Key_Tables_keytabs-The_Importance_of_Service_Principals_and_keytabs"><h5 class="formalpara">The Importance of Service Principals and keytabs</h5>
- Service principals and their associated keys play a critical role in a <code class="systemitem">Kerberos</code>-aware environment. This is especially true when services are accessed by multiple users. As long as a valid ticket exists for a specific service, users can access that service using their <code class="systemitem">Kerberos</code> credentials.
+ Service principals and their associated keys play a critical role in a Kerberos-aware environment. This is especially true when services are accessed by multiple users. As long as a valid ticket exists for a specific service, users can access that service using their Kerberos credentials.
</div><div class="para">
- For example, if a user tries to mount an <code class="systemitem">NFS</code> directory using <code class="systemitem">Kerberos</code>, then both the <code class="systemitem">NFS</code> server and the user require their own valid principal, and share their own secret key with the <abbr class="abbrev">KDC</abbr>. The NFS server key is established during the FreeIPA <code class="systemitem">NFS</code> configuration on the server. If the secret key is replaced on the server, for example, by getting a new keytab, then you need to export this new keytab to the KDC, which will then distribute it to the clients.
+ For example, if a user tries to mount an NFS directory using Kerberos, then both the NFS server and the user require their own valid principal, and share their own secret key with the <abbr class="abbrev">KDC</abbr>. The NFS server key is established during the FreeIPA NFS configuration on the server. If the secret key is replaced on the server, for example, by getting a new keytab, then you need to export this new keytab to the KDC, which will then distribute it to the clients.
</div><div class="formalpara" id="Service_Principals_and_Key_Tables_keytabs-Protecting_keytab_Files"><h5 class="formalpara">Protecting keytab Files</h5>
To protect your keytab files, consider the following general rules with respect to their permissions and ownership:
<div class="itemizedlist"><ul><li class="listitem"><div class="para">
@@ -44,9 +46,9 @@
</div></li><li class="listitem"><div class="para">
Mode: 0600
</div></li></ul></div>
- For example, set the owner of the <span class="application"><strong>Apache</strong></span> keytab (<code class="filename">/etc/httpd/conf/ipa.keytab</code>) to <code class="literal">httpd</code> and the mode to <code class="literal">0600</code>.
+ For example, set the owner of the Apache keytab (<code class="filename">/etc/httpd/conf/ipa.keytab</code>) to <code class="literal">httpd</code> and the mode to <code class="literal">0600</code>.
</div><div class="warning"><div class="admonition_header"><h2>Warning</h2></div><div class="admonition"><div class="para">
- Clients attempting to mount <code class="systemitem">NFS</code> exports rely on the existence of a valid principal and secret key on both the <code class="systemitem">NFS</code> server and the client host. Clients themselves should not have access to the <code class="systemitem">NFS</code> keytab. The ticket for the <code class="systemitem">NFS</code> connection will be given to clients from the KDC.
+ Clients attempting to mount NFS exports rely on the existence of a valid principal and secret key on both the NFS server and the client host. Clients themselves should not have access to the NFS keytab. The ticket for the NFS connection will be given to clients from the KDC.
</div><div class="para">
Failure to export an updated keytab can cause problems that are difficult to isolate. For example, existing service connections may continue to function, but no new connections may be possible.
</div><div class="para">
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/logging-in.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/logging-in.html
index 625c228..8b6b152 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/logging-in.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/logging-in.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2. Logging into FreeIPA</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.2. Logging into FreeIPA</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/logging.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/logging.html
index c4cc4c5..8bd4704 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/logging.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/logging.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.7. FreeIPA Server Logging</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.8. FreeIPA Server Logging</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 13. Configuring the FreeIPA Server" /><link rel="prev" href="ipa-cluster.html" title="13.6. Using FreeIPA in a Cluster" /><link rel="next" href="promoting-replica.html" title="13.8. Promoting a Read-Only Replica to a FreeIPA Server" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ipa-cluster.html"><strong>Prev</str
ong></a></li><li class="next"><a accesskey="n" href="promoting-replica.html"><strong>Next</strong></a></li></ul><div class="section" id="logging"><div class="titlepage"><div><div><h2 class="title" id="logging">13.7. FreeIPA Server Logging</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 13. Configuring the FreeIPA Server" /><link rel="prev" href="ipa-cluster.html" title="13.7. Using FreeIPA in a Cluster" /><link rel="next" href="promoting-replica.html" title="13.9. Promoting a Read-Only Replica to a FreeIPA Server" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="ipa-cluster.html"><strong>Prev</str
ong></a></li><li class="next"><a accesskey="n" href="promoting-replica.html"><strong>Next</strong></a></li></ul><div class="section" id="logging"><div class="titlepage"><div><div><h2 class="title" id="logging">13.8. FreeIPA Server Logging</h2></div></div></div><div class="para">
If you are using the FreeIPA command-line tools or the WebUI to manage FreeIPA data then you should refer to the following sections to help troubleshoot any problems.
</div><div class="para">
You should first check the <code class="filename">/var/log/httpd/error_log</code> file. This may contain more information on the error and/or a python stacktrace.
@@ -24,4 +24,4 @@ debug=True</pre>
You can use the <code class="option">-v</code> option twice to display the XML-RPC exchange:
<pre class="screen">$ ipa -vv user-show admin</pre>
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ipa-cluster.html"><strong>Prev</strong>13.6. Using FreeIPA in a Cluster</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="promoting-replica.html"><strong>Next</strong>13.8. Promoting a Read-Only Replica to a FreeIPA ...</a></li></ul></body></html>
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="ipa-cluster.html"><strong>Prev</strong>13.7. Using FreeIPA in a Cluster</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="promoting-replica.html"><strong>Next</strong>13.9. Promoting a Read-Only Replica to a FreeIPA ...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/managing-clients.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/managing-clients.html
index 99f27d3..9522b6c 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/managing-clients.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/managing-clients.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 14. Managing Client Machines in the FreeIPA Domain</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 14. Managing Client Machines in the FreeIPA Domain</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="upgrading-server.html" title="13.9. Testing Before Upgrading the FreeIPA Server" /><link rel="next" href="enrolling-machines.html" title="14.2. Enrolling Clients Manually" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="upgrading-server.html"><strong>Prev</strong></a></li
><li class="next"><a accesskey="n" href="enrolling-machines.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="managing-clients" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 14. Managing Client Machines in the FreeIPA Domain</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="managing-clients.html#about-machine-auth">14.1. About Machine Identity and Authentication</a></span></dt><dt><span class="section"><a href="enrolling-machines.html">14.2. Enrolling Clients Manually</a></span></dt><dd><dl><dt><span class="section"><a href="enrolling-machines.html#Enrollment_with_Separation_of_Duties">14.2.1. Performing a Split Enrollment</a></span></dt><dt><span class="section"><a href="enrolling-machines.html#bulk-enrollment">14.2.2. Performing a Bulk or Kickstart Enrollment</a></span></dt></dl></dd><dt><span class="section"><a href="renaming-machines.html">14.3. Renaming Machines and Reconfiguring Fr
eeIPA Client Configuration</a></span></dt><dt><span class="section"><a href="manually-unconfig-machines.html">14.4. Manually Unconfiguring Client Machines</a></span></dt><dt><span class="section"><a href="Client_Problems.html">14.5. Debugging Client Connection Problems</a></span></dt><dt><span class="section"><a href="certmongerX.html">14.6. Working with certmonger</a></span></dt><dd><dl><dt><span class="section"><a href="certmongerX.html#certmonger-req">14.6.1. Requesting a Certificate with certmonger</a></span></dt><dt><span class="section"><a href="certmongerX.html#Working_with_certmonger-Using_certmonger_with_NSS">14.6.2. Storing Certificates in NSS Databases</a></span></dt><dt><span class="section"><a href="certmongerX.html#certmonger-tracking-certs">14.6.3. Tracking Certificates with certmonger</a></span></dt></dl></dd></dl></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="upgrading-server.html" title="13.10. Testing Before Upgrading the FreeIPA Server" /><link rel="next" href="enrolling-machines.html" title="14.2. Enrolling Clients Manually" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="upgrading-server.html"><strong>Prev</strong></a></l
i><li class="next"><a accesskey="n" href="enrolling-machines.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="managing-clients" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 14. Managing Client Machines in the FreeIPA Domain</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="managing-clients.html#about-machine-auth">14.1. About Machine Identity and Authentication</a></span></dt><dt><span class="section"><a href="enrolling-machines.html">14.2. Enrolling Clients Manually</a></span></dt><dd><dl><dt><span class="section"><a href="enrolling-machines.html#Enrollment_with_Separation_of_Duties">14.2.1. Performing a Split Enrollment</a></span></dt><dt><span class="section"><a href="enrolling-machines.html#bulk-enrollment">14.2.2. Performing a Bulk or Kickstart Enrollment</a></span></dt></dl></dd><dt><span class="section"><a href="renaming-machines.html">14.3. Renaming Machines and Reconfiguring F
reeIPA Client Configuration</a></span></dt><dt><span class="section"><a href="manually-unconfig-machines.html">14.4. Manually Unconfiguring Client Machines</a></span></dt><dt><span class="section"><a href="Client_Problems.html">14.5. Debugging Client Connection Problems</a></span></dt><dt><span class="section"><a href="certmongerX.html">14.6. Working with certmonger</a></span></dt><dd><dl><dt><span class="section"><a href="certmongerX.html#certmonger-req">14.6.1. Requesting a Certificate with certmonger</a></span></dt><dt><span class="section"><a href="certmongerX.html#Working_with_certmonger-Using_certmonger_with_NSS">14.6.2. Storing Certificates in NSS Databases</a></span></dt><dt><span class="section"><a href="certmongerX.html#certmonger-tracking-certs">14.6.3. Tracking Certificates with certmonger</a></span></dt></dl></dd></dl></div><div class="para">
Both DNS and Kerberos are configured as part of the initial client configuration. This is required because these are the two services that bring the machine within the FreeIPA domain and allow it to identity the FreeIPA server it will connect with. After the initial configuration, FreeIPA has tools to manage both of these services in response to changes in the domain services, changes to the IT environment, or changes on the machines themselves which affect Kerberos, certificate, and DNS services, like changing the client hostname.
</div><div class="para">
This chapter describes how to manage identity services that relate directly the the client machine:
@@ -41,4 +41,4 @@
Key tables (or <em class="firstterm">keytabs</em>, a symmetric key resembling to some extent a user password) and machine certificates. Kerberos tickets are generated as part of the Kerberos services and policies defined by the server. Initially granting a Kerberos ticket, renewing the Kerberos credentials, and even destroying the Kerberos session are all handled by the FreeIPA services. Managing Kerberos is covered in <a class="xref" href="kerberos.html">Chapter 6, <i>Identity: Using FreeIPA for a Kerberos Domain</i></a>.
</div></li><li class="listitem"><div class="para">
Machine certificates. In this case, the machine uses an SSL certificate that is issued by the FreeIPA server's certificate authority and then stored in FreeIPA's Directory Server. The certificate is then sent to the machine to present when it authenticates to the server. On the client, certificates are managed by a service called <span class="emphasis"><em>certmonger</em></span>, which is described in <a class="xref" href="certmongerX.html">Section 14.6, “Working with certmonger”</a>.
- </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="upgrading-server.html"><strong>Prev</strong>13.9. Testing Before Upgrading the FreeIPA Server</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="enrolling-machines.html"><strong>Next</strong>14.2. Enrolling Clients Manually</a></li></ul></body></html>
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="upgrading-server.html"><strong>Prev</strong>13.10. Testing Before Upgrading the FreeIPA Server</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="enrolling-machines.html"><strong>Next</strong>14.2. Enrolling Clients Manually</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/manually-unconfig-machines.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/manually-unconfig-machines.html
index 4ae7e43..5d8b47f 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/manually-unconfig-machines.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/manually-unconfig-machines.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.4. Manually Unconfiguring Client Machines</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.4. Manually Unconfiguring Client Machines</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/migrintg-from-nis.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/migrintg-from-nis.html
index e2707eb..dfdcf28 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/migrintg-from-nis.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/migrintg-from-nis.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>9.3. Migrating from NIS to IPA</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>9.3. Migrating from NIS to IPA</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="nis.html" title="Chapter 9. Identity: Integrating with NIS Domains and Netgroups" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html" title="9.2. Configuring the Network Information Service (NIS)" /><link rel="next" href="Working_with_DNS.html" title="Chapter 10. Policy: Managing DNS" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class=
"docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Working_with_DNS.html"><strong>Next</strong></a></li></ul><div class="section" id="migrintg-from-nis"><div class="titlepage"><div><div><h2 class="title" id="migrintg-from-nis">9.3. Migrating from NIS to IPA</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="nis.html" title="Chapter 9. Identity: Integrating with NIS Domains and Netgroups" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html" title="9.2. Configuring the Network Information Service (NIS)" /><link rel="next" href="Working_with_DNS.html" title="Chapter 10. Identity: Managing DNS" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul clas
s="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Working_with_DNS.html"><strong>Next</strong></a></li></ul><div class="section" id="migrintg-from-nis"><div class="titlepage"><div><div><h2 class="title" id="migrintg-from-nis">9.3. Migrating from NIS to IPA</h2></div></div></div><div class="para">
The IPA development team researched the topic of how netgroups are typically used in order to better determine an optimal migration design solution. This research shows that the main use cases for netgroups are the aggregation of users and the aggregation of hosts, but not both at the same time. IPA does not provide a special script or command to facilitate the migration of customers' existing netgroups to IPA. This operation must be performed by the system administrator himself or with the help of professional services. This chapter provides some guidelines to ease the process of migrating netgroups to IPA.
</div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Preparing_Your_Environment"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_Netgroups_to_IPA-Preparing_Your_Environment">9.3.1. Preparing Your Environment</h3></div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
These procedures are guidelines only, and are provided to help clean your environment and make it more manageable. It is not a definitive set of instructions, and administrators need to be creative and factor in the real constraints present in their environment. If any steps described below are not possible due to independent conditions, we recommend migrating netgroups on a one-to-one basis. This is described later in this chapter.
@@ -59,4 +59,4 @@
Refer to the IPA CLI help system for more details. Use the <code class="command">ipa help</code> command to display a list of available topics.
</div></li></ol></div></li><li class="listitem"><div class="orderedlist"><ol><li class="listitem"><div class="para">
Use the UI to manually create a new structure of netgroups.
- </div></li></ol></div></li></ol></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html"><strong>Prev</strong>9.2. Configuring the Network Information Service ...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Working_with_DNS.html"><strong>Next</strong>Chapter 10. Policy: Managing DNS</a></li></ul></body></html>
+ </div></li></ol></div></li></ol></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html"><strong>Prev</strong>9.2. Configuring the Network Information Service ...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Working_with_DNS.html"><strong>Next</strong>Chapter 10. Identity: Managing DNS</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/modifying-dns-zones.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/modifying-dns-zones.html
index 2113f73..859b5cb 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/modifying-dns-zones.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/modifying-dns-zones.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.5. Modifying DNS Zones</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>10.6. Modifying DNS Zones</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Working_with_DNS.html" title="Chapter 10. Policy: Managing DNS" /><link rel="prev" href="Managing_DNS_Zones-Adding_DNS_Zones.html" title="10.4. Adding DNS Zones" /><link rel="next" href="Adding_DNS_Zones-Using_Dynamic_DNS_Updates.html" title="10.6. Enabling Dynamic DNS Updates" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Managing_DNS_Zones-Addin
g_DNS_Zones.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Adding_DNS_Zones-Using_Dynamic_DNS_Updates.html"><strong>Next</strong></a></li></ul><div class="section" id="modifying-dns-zones"><div class="titlepage"><div><div><h2 class="title" id="modifying-dns-zones">10.5. Modifying DNS Zones</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Working_with_DNS.html" title="Chapter 10. Identity: Managing DNS" /><link rel="prev" href="Managing_DNS_Zones-Adding_DNS_Zones.html" title="10.5. Adding DNS Zones" /><link rel="next" href="Adding_DNS_Zones-Using_Dynamic_DNS_Updates.html" title="10.7. Enabling Dynamic DNS Updates" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Managing_DNS_Zones-Add
ing_DNS_Zones.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Adding_DNS_Zones-Using_Dynamic_DNS_Updates.html"><strong>Next</strong></a></li></ul><div class="section" id="modifying-dns-zones"><div class="titlepage"><div><div><h2 class="title" id="modifying-dns-zones">10.6. Modifying DNS Zones</h2></div></div></div><div class="para">
A zone is created with a certain amount of configuration, set to default values:
</div><pre class="screen"> dn: idnsname=example.com,cn=dns,dc=example,dc=com
idnsname: example.com
@@ -134,4 +134,4 @@
--ip-address
</td><td>
Adds the DNS name server by its IP address.
- </td></tr></tbody></table></div></div><br class="table-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Managing_DNS_Zones-Adding_DNS_Zones.html"><strong>Prev</strong>10.4. Adding DNS Zones</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Adding_DNS_Zones-Using_Dynamic_DNS_Updates.html"><strong>Next</strong>10.6. Enabling Dynamic DNS Updates</a></li></ul></body></html>
+ </td></tr></tbody></table></div></div><br class="table-break" /></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Managing_DNS_Zones-Adding_DNS_Zones.html"><strong>Prev</strong>10.5. Adding DNS Zones</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Adding_DNS_Zones-Using_Dynamic_DNS_Updates.html"><strong>Next</strong>10.7. Enabling Dynamic DNS Updates</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/nis.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/nis.html
index 0367cae..f6ab19a 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/nis.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/nis.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 9. Identity: Integrating with NIS Domains and Netgroups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 9. Identity: Integrating with NIS Domains and Netgroups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/opening-the-web-ui.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/opening-the-web-ui.html
index 91eca03..3386f83 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/opening-the-web-ui.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/opening-the-web-ui.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3. Opening the FreeIPA Web UI</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>3.3. Opening the FreeIPA Web UI</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/promoting-replica.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/promoting-replica.html
index 413ce65..0da36ac 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/promoting-replica.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/promoting-replica.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.8. Promoting a Read-Only Replica to a FreeIPA Server</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.9. Promoting a Read-Only Replica to a FreeIPA Server</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 13. Configuring the FreeIPA Server" /><link rel="prev" href="logging.html" title="13.7. FreeIPA Server Logging" /><link rel="next" href="upgrading-server.html" title="13.9. Testing Before Upgrading the FreeIPA Server" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="logging.html"><strong>Prev</strong></a></li><li cl
ass="next"><a accesskey="n" href="upgrading-server.html"><strong>Next</strong></a></li></ul><div class="section" id="promoting-replica"><div class="titlepage"><div><div><h2 class="title" id="promoting-replica">13.8. Promoting a Read-Only Replica to a FreeIPA Server</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 13. Configuring the FreeIPA Server" /><link rel="prev" href="logging.html" title="13.8. FreeIPA Server Logging" /><link rel="next" href="upgrading-server.html" title="13.10. Testing Before Upgrading the FreeIPA Server" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="logging.html"><strong>Prev</strong></a></li><li c
lass="next"><a accesskey="n" href="upgrading-server.html"><strong>Next</strong></a></li></ul><div class="section" id="promoting-replica"><div class="titlepage"><div><div><h2 class="title" id="promoting-replica">13.9. Promoting a Read-Only Replica to a FreeIPA Server</h2></div></div></div><div class="para">
The only difference between a replica and the master server is that the master owns the self-signed CA. If you copy the appropriate files from the master to the replica, import the CA into the replica directory server, and delete the existing replication agreements, that replica will then appear as a master server.
</div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
If you install with the <code class="option">--selfsign</code> option, follow this procedure if you want to promote a replica to a master. This is because the private key for the self-signed CA is stored in the Apache database (<code class="filename">/etc/httpd/alias</code>). The private key for a Dogtag Certificate System CA is stored in its own security database.
@@ -28,4 +28,4 @@
</div></li></ol></div><div class="para">
You now have two identical FreeIPA servers, neither of which know about the other. You can shut down the old master and bring up the new machine (if you are introducing a new replica into your network). Create a replica file on the new master and install it on the new machine.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="logging.html"><strong>Prev</strong>13.7. FreeIPA Server Logging</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="upgrading-server.html"><strong>Next</strong>13.9. Testing Before Upgrading the FreeIPA Server</a></li></ul></body></html>
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="logging.html"><strong>Prev</strong>13.8. FreeIPA Server Logging</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="upgrading-server.html"><strong>Next</strong>13.10. Testing Before Upgrading the FreeIPA Server</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/renaming-machines.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/renaming-machines.html
index 0d38978..793987b 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/renaming-machines.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/renaming-machines.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.3. Renaming Machines and Reconfiguring FreeIPA Client Configuration</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>14.3. Renaming Machines and Reconfiguring FreeIPA Client Configuration</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/rotating-keys.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/rotating-keys.html
index e548e96..8a291fe 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/rotating-keys.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/rotating-keys.html
@@ -1,21 +1,21 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.5. Rotating Keys</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>6.5. Rotating Keys</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="kerberos.html" title="Chapter 6. Identity: Using FreeIPA for a Kerberos Domain" /><link rel="prev" href="Configuring_Authentication-Refreshing_Kerberos_Tickets.html" title="6.4. Refreshing Kerberos Tickets" /><link rel="next" href="General_Troubleshooting_Tips-Kerberos_Errors.html" title="6.6. Kerberos Errors" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="
p" href="Configuring_Authentication-Refreshing_Kerberos_Tickets.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="General_Troubleshooting_Tips-Kerberos_Errors.html"><strong>Next</strong></a></li></ul><div class="section" id="rotating-keys"><div class="titlepage"><div><div><h2 class="title" id="rotating-keys">6.5. Rotating Keys</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="kerberos.html" title="Chapter 6. Identity: Using FreeIPA for a Kerberos Domain" /><link rel="prev" href="Configuring_Authentication-Refreshing_Kerberos_Tickets.html" title="6.4. Refreshing Kerberos Tickets" /><link rel="next" href="kerberos-pwd-cache.html" title="6.6. Caching Kerberos Passwords" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Config
uring_Authentication-Refreshing_Kerberos_Tickets.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="kerberos-pwd-cache.html"><strong>Next</strong></a></li></ul><div class="section" id="rotating-keys"><div class="titlepage"><div><div><h2 class="title" id="rotating-keys">6.5. Rotating Keys</h2></div></div></div><div class="para">
Kerberos keys are similar to passwords, and in the interests of security they should occasionally be changed. The frequency of these changes may be determined by company or other policies. Each key has an associated version number, which are stored in the <em class="parameter"><code>KVNO</code></em> parameter.
</div><div class="formalpara" id="Rotating_Kerberos_Keys-Obtaining_a_new_service_principal_Kerberos_key"><h5 class="formalpara">Obtaining a new service principal Kerberos key</h5>
Use the <code class="command">ipa-getkeytab</code> command to create a new Kerberos key. For example, use the following command to refresh your FreeIPA keytab:
-<pre class="screen"><code class="command"># ipa-getkeytab -s ipa.example.com -k /etc/dirsrv/ds.keytab -p ldap/ipa.example.com at EXAMPLE.COM</code></pre>
+<pre class="screen"># ipa-getkeytab -s ipa.example.com -k /etc/dirsrv/ds.keytab -p ldap/ipa.example.com at EXAMPLE.COM</pre>
This will add a new set of keys to your existing keytab. That is, you should now have two identical sets of principals, each with a separate <em class="parameter"><code>KVNO</code></em>.
</div><div class="para">
Use the <code class="command">klist</code> command to view the existing keys:
-<pre class="screen"><code class="command"># klist -kt /etc/dirsrv/ds.keytab</code>
+<pre class="screen"># klist -kt /etc/dirsrv/ds.keytab
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin at EXAMPLE.COM
@@ -27,7 +27,7 @@ Valid starting Expires Service principal
</div><div class="para">
Use the <code class="command">kvno</code> command to display the version number of a service ticket that you have been issued:
-<pre class="screen"><code class="command"># kvno -c /tmp/krb5cc_0 ldap/ipa.example.com at EXAMPLE.COM</code></pre>
+<pre class="screen"># kvno -c /tmp/krb5cc_0 ldap/ipa.example.com at EXAMPLE.COM</pre>
The <code class="option">-c</code> option specifies which credentials cache to use. The credentials cache (Ticket cache) is included in the output of the <code class="command">klist</code> command, above.
</div><div class="para">
Tickets issued against the old service will continue to work as expected but new tickets will be issued using the highest <em class="parameter"><code>KVNO</code></em>. This is to avoid any disruption to system operations. No service restart should be needed.
@@ -35,11 +35,10 @@ Valid starting Expires Service principal
You should maintain the old records for at least the amount of time that valid tickets are issues (8 hours by default) so that any clients that have a ticket encrypted with the old key will continue to work. However, there is no real need to remove old keys.
</div><div class="para">
FreeIPA does not currently provide an automated method of performing this task for all service tickets. Use the following queries to display a list of all services that have been issued keytabs:
-<pre class="screen"><code class="command"># ldapsearch -LLL -x -b 'cn=services,cn=accounts,dc=example,dc=com' \</code>
- <code class="command">'(krblastpwdchange=*)' krbprincipalname</code>
-<code class="command"># ldapsearch -LLL -x -b 'cn=computers,cn=accounts,dc=example,dc=com' \</code>
- <code class="command">'(krblastpwdchange=*)' krbprincipalname</code></pre>
+<pre class="screen"># ldapsearch -LLL -x -b 'cn=services,cn=accounts,dc=example,dc=com' '(krblastpwdchange=*)' krbprincipalname
+
+# ldapsearch -LLL -x -b 'cn=computers,cn=accounts,dc=example,dc=com' '(krblastpwdchange=*)' krbprincipalname</pre>
</div><div class="para">
This will display service and host keytab information. It is not possible to determine if it has a key directly, but you can infer that a keytab was issued by looking at the last change date.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Configuring_Authentication-Refreshing_Kerberos_Tickets.html"><strong>Prev</strong>6.4. Refreshing Kerberos Tickets</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="General_Troubleshooting_Tips-Kerberos_Errors.html"><strong>Next</strong>6.6. Kerberos Errors</a></li></ul></body></html>
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Configuring_Authentication-Refreshing_Kerberos_Tickets.html"><strong>Prev</strong>6.4. Refreshing Kerberos Tickets</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="kerberos-pwd-cache.html"><strong>Next</strong>6.6. Caching Kerberos Passwords</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/search-limits.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/search-limits.html
index 7344e00..deb7dfc 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/search-limits.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/search-limits.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.6. Setting Default Search Limits</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.6. Setting Default Search Limits</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/searching.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/searching.html
index 8276c32..a348b5c 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/searching.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/searching.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.10. Searching for Users and Groups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.10. Searching for Users and Groups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html
index a0557e1..2ea2e3c 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Configuring_the_Network_Information_Service_NIS.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>9.2. Configuring the Network Information Service (NIS)</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>9.2. Configuring the Network Information Service (NIS)</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html
index cfb91a6..7357bda 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Service_Groups.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>11.2. HBAC Service Groups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>11.2. HBAC Service Groups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html
index 46d209d..a4df248 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Host_based_Access_Control_Policies-HBAC_Services.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>11.3. HBAC Services</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>11.3. HBAC Services</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html
index 113b27e..092bfa9 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html
@@ -1,21 +1,21 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>B.3. Performing a Client-based Migration</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>C.3. Performing a Client-based Migration</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Migrating_from_a_Directory_Server_to_IPA.html" title="Appendix B. Migrating from a Directory Server to IPA" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html" title="B.2. Performing a Server-based Migration" /><link rel="next" href="Glossary.html" title="Glossary" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul
class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Glossary.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration">B.3. Performing a Client-based Migration</h2></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_Configuring_SSSD"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_
Configuring_SSSD">B.3.1. Phase 1: Installing and Configuring SSSD</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Migrating_from_a_Directory_Server_to_IPA.html" title="Appendix C. Migrating from a Directory Server to IPA" /><link rel="prev" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html" title="C.2. Performing a Server-based Migration" /><link rel="next" href="Glossary.html" title="Glossary" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul
class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Glossary.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration">C.3. Performing a Client-based Migration</h2></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_Configuring_SSSD"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_1_Installing_and_
Configuring_SSSD">C.3.1. Phase 1: Installing and Configuring SSSD</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Install SSSD first on the machines that can support it:
</div><div class="para">
<code class="command"># yum install sssd</code>
</div></li><li class="listitem"><div class="para">
Configure SSSD with the LDAP back end and point it to the existing DS deployment.
- </div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA">B.3.2. Phase 2: Migrating Existing Data to IPA</h3></div></div></div><div class="para">
- Install IPA and migrate the existing DS data as described in <a class="xref" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">Section B.2.1, “Phase 1: Migrating Existing Data to IPA”</a>
- </div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA">B.3.3. Phase 3: Migrate SSSD Clients from LDAP to IPA</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ </div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_2_Migrating_Existing_Data_to_IPA">C.3.2. Phase 2: Migrating Existing Data to IPA</h3></div></div></div><div class="para">
+ Install IPA and migrate the existing DS data as described in <a class="xref" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">Section C.2.1, “Phase 1: Migrating Existing Data to IPA”</a>
+ </div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_3_Migrate_SSSD_Clients_from_LDAP_to_IPA">C.3.3. Phase 3: Migrate SSSD Clients from LDAP to IPA</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
Start moving clients that have SSSD installed from the LDAP back end to the IPA back end, and enroll them with IPA. This will download the required keys and certificates.
</div></li><li class="listitem"><div class="para">
Instruct users to use (that is, to log in at least once) the machines with SSSD and IPA back end, or go to the web page and authenticate.
@@ -28,8 +28,8 @@
</div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
It is important to include the quotes around the filter so that it is not interpreted by the shell.
- </div></div></div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients">B.3.4. Phase 4: Reconfigure non-SSSD Clients</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ </div></div></div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_4_Reconfigure_non_SSSD_Clients">C.3.4. Phase 4: Reconfigure non-SSSD Clients</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
As the user population is migrated (the Kerberos keys are generated), you can start reconfiguring other (non‐SSSD) clients as required. The clients can be set up in any state shown on the diagram above.
- </div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server">B.3.5. Phase 5: Decommission the Directory Server</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ </div></li></ul></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Client_based_Migration-Phase_5_Decommission_the_Directory_Server">C.3.5. Phase 5: Decommission the Directory Server</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
When the migration of the clients is complete, decommission the DS.
- </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html"><strong>Prev</strong>B.2. Performing a Server-based Migration</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Glossary.html"><strong>Next</strong>Glossary</a></li></ul></body></html>
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html"><strong>Prev</strong>C.2. Performing a Server-based Migration</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="Glossary.html"><strong>Next</strong>Glossary</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html
index dba2c97..8078e5e 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html
@@ -1,21 +1,21 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>B.2. Performing a Server-based Migration</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>C.2. Performing a Server-based Migration</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Migrating_from_a_Directory_Server_to_IPA.html" title="Appendix B. Migrating from a Directory Server to IPA" /><link rel="prev" href="Migrating_from_a_Directory_Server_to_IPA.html" title="Appendix B. Migrating from a Directory Server to IPA" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html" title="B.3. Performing a Client-based Migration" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src=
"Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Migrating_from_a_Directory_Server_to_IPA.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration">B.2. Performing a Server-based Migration</h2></div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="Migrating_from_a_Directory_Server_to_IPA.html" title="Appendix C. Migrating from a Directory Server to IPA" /><link rel="prev" href="Migrating_from_a_Directory_Server_to_IPA.html" title="Appendix C. Migrating from a Directory Server to IPA" /><link rel="next" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html" title="C.3. Performing a Client-based Migration" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src=
"Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Migrating_from_a_Directory_Server_to_IPA.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html"><strong>Next</strong></a></li></ul><div class="section" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration"><div class="titlepage"><div><div><h2 class="title" id="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration">C.2. Performing a Server-based Migration</h2></div></div></div><div class="note"><div class="admonition_header"><h2>Note</h2></div><div class="admonition"><div class="para">
Each phase of the migration should be performed as a single step.
- </div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">B.2.1. Phase 1: Migrating Existing Data to IPA</h3></div></div></div><div class="para">
+ </div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_1_Migrating_Existing_Data_to_IPA">C.2.1. Phase 1: Migrating Existing Data to IPA</h3></div></div></div><div class="para">
The first phase of the migration consists of setting up IPA and migrating data from the existing DS to that used by IPA. This involves the use of the <code class="command">ipa migrate-ds</code> command, which dumps the user data from the original DS, converts it into a format suitable for use by IPA, and then loads the converted data into IPA.
</div><div class="para">
The <code class="command">ipa migrate-ds</code> command connects to the DS and binds as the <code class="systemitem">Directory Manager</code>, and then extracts all objectClass=person objects from ou=People. This can be changed using the <code class="option">--user-container</code> option. It also extracts all objects from ou=Groups. This can be changed using the <code class="option">--group-container</code> option. It adds all object classes and attributes required by IPA (if they are missing) and coverts DNs in attributes to match the IPA Directory Information Tree (DIT). The command returns an error if migration is not enabled.
</div><div class="para">
Refer to the <code class="command">ipa migrate-ds</code> help page for more details about this command (<code class="command">ipa help migrate-ds</code>).
- </div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Phase_1_Migrating_Existing_Data_to_IPA-To_migrate_existing_data_to_IPA"><h6>Procedure B.1. To migrate existing data to IPA:</h6><ol class="1"><li class="step"><div class="para">
+ </div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Phase_1_Migrating_Existing_Data_to_IPA-To_migrate_existing_data_to_IPA"><h6>Procedure C.1. To migrate existing data to IPA:</h6><ol class="1"><li class="step"><div class="para">
Install IPA, including any custom DS schema, on a different machine from the existing DS. Refer to
</div></li><li class="step"><div class="para">
Use the following command to enable IPA migration mode:
@@ -39,7 +39,7 @@
The migration log file is currently not implemented. Instead, any error messages are printed to standard output.
</div></div></div>
- </div></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration">B.2.2. Phase 2: Updating the Client Configuration</h3></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Phase_2_Updating_the_Client_Configuration-To_update_the_client_configuration"><h6>Procedure B.2. To update the client configuration:</h6><ul><li class="step"><div class="para">
+ </div></li></ol></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_2_Updating_the_Client_Configuration">C.2.2. Phase 2: Updating the Client Configuration</h3></div></div></div><div class="procedure" id="proc-Enterprise_Identity_Management_Guide-Phase_2_Updating_the_Client_Configuration-To_update_the_client_configuration"><h6>Procedure C.2. To update the client configuration:</h6><ul><li class="step"><div class="para">
Update the client configuration to use PAM_LDAP and NSS_LDAP to connect to IPA instead of connecting to DS, NIS, or using local files.
<div class="itemizedlist"><ul><li class="listitem"><div class="para">
If the intention is to automatically generate the Kerberos keys when a user authenticates, the configuration should use startTLS and simple bind authentication. For this to occur, the IT department needs to ensure the IPA server certificate is copied to the client.
@@ -49,7 +49,7 @@
</div></li></ul></div><div class="important"><div class="admonition_header"><h2>Important</h2></div><div class="admonition"><div class="para">
You should not update your client configuration to use PAM_KRB5 and NSS_LDAP (that is, the equivalent of IPA v1) at this stage unless absolutely necessary. This is because the Kerberos keys will not yet exist in the IPA user entries, and consequently users will not be able to log in. If such a configuration is required, users can be directed to a specific web page on the IPA server after the data has been loaded into the IPA server. This page will prompt the user for their password and perform an LDAP bind. The DS password plug-in will capture these passwords and generate the Kerberos keys.
- </div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">B.2.3. Phase 3: Installing and Configuring SSSD</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Phase_3_Installing_and_Configuring_SSSD-To_install_and_configure_SSSD"><h5 class="formalpara">To install and configure SSSD:</h5>
+ </div></div></div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">C.2.3. Phase 3: Installing and Configuring SSSD</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Phase_3_Installing_and_Configuring_SSSD-To_install_and_configure_SSSD"><h5 class="formalpara">To install and configure SSSD:</h5>
<div class="orderedlist"><ol><li class="listitem"><div class="para">
Install SSSD on the machines that can support it:
</div><div class="para">
@@ -58,13 +58,13 @@
Configure SSSD to use IPA as a back end (Kerberos and LDAP). Installing SSSD and enrolling the client with IPA will ensure delivery of the machine Kerberos key and server certificate to the client. Refer to
</div></li></ol></div>
- </div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users">B.2.4. Phase 4: Migrating Users</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Phase_4_Migrating_Users-To_migrate_the_users_from_DS_to_IPA"><h5 class="formalpara">To migrate the users from DS to IPA:</h5>
+ </div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_4_Migrating_Users">C.2.4. Phase 4: Migrating Users</h3></div></div></div><div class="formalpara" id="form-Enterprise_Identity_Management_Guide-Phase_4_Migrating_Users-To_migrate_the_users_from_DS_to_IPA"><h5 class="formalpara">To migrate the users from DS to IPA:</h5>
<div class="orderedlist"><ol><li class="listitem"><div class="para">
- Instruct users to log in to IPA using either an SSSD client or a client that supports PAM_LDAP with startTLS and simple bind. An SSSD client configured as described in <a class="xref" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">Section B.2.3, “Phase 3: Installing and Configuring SSSD”</a> will perform a silent migration. Clients configured with startTLS and simple bind will also trigger key generation. A Kerberos key is created the first time a user logs in, and this key is stored in the IPA back end.
+ Instruct users to log in to IPA using either an SSSD client or a client that supports PAM_LDAP with startTLS and simple bind. An SSSD client configured as described in <a class="xref" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Server_based_Migration.html#sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_3_Installing_and_Configuring_SSSD">Section C.2.3, “Phase 3: Installing and Configuring SSSD”</a> will perform a silent migration. Clients configured with startTLS and simple bind will also trigger key generation. A Kerberos key is created the first time a user logs in, and this key is stored in the IPA back end.
</div></li><li class="listitem"><div class="para">
As the migration of the user population progresses (that is, as the Kerberos keys are generated on the IPA server), you can begin to configure other, non-SSSD clients to suit your requirements.
</div></li></ol></div>
- </div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS">B.2.5. Phase 5: Decommission the DS</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ </div></div><div class="section" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS"><div class="titlepage"><div><div><h3 class="title" id="sect-Enterprise_Identity_Management_Guide-Performing_a_Server_based_Migration-Phase_5_Decommission_the_DS">C.2.5. Phase 5: Decommission the DS</h3></div></div></div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
When the migration of all clients and users is complete, decommission the DS.
- </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Migrating_from_a_Directory_Server_to_IPA.html"><strong>Prev</strong>Appendix B. Migrating from a Directory Server to ...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html"><strong>Next</strong>B.3. Performing a Client-based Migration</a></li></ul></body></html>
+ </div></li></ul></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Migrating_from_a_Directory_Server_to_IPA.html"><strong>Prev</strong>Appendix C. Migrating from a Directory Server to ...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Enterprise_Identity_Management_Guide-Migrating_from_a_Directory_Server_to_IPA-Performing_a_Client_based_Migration.html"><strong>Next</strong>C.3. Performing a Client-based Migration</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html
index b695ea4..1bb1ca8 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Prerequisites-Setting_up_Active_Directory.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.2. Setting up Active Directory</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.2. Setting up Active Directory</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html
index ee27cab..2198d8f 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Creating_Synchronization_Agreements.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.4. Creating Synchronization Agreements</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.4. Creating Synchronization Agreements</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html
index ccca71d..f9f8969 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Deleting_Synchronization_Agreements.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.6. Deleting Synchronization Agreements</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.6. Deleting Synchronization Agreements</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html
index 8287c89..09d63af 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Setting_up_Synchronization_Between_IPA_and_Active_Directory-Modifying_Synchronization_Agreements.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.5. Modifying Synchronization Agreements</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.5. Modifying Synchronization Agreements</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html
index d3e6f8b..2be17fb 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sect-Enterprise_Identity_Management_Guide-Troubleshooting_IPA_Servers-Winsync_Agreement_Failures.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.7. Winsync Agreement Failures</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>8.7. Winsync Agreement Failures</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/server-config.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/server-config.html
index 4721378..4508e2e 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/server-config.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/server-config.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 13. Configuring the FreeIPA Server</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 13. Configuring the FreeIPA Server</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="configuring-sudo.html" title="12.2. Configuring sudo" /><link rel="next" href="disabling-anon-binds.html" title="13.2. Disabling Anonymous Binds" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="configuring-sudo.html"><strong>Prev</strong></a></li><li class="next"><a acces
skey="n" href="disabling-anon-binds.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="server-config" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 13. Configuring the FreeIPA Server</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="server-config.html#managing-access-to-ipa">13.1. Defining Access Controls within FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="server-config.html#Server_side_Access_Control">13.1.1. Server-side Access Control</a></span></dt><dt><span class="section"><a href="server-config.html#creating-roles">13.1.2. Creating Roles</a></span></dt><dt><span class="section"><a href="server-config.html#self-service">13.1.3. Defining Self-Service Settings</a></span></dt></dl></dd><dt><span class="section"><a href="disabling-anon-binds.html">13.2. Disabling Anonymous Binds</a></span></dt><dt><span class="section"><a href="Managing-Unique_UID_and_GID_Attributes.h
tml">13.3. Managing Unique UID and GID Number Assignments</a></span></dt><dd><dl><dt><span class="section"><a href="Managing-Unique_UID_and_GID_Attributes.html#id-ranges-at-install">13.3.1. About ID Range Assignments During Installation</a></span></dt><dt><span class="section"><a href="Managing-Unique_UID_and_GID_Attributes.html#Assigning_UIDs_and_GIDs-Adding_New_Ranges">13.3.2. Adding New Ranges</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_Certificates_and_Certificate_Authorities.html">13.4. Configuring Certificates and Certificate Authorities</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_Certificates_and_Certificate_Authorities.html#Configuring_Certificates_and_Certificate_Authorities-Installing_Your_Own_Certificate">13.4.1. Installing Your Own Certificate</a></span></dt><dt><span class="section"><a href="Configuring_Certificates_and_Certificate_Authorities.html#Configuring_Certificates_and_Certificate_Authorities-Using_Yo
ur_Own_Certificate_with_Firefox">13.4.2. Using Your Own Certificate with Firefox</a></span></dt><dt><span class="section"><a href="Configuring_Certificates_and_Certificate_Authorities.html#Using_OCSP">13.4.3. Using OCSP</a></span></dt></dl></dd><dt><span class="section"><a href="ipa-apache.html">13.5. Setting a FreeIPA Server as an Apache Virtual Host</a></span></dt><dt><span class="section"><a href="ipa-cluster.html">13.6. Using FreeIPA in a Cluster</a></span></dt><dd><dl><dt><span class="section"><a href="ipa-cluster.html#Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment">13.6.1. Configuring Kerberos Credentials for a Clustered Environment</a></span></dt><dt><span class="section"><a href="ipa-cluster.html#Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services">13.6.2. Using the Same Service Principal for Multiple Services</a></span></dt></dl></dd><dt><span class="section"><a
href="logging.html">13.7. FreeIPA Server Logging</a></span></dt><dt><span class="section"><a href="promoting-replica.html">13.8. Promoting a Read-Only Replica to a FreeIPA Server</a></span></dt><dt><span class="section"><a href="upgrading-server.html">13.9. Testing Before Upgrading the FreeIPA Server</a></span></dt></dl></div><div class="section" id="managing-access-to-ipa"><div class="titlepage"><div><div><h2 class="title" id="managing-access-to-ipa">13.1. Defining Access Controls within FreeIPA</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="configuring-sudo.html" title="12.2. Configuring sudo" /><link rel="next" href="disabling-anon-binds.html" title="13.2. Disabling Anonymous Binds" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="configuring-sudo.html"><strong>Prev</strong></a></li><li class="next"><a acces
skey="n" href="disabling-anon-binds.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="server-config" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 13. Configuring the FreeIPA Server</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="server-config.html#managing-access-to-ipa">13.1. Defining Access Controls within FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="server-config.html#Server_side_Access_Control">13.1.1. Server-side Access Control</a></span></dt><dt><span class="section"><a href="server-config.html#creating-roles">13.1.2. Creating Roles</a></span></dt><dt><span class="section"><a href="server-config.html#self-service">13.1.3. Defining Self-Service Settings</a></span></dt></dl></dd><dt><span class="section"><a href="disabling-anon-binds.html">13.2. Disabling Anonymous Binds</a></span></dt><dt><span class="section"><a href="Managing-Unique_UID_and_GID_Attributes.h
tml">13.3. Managing Unique UID and GID Number Assignments</a></span></dt><dd><dl><dt><span class="section"><a href="Managing-Unique_UID_and_GID_Attributes.html#id-ranges-at-install">13.3.1. About ID Range Assignments During Installation</a></span></dt><dt><span class="section"><a href="Managing-Unique_UID_and_GID_Attributes.html#Assigning_UIDs_and_GIDs-Adding_New_Ranges">13.3.2. Adding New Ranges</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_Certificates_and_Certificate_Authorities.html">13.4. Configuring Alternate Certificate Authorities</a></span></dt><dt><span class="section"><a href="Using_OCSP.html">13.5. Configuring OCSP Responders</a></span></dt><dd><dl><dt><span class="section"><a href="Using_OCSP.html#ocsp-interval">13.5.1. Changing the CRL Update Interval</a></span></dt><dt><span class="section"><a href="Using_OCSP.html#ocsp-location">13.5.2. Changing the OCSP Responder Location</a></span></dt></dl></dd><dt><span class="section"><a href="i
pa-apache.html">13.6. Setting a FreeIPA Server as an Apache Virtual Host</a></span></dt><dt><span class="section"><a href="ipa-cluster.html">13.7. Using FreeIPA in a Cluster</a></span></dt><dd><dl><dt><span class="section"><a href="ipa-cluster.html#Implementing_IPA_in_a_Clustered_Environment-Configuring_Kerberos_Credentials_for_a_Clustered_Environment">13.7.1. Configuring Kerberos Credentials for a Clustered Environment</a></span></dt><dt><span class="section"><a href="ipa-cluster.html#Implementing_IPA_in_a_Clustered_Environment-Using_the_Same_Service_Principal_for_Multiple_Services">13.7.2. Using the Same Service Principal for Multiple Services</a></span></dt></dl></dd><dt><span class="section"><a href="logging.html">13.8. FreeIPA Server Logging</a></span></dt><dt><span class="section"><a href="promoting-replica.html">13.9. Promoting a Read-Only Replica to a FreeIPA Server</a></span></dt><dt><span class="section"><a href="upgrading-server.html">13.10. Testing Before Upgradi
ng the FreeIPA Server</a></span></dt></dl></div><div class="section" id="managing-access-to-ipa"><div class="titlepage"><div><div><h2 class="title" id="managing-access-to-ipa">13.1. Defining Access Controls within FreeIPA</h2></div></div></div><div class="para">
Access control is a mechanism which defines user access. That is, it defines the rights that users and other objects have been granted in order to perform operations on other users or objects. When the FreeIPA directory server receives a request, it uses the authentication information provided by the user in the bind operation together with <em class="firstterm">access control instructions (ACIs)</em> defined in the server to allow or deny access to directory information. The server can allow or deny permissions for actions, such as read, write, search, and compare, on directory server entries. The permission level granted to a user may depend on the authentication information provided.
</div><div class="para">
FreeIPA implements a number of different methods for controlling access to the various objects, commands and processes that exist within a FreeIPA domain. This includes a Kerberos Ticket Policy, a Password Policy, Host-based Access Control and SUDO Command Policies for controlling client access to services and commands; that is, outside of the FreeIPA server, and a separate Access Control Model for controlling server-side objects; that is, LDAP entries within the FreeIPA server.
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/server-tools.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/server-tools.html
index 308d2f7..07ec037 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/server-tools.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/server-tools.html
@@ -1,432 +1,456 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>B.2. Server Scripts</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.5" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>B.2. Server Scripts</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="tools-reference.html" title="Appendix B. FreeIPA Tools Reference" /><link rel="prev" href="tools-reference.html" title="Appendix B. FreeIPA Tools Reference" /><link rel="next" href="client-tools.html" title="B.3. Client Scripts" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="tools-reference.html"><strong>Prev</strong></a></li><li class="next"><a a
ccesskey="n" href="client-tools.html"><strong>Next</strong></a></li></ul><div class="section" id="server-tools"><div class="titlepage"><div><div><h2 class="title" id="server-tools">B.2. Server Scripts</h2></div></div></div><div class="para">
- XXXXXXXXXXXXX
- </div><div class="section" id="ipa-compat-manage"><div class="titlepage"><div><div><h3 class="title" id="ipa-compat-manage">B.2.1. ipa-compat-manage</h3></div></div></div><div class="para">
- Description
- </div><div class="section" id="ipa-compat-manage-location"><div class="titlepage"><div><div><h4 class="title" id="ipa-compat-manage-location">B.2.1.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="tools-reference.html" title="Appendix B. FreeIPA Tools Reference" /><link rel="prev" href="tools-reference.html" title="Appendix B. FreeIPA Tools Reference" /><link rel="next" href="client-tools.html" title="B.3. Client Scripts" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="tools-reference.html"><strong>Prev</strong></a></li><li class="next"><a a
ccesskey="n" href="client-tools.html"><strong>Next</strong></a></li></ul><div class="section" id="server-tools"><div class="titlepage"><div><div><h2 class="title" id="server-tools">B.2. Server Scripts</h2></div></div></div><div class="section" id="ipa-replica-install"><div class="titlepage"><div><div><h3 class="title" id="ipa-replica-install">B.2.1. ipa-replica-install</h3></div></div></div><div class="para">
+ Uses a configuration file based on an existing FreeIPA server to create a replica, or copy, of that server. Once the replica is created, it functions as an equal participant and mirror of the original FreeIPA server within the FreeIPA domain. Any changes made on the server or any other replica are automatically propagated over to the other replicas and server.
+ </div><div class="para">
+ A replica is created using a file that contains all of the configuration for the FreeIPA server. This initial file is created by running the <code class="command">ipa-replica-prepare</code> on the FreeIPA server. Then the file is copied over to the replica machine, and the <code class="command">ipa-replica-install</code> script is run.
+ </div><div class="para">
+ As with the server and client install scripts, any replica arguments which require a parameter value (such as the Directory Manager password) will be prompted for during installation, unless the argument is passed with the command. Parameters with Boolean values (like configuring DNS) will assume that the default value should be used unless the argument is passed with the command.
+ </div><div class="section" id="ipa-replica-install-location"><div class="titlepage"><div><div><h4 class="title" id="ipa-replica-install-location">B.2.1.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
Description
</th><th>
Location
</th></tr></thead><tbody><tr><td>
Tool directory
</td><td>
- Location
+ /usr/sbin
</td></tr><tr><td>
Package
</td><td>
ipa-server
- </td></tr></tbody></table></div></div><div class="section" id="ipa-compat-manage-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-compat-manage-syntax">B.2.1.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">PKCS12Export</code>
- -d <em class="replaceable"><code>/path/to/cert-directory</code></em>
- [
- -debug
- ]</p></div></div><div class="section" id="ipa-compat-manage-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-compat-manage-options">B.2.1.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Parameter
+ </td></tr></tbody></table></div></div><div class="section" id="ipa-replica-install-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-replica-install-syntax">B.2.1.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">ipa-replica-install</code> [
+ <em class="replaceable"><code>options</code></em>
+ ]
+ <em class="replaceable"><code>/path/to/replica_file</code></em>
+ </p></div></div><div class="section" id="ipa-replica-install-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-replica-install-options">B.2.1.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="33%" /><col width="33%" /><col width="33%" /></colgroup><thead><tr><th>
+ Short Parameter
+ </th><th>
+ Long Parameter
</th><th>
Description
</th></tr></thead><tbody><tr><td>
- Tool directory
+ <span class="emphasis"><em>file</em></span>
</td><td>
- Location
+
+ </td><td>
+ Gives the full path and filename of the replica initialization file that was created from the FreeIPA server configuration.
</td></tr><tr><td>
- Package
+ -N
</td><td>
- Location
- </td></tr></tbody></table></div></div></div><div class="section" id="ipa-compliance"><div class="titlepage"><div><div><h3 class="title" id="ipa-compliance">B.2.2. ipa-compliance</h3></div></div></div><div class="para">
- Description
- </div><div class="section" id="ipa-compliance-location"><div class="titlepage"><div><div><h4 class="title" id="ipa-compliance-location">B.2.2.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Description
- </th><th>
- Location
- </th></tr></thead><tbody><tr><td>
- Tool directory
+ --no-ntp
</td><td>
- Location
+ Does not configure NTP on the replica system.
</td></tr><tr><td>
- Package
+ -d
</td><td>
- ipa-server
- </td></tr></tbody></table></div></div><div class="section" id="ipa-compliance-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-compliance-syntax">B.2.2.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">PKCS12Export</code>
- -d <em class="replaceable"><code>/path/to/cert-directory</code></em>
- [
- -debug
- ]</p></div></div><div class="section" id="ipa-compliance-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-compliance-options">B.2.2.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Parameter
- </th><th>
- Description
- </th></tr></thead><tbody><tr><td>
- Tool directory
+ --debug
</td><td>
- Location
+ Prints additional debug information.
</td></tr><tr><td>
- Package
+ -p
</td><td>
- Location
- </td></tr></tbody></table></div></div></div><div class="section" id="ipa-dns-install"><div class="titlepage"><div><div><h3 class="title" id="ipa-dns-install">B.2.3. ipa-dns-install</h3></div></div></div><div class="para">
- Description
- </div><div class="section" id="ipa-dns-install-location"><div class="titlepage"><div><div><h4 class="title" id="ipa-dns-install-location">B.2.3.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Description
- </th><th>
- Location
- </th></tr></thead><tbody><tr><td>
- Tool directory
+ --password
</td><td>
- Location
+ Gives the Directory Manager password for the FreeIPA domain.
</td></tr><tr><td>
- Package
+ -w
</td><td>
- ipa-server
- </td></tr></tbody></table></div></div><div class="section" id="ipa-dns-install-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-dns-install-syntax">B.2.3.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">PKCS12Export</code>
- -d <em class="replaceable"><code>/path/to/cert-directory</code></em>
- [
- -debug
- ]</p></div></div><div class="section" id="ipa-dns-install-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-dns-install-options">B.2.3.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Parameter
- </th><th>
- Description
- </th></tr></thead><tbody><tr><td>
- Tool directory
+ --admin-password
</td><td>
- Location
+ Gives the Kerberos password for the FreeIPA <code class="command">admin</code> user. This is used to check Kerberos and domain connectivity on the replica.
</td></tr><tr><td>
- Package
+
</td><td>
- Location
- </td></tr></tbody></table></div></div></div><div class="section" id="ipa-host-net-manage"><div class="titlepage"><div><div><h3 class="title" id="ipa-host-net-manage">B.2.4. ipa-host-net-manage</h3></div></div></div><div class="para">
- Description
- </div><div class="section" id="ipa-host-net-manage-location"><div class="titlepage"><div><div><h4 class="title" id="ipa-host-net-manage-location">B.2.4.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Description
- </th><th>
- Location
- </th></tr></thead><tbody><tr><td>
- Tool directory
+ --setup-dns
</td><td>
- Location
+ Sets up DNS services on the replica machine to connect to the FreeIPA DNS domain. If this is not used, then the default value is false, which does not enable DNS.
</td></tr><tr><td>
- Package
+
</td><td>
- ipa-server
- </td></tr></tbody></table></div></div><div class="section" id="ipa-host-net-manage-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-host-net-manage-syntax">B.2.4.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">PKCS12Export</code>
- -d <em class="replaceable"><code>/path/to/cert-directory</code></em>
- [
- -debug
- ]</p></div></div><div class="section" id="ipa-host-net-manage-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-host-net-manage-options">B.2.4.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Parameter
- </th><th>
- Description
- </th></tr></thead><tbody><tr><td>
- Tool directory
+ --forwarder
</td><td>
- Location
+ Gives a comma-separated list of IP addresses for DNS forwarders.
</td></tr><tr><td>
- Package
+
</td><td>
- Location
- </td></tr></tbody></table></div></div></div><div class="section" id="ipa_kpasswd"><div class="titlepage"><div><div><h3 class="title" id="ipa_kpasswd">B.2.5. ipa_kpasswd</h3></div></div></div><div class="para">
- Description
- </div><div class="section" id="ipa_kpasswd-location"><div class="titlepage"><div><div><h4 class="title" id="ipa_kpasswd-location">B.2.5.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Description
- </th><th>
- Location
- </th></tr></thead><tbody><tr><td>
- Tool directory
+ --no-forwarders
</td><td>
- Location
+ Disables DNS forwarder configuration and uses only domain root servers. If this is not used, then the default value is false, which prompts for DNS forwarder information.
</td></tr><tr><td>
- Package
+
</td><td>
- ipa-server
- </td></tr></tbody></table></div></div><div class="section" id="ipa_kpasswd-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa_kpasswd-syntax">B.2.5.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">PKCS12Export</code>
- -d <em class="replaceable"><code>/path/to/cert-directory</code></em>
- [
- -debug
- ]</p></div></div><div class="section" id="ipa_kpasswd-options"><div class="titlepage"><div><div><h4 class="title" id="ipa_kpasswd-options">B.2.5.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Parameter
- </th><th>
- Description
- </th></tr></thead><tbody><tr><td>
- Tool directory
+ --no-reverse
</td><td>
- Location
+ Disables reverse DNS configuration. If this is not used, then the default value is true, which assumes that reverse DNS should be configured.
</td></tr><tr><td>
- Package
+
</td><td>
- Location
- </td></tr></tbody></table></div></div></div><div class="section" id="ipa-ldap-updater"><div class="titlepage"><div><div><h3 class="title" id="ipa-ldap-updater">B.2.6. ipa-ldap-updater</h3></div></div></div><div class="para">
- Description
- </div><div class="section" id="ipa-ldap-updater-location"><div class="titlepage"><div><div><h4 class="title" id="ipa-ldap-updater-location">B.2.6.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Description
- </th><th>
- Location
- </th></tr></thead><tbody><tr><td>
- Tool directory
+ --no-host-dns
</td><td>
- Location
+ Disables host DNS lookups during the replica installation process. If this is not used, then the default value is true, which performs the host DNS lookups.
</td></tr><tr><td>
- Package
+
</td><td>
- ipa-server
- </td></tr></tbody></table></div></div><div class="section" id="ipa-ldap-updater-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-ldap-updater-syntax">B.2.6.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">PKCS12Export</code>
- -d <em class="replaceable"><code>/path/to/cert-directory</code></em>
- [
- -debug
- ]</p></div></div><div class="section" id="ipa-ldap-updater-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-ldap-updater-options">B.2.6.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Parameter
- </th><th>
- Description
- </th></tr></thead><tbody><tr><td>
- Tool directory
+ --no-pkinit
</td><td>
- Location
+ Disables PKI (Dogtag Certificate System) configuration. If this is not used, then the default value is true, which assumes that a local Dogtag Certificate System CA should be configured.
</td></tr><tr><td>
- Package
+
</td><td>
- Location
- </td></tr></tbody></table></div></div></div><div class="section" id="ipa-nis-manage"><div class="titlepage"><div><div><h3 class="title" id="ipa-nis-manage">B.2.7. ipa-nis-manage</h3></div></div></div><div class="para">
- Description
- </div><div class="section" id="ipa-nis-manage-location"><div class="titlepage"><div><div><h4 class="title" id="ipa-nis-manage-location">B.2.7.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
+ --skip-conncheck
+ </td><td>
+ <div class="para">
+ Disables checks for the replica's connection to the FreeIPA domain. If this is not used, then the default value is true, which checks that the replica can connect to the Kerberos realm.
+ </div>
+ <div class="para">
+ This can be useful if the replica is unable to reach the Directory Server or the CA used by the original FreeIPA server, such as the server is offline or the server's firewall is blocking access on the required ports (<a class="xref" href="installing-ipa.html#prereq-ports">Section 1.1.3.3, “System Ports”</a>).
+ </div>
+
+ </td></tr><tr><td>
+ -U
+ </td><td>
+ --unattended
+ </td><td>
+ Disables user prompts so that the replica installation script runs without user interaction.
+ </td></tr></tbody></table></div></div></div><div class="section" id="ipa-replica-prepare"><div class="titlepage"><div><div><h3 class="title" id="ipa-replica-prepare">B.2.2. ipa-replica-prepare</h3></div></div></div><div class="para">
+ Creates a file that can be used to create a copy, or <span class="emphasis"><em>replica</em></span>, of the FreeIPA server.
+ </div><div class="para">
+ Each replica initialization file is unique to the replica machine because the configuration is based, in part, on the IP address and hostname of the replica machine. This host-specific configuration is especially critical for setting up services like Kerberos which use SSL because SSL certificates are created based on the hostname.
+ </div><div class="para">
+ When the replica file is created, the prep script requires the hostname and, optionally, accepts the IP address.
+ </div><div class="para">
+ Once the configuration file is created on the server using the <code class="command">ipa-replica-prepare</code> command, then the replica file is copied over to the replica machine and the replica is configured using the <code class="command">ipa-replica-prepare</code> command.
+ </div><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+ If DNS is managed by FreeIPA, then use either the <code class="option">--ip-address</code> option or configure DNS forwarders and allow reverse DNS lookups.
+ </div></div></div><div class="section" id="ipa-replica-prepare-location"><div class="titlepage"><div><div><h4 class="title" id="ipa-replica-prepare-location">B.2.2.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
Description
</th><th>
Location
</th></tr></thead><tbody><tr><td>
Tool directory
</td><td>
- Location
+ /usr/sbin
</td></tr><tr><td>
Package
</td><td>
ipa-server
- </td></tr></tbody></table></div></div><div class="section" id="ipa-nis-manage-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-nis-manage-syntax">B.2.7.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">PKCS12Export</code>
- -d <em class="replaceable"><code>/path/to/cert-directory</code></em>
- [
- -debug
- ]</p></div></div><div class="section" id="ipa-nis-manage-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-nis-manage-options">B.2.7.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
+ </td></tr></tbody></table></div></div><div class="section" id="ipa-replica-prepare-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-replica-prepare-syntax">B.2.2.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">ipa-replica-prepare</code> [
+ --dirsrv_pkcs12=<em class="replaceable"><code>file</code></em>
+ ] [
+ --http_pkcs12=<em class="replaceable"><code>file</code></em>
+ ] [
+ --dirsrv_pin=<em class="replaceable"><code>pin</code></em>
+ ] [
+ --http_pin=<em class="replaceable"><code>pin</code></em>
+ ] [
+ --ip-address=<em class="replaceable"><code>ipAddress</code></em>
+ ]
+ <em class="replaceable"><code>hostname</code></em>
+ </p></div></div><div class="section" id="ipa-replica-prepare-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-replica-prepare-options">B.2.2.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
Parameter
</th><th>
Description
</th></tr></thead><tbody><tr><td>
- Tool directory
+ --dirsrv_pkcs12
</td><td>
- Location
+ Gives the full path and filename of a PKCS #12 file (.p12) which contains the Directory Server's SSL certificate.
</td></tr><tr><td>
- Package
+ --dirsrv_pin
</td><td>
- Location
- </td></tr></tbody></table></div></div></div><div class="section" id="ipa-replica-install"><div class="titlepage"><div><div><h3 class="title" id="ipa-replica-install">B.2.8. ipa-replica-install</h3></div></div></div><div class="para">
- Description
- </div><div class="section" id="ipa-replica-install-location"><div class="titlepage"><div><div><h4 class="title" id="ipa-replica-install-location">B.2.8.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
+ Gives the password to access the Directory Server certificate file.
+ </td></tr><tr><td>
+ --http_pkcs12
+ </td><td>
+ Gives the full path and filename of a PKCS #12 file (.p12) which contains the Apache server's SSL certificate.
+ </td></tr><tr><td>
+ --http_pin
+ </td><td>
+ Gives the password to access the Apache certificate file.
+ </td></tr><tr><td>
+ --ip-address
+ </td><td>
+ Gives the IP address of the replica server. Using this option automatically adds A and PTR records for the replica host to the FreeIPA DNS configuration.
+ </td></tr></tbody></table></div></div></div><div class="section" id="ipa-server-install"><div class="titlepage"><div><div><h3 class="title" id="ipa-server-install">B.2.3. ipa-server-install</h3></div></div></div><div class="para">
+ Configures all of the services used by the FreeIPA server for the FreeIPA domain:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Dogtag Certificate System, for issuing server certificates
+ </div></li><li class="listitem"><div class="para">
+ 389 Directory Server, for storing all of the FreeIPA information
+ </div></li><li class="listitem"><div class="para">
+ The Kerberos KDC, with the LDAP backend
+ </div></li><li class="listitem"><div class="para">
+ Apache, for the web-based services
+ </div></li><li class="listitem"><div class="para">
+ NTP
+ </div></li><li class="listitem"><div class="para">
+ The <code class="command">ipa_kpasswd</code> service
+ </div></li><li class="listitem"><div class="para">
+ Optionally, DNS
+ </div></li></ul></div><div class="para">
+ This script can be run interactively, which prompts for many of the server values, or information can be passed directly to the script so that the server can be configured without human intervention.
+ </div><div class="para">
+ The FreeIPA server configuration is very flexible. The setup script allows some customization to services like DNS, NTP, certificate issuance, and access control in FreeIPA so that the server can be suited to the network environment.
+ </div><div class="section" id="ipa-server-install-location"><div class="titlepage"><div><div><h4 class="title" id="ipa-server-install-location">B.2.3.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
Description
</th><th>
Location
</th></tr></thead><tbody><tr><td>
Tool directory
</td><td>
- Location
+ /usr/sbin
</td></tr><tr><td>
Package
</td><td>
ipa-server
- </td></tr></tbody></table></div></div><div class="section" id="ipa-replica-install-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-replica-install-syntax">B.2.8.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">PKCS12Export</code>
- -d <em class="replaceable"><code>/path/to/cert-directory</code></em>
- [
- -debug
- ]</p></div></div><div class="section" id="ipa-replica-install-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-replica-install-options">B.2.8.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Parameter
+ </td></tr></tbody></table></div></div><div class="section" id="ipa-server-install-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-server-install-syntax">B.2.3.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">ipa-server-install</code>
+ -a <em class="replaceable"><code>ipa_admin_password</code></em>
+
+ --hostname=<em class="replaceable"><code>hostname</code></em>
+
+ -p <em class="replaceable"><code>directory_manager_password</code></em>
+
+ -n <em class="replaceable"><code>domain_name</code></em>
+
+ -r <em class="replaceable"><code>realm_name</code></em>
+ [[
+ --external-ca
+ ] | [
+ --external_ca_file=<em class="replaceable"><code>CA_cert_chain_file</code></em>
+ ] | [
+ --external_cert_file=<em class="replaceable"><code>certificate_file</code></em>
+ ]] [
+ --selfsign
+ ] [
+ --subject=<em class="replaceable"><code>subject_DN</code></em>
+ ] [
+ --forwarder=<em class="replaceable"><code>forwarder</code></em>
+ ] [
+ --no-forwarders
+ ] [
+ --no-reverse
+ ] [
+ --setup-dns
+ ] [
+ --zonemgr=<em class="replaceable"><code>email_address</code></em>
+ ] [
+ --ip-address=<em class="replaceable"><code>ip_address</code></em>
+ ] [
+ -P <em class="replaceable"><code>kerberos_master_password</code></em>
+ ] [
+ --no-ntp
+ ] [
+ --idmax=<em class="replaceable"><code>number</code></em>
+ ] [
+ --idstart=<em class="replaceable"><code>number</code></em>
+ ] [
+ --no_hbac_allow
+ ] [
+ --no-host-dns
+ ] [
+ -U
+ ] [
+ --uninstall
+ ] [
+ --debug
+ ] [
+ --help
+ ] [
+ --version
+ ]</p></div></div><div class="section" id="ipa-server-install-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-server-install-options">B.2.3.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="33%" /><col width="33%" /><col width="33%" /></colgroup><thead><tr><th>
+ Argument
+ </th><th>
+ Alternate Argument
</th><th>
Description
- </th></tr></thead><tbody><tr><td>
- Tool directory
+ </th></tr></thead><tbody><tr><td colspan="3">
+ <span class="bold bold"><strong>Required Options</strong></span><sup>[<a id="id3111955" href="#ftn.id3111955" class="footnote">a</a>]</sup>
+ </td></tr><tr><td>
+ -a <span class="emphasis"><em>ipa_admin_password</em></span>
</td><td>
- Location
+ --admin-password=<span class="emphasis"><em>ipa_admin_password</em></span>
+ </td><td>
+ The password for the FreeIPA administrator. This is used for the admin user to authenticate to the Kerberos realm.
</td></tr><tr><td>
- Package
+ --hostname=<span class="emphasis"><em>hostname</em></span>
</td><td>
- Location
- </td></tr></tbody></table></div></div></div><div class="section" id="ipa-replica-manage"><div class="titlepage"><div><div><h3 class="title" id="ipa-replica-manage">B.2.9. ipa-replica-manage</h3></div></div></div><div class="para">
- Description
- </div><div class="section" id="ipa-replica-manage-location"><div class="titlepage"><div><div><h4 class="title" id="ipa-replica-manage-location">B.2.9.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Description
- </th><th>
- Location
- </th></tr></thead><tbody><tr><td>
- Tool directory
+
</td><td>
- Location
+ The fully-qualified domain name of the FreeIPA server machine.
</td></tr><tr><td>
- Package
+ -n <span class="emphasis"><em>domain_name</em></span>
</td><td>
- ipa-server
- </td></tr></tbody></table></div></div><div class="section" id="ipa-replica-manage-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-replica-manage-syntax">B.2.9.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">PKCS12Export</code>
- -d <em class="replaceable"><code>/path/to/cert-directory</code></em>
- [
- -debug
- ]</p></div></div><div class="section" id="ipa-replica-manage-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-replica-manage-options">B.2.9.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Parameter
- </th><th>
- Description
- </th></tr></thead><tbody><tr><td>
- Tool directory
+ --domain=<span class="emphasis"><em>domain_name</em></span>
</td><td>
- Location
+ The name of the LDAP server domain to use for the FreeIPA domain. This is usually based on the FreeIPA server's hostname.
</td></tr><tr><td>
- Package
+ -p <span class="emphasis"><em>directory_manager_password</em></span>
</td><td>
- Location
- </td></tr></tbody></table></div></div></div><div class="section" id="ipa-replica-prepare"><div class="titlepage"><div><div><h3 class="title" id="ipa-replica-prepare">B.2.10. ipa-replica-prepare</h3></div></div></div><div class="para">
- Description
- </div><div class="section" id="ipa-replica-prepare-location"><div class="titlepage"><div><div><h4 class="title" id="ipa-replica-prepare-location">B.2.10.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Description
- </th><th>
- Location
- </th></tr></thead><tbody><tr><td>
- Tool directory
+ --ds-password=<span class="emphasis"><em>directory_manager_password</em></span>
</td><td>
- Location
+ The password for the superuser, <code class="command">cn=Directory Manager</code>, for the LDAP service.
</td></tr><tr><td>
- Package
+ -r <span class="emphasis"><em>realm_name</em></span>
</td><td>
- ipa-server
- </td></tr></tbody></table></div></div><div class="section" id="ipa-replica-prepare-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-replica-prepare-syntax">B.2.10.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">PKCS12Export</code>
- -d <em class="replaceable"><code>/path/to/cert-directory</code></em>
- [
- -debug
- ]</p></div></div><div class="section" id="ipa-replica-prepare-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-replica-prepare-options">B.2.10.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Parameter
- </th><th>
- Description
- </th></tr></thead><tbody><tr><td>
- Tool directory
+ --realm=<span class="emphasis"><em>realm_name</em></span>
</td><td>
- Location
+ The name of the Kerberos realm to create for the FreeIPA domain.
+ </td></tr><tr><td colspan="3">
+ <span class="bold bold"><strong>Certificate Authority Options</strong></span>
</td></tr><tr><td>
- Package
+ --external-ca
</td><td>
- Location
- </td></tr></tbody></table></div></div></div><div class="section" id="ipa-server-certinstall"><div class="titlepage"><div><div><h3 class="title" id="ipa-server-certinstall">B.2.11. ipa-server-certinstall</h3></div></div></div><div class="para">
- Description
- </div><div class="section" id="ipa-server-certinstall-location"><div class="titlepage"><div><div><h4 class="title" id="ipa-server-certinstall-location">B.2.11.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Description
- </th><th>
- Location
- </th></tr></thead><tbody><tr><td>
- Tool directory
+
</td><td>
- Location
+ Instructs the installation script to generate a certificate request that can be submitted to an external or third-party CA.
</td></tr><tr><td>
- Package
+ --external_ca_file=<span class="emphasis"><em>CA_cert_chain_file</em></span>
</td><td>
- ipa-server
- </td></tr></tbody></table></div></div><div class="section" id="ipa-server-certinstall-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-server-certinstall-syntax">B.2.11.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">PKCS12Export</code>
- -d <em class="replaceable"><code>/path/to/cert-directory</code></em>
- [
- -debug
- ]</p></div></div><div class="section" id="ipa-server-certinstall-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-server-certinstall-options">B.2.11.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Parameter
- </th><th>
- Description
- </th></tr></thead><tbody><tr><td>
- Tool directory
+
</td><td>
- Location
+ Points to the PKCS#10 file which contains the CA certificate chain of the external CA. This is required to validate the certificate issued by the CA for the FreeIPA server. If an external CA is used, this is required in a second invocation of <code class="command">ipa-server-install</code> to complete the setup process.
</td></tr><tr><td>
- Package
+ --external_cert_file=<span class="emphasis"><em>certificate_file</em></span>
</td><td>
- Location
- </td></tr></tbody></table></div></div></div><div class="section" id="ipa-server-install"><div class="titlepage"><div><div><h3 class="title" id="ipa-server-install">B.2.12. ipa-server-install</h3></div></div></div><div class="para">
- Description
- </div><div class="section" id="ipa-server-install-location"><div class="titlepage"><div><div><h4 class="title" id="ipa-server-install-location">B.2.12.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Description
- </th><th>
- Location
- </th></tr></thead><tbody><tr><td>
- Tool directory
+
</td><td>
- Location
+ Points to the PKCS#10 file which contains the certificate that was generated by an external CA. If an external CA is used, this is required in a second invocation of <code class="command">ipa-server-install</code> to complete the setup process.
</td></tr><tr><td>
- Package
+ --selfsign
</td><td>
- ipa-server
- </td></tr></tbody></table></div></div><div class="section" id="ipa-server-install-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-server-install-syntax">B.2.12.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">PKCS12Export</code>
- -d <em class="replaceable"><code>/path/to/cert-directory</code></em>
- [
- -debug
- ]</p></div></div><div class="section" id="ipa-server-install-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-server-install-options">B.2.12.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Parameter
- </th><th>
- Description
- </th></tr></thead><tbody><tr><td>
- Tool directory
+
</td><td>
- Location
+ Uses a self-signed certificate instead of a certificate issued by the internal Dogtag Certificate System or by an external CA. If this option is selected, then no Dogtag Certificate System instance is configured as part of the setup process, and the FreeIPA server itself functionally serves as a CA for clients in the domain. This is not recommended for production environments, but can be used in test or development environments.
</td></tr><tr><td>
- Package
+ --subject=<span class="emphasis"><em>subject_DN</em></span>
</td><td>
- Location
- </td></tr></tbody></table></div></div></div><div class="section" id="ipa-ugradeconfig"><div class="titlepage"><div><div><h3 class="title" id="ipa-ugradeconfig">B.2.13. ipa-upgradeconfig</h3></div></div></div><div class="para">
- Description
- </div><div class="section" id="ipa-upgradeconfig-location"><div class="titlepage"><div><div><h4 class="title" id="ipa-upgradeconfig-location">B.2.13.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Description
- </th><th>
- Location
- </th></tr></thead><tbody><tr><td>
- Tool directory
+
</td><td>
- Location
+ Sets the base element for the subject DN of the issued certificates. This defaults to <code class="command">O=</code><span class="emphasis"><em>realm</em></span>.
+ </td></tr><tr><td colspan="3">
+ <span class="bold bold"><strong>DNS Options</strong></span>
</td></tr><tr><td>
- Package
+ --forwarder=<span class="emphasis"><em>forwarder</em></span>
</td><td>
- ipa-server
- </td></tr></tbody></table></div></div><div class="section" id="ipa-upgradeconfig-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-upgradeconfig-syntax">B.2.13.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">PKCS12Export</code>
- -d <em class="replaceable"><code>/path/to/cert-directory</code></em>
- [
- -debug
- ]</p></div></div><div class="section" id="ipa-upgradeconfig-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-upgradeconfig-options">B.2.13.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Parameter
- </th><th>
- Description
- </th></tr></thead><tbody><tr><td>
- Tool directory
+
</td><td>
- Location
+ Gives a comma-separated list of DNS forwarders to use with the DNS service.
</td></tr><tr><td>
- Package
+ --no-forwarders
</td><td>
- Location
- </td></tr></tbody></table></div></div></div><div class="section" id="ipactl"><div class="titlepage"><div><div><h3 class="title" id="ipactl">B.2.14. ipactl</h3></div></div></div><div class="para">
- Description
- </div><div class="section" id="ipactl-location"><div class="titlepage"><div><div><h4 class="title" id="ipactl-location">B.2.14.1. Location</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Description
- </th><th>
- Location
- </th></tr></thead><tbody><tr><td>
- Tool directory
+
</td><td>
- Location
+ Uses root servers with the DNS service instead of forwarders.
</td></tr><tr><td>
- Package
+ --no-reverse
</td><td>
- ipa-server
- </td></tr></tbody></table></div></div><div class="section" id="ipactl-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipactl-syntax">B.2.14.2. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">PKCS12Export</code>
- -d <em class="replaceable"><code>/path/to/cert-directory</code></em>
- [
- -debug
- ]</p></div></div><div class="section" id="ipactl-options"><div class="titlepage"><div><div><h4 class="title" id="ipactl-options">B.2.14.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Parameter
- </th><th>
- Description
- </th></tr></thead><tbody><tr><td>
- Tool directory
+
</td><td>
- Location
+ Uses root servers with the DNS service instead of forwarders.
</td></tr><tr><td>
- Package
+ --setup-dns
</td><td>
- Location
- </td></tr></tbody></table></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="tools-reference.html"><strong>Prev</strong>Appendix B. FreeIPA Tools Reference</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="client-tools.html"><strong>Next</strong>B.3. Client Scripts</a></li></ul></body></html>
+
+ </td><td>
+ Tells the installation script to set up a DNS service within the FreeIPA domain. Using an integrated DNS service is optional, so if this option is not passed with the installation script, then no DNS is configured.
+ </td></tr><tr><td>
+ --zonemgr=<span class="emphasis"><em>email_address</em></span>
+ </td><td>
+
+ </td><td>
+ Gives the email address to use for the DNS zone manager. If none is given, this defaults to root.
+ </td></tr><tr><td colspan="3">
+ <span class="bold bold"><strong>Kerberos Options</strong></span>
+ </td></tr><tr><td>
+ --ip-address=<span class="emphasis"><em>ip_address</em></span>
+ </td><td>
+
+ </td><td>
+ Gives the IP address of the Kerberos master KDC. This can be used if there are multiple FreeIPA servers in the same realm.
+ </td></tr><tr><td>
+ -P <span class="emphasis"><em>kerberos_master_password</em></span>
+ </td><td>
+ --master-password=<span class="emphasis"><em>kerberos_master_password</em></span>
+ </td><td>
+ The password for the KDC account. This is randomly generated if no value is given.
+ </td></tr><tr><td colspan="3">
+ <span class="bold bold"><strong>NTP Options</strong></span>
+ </td></tr><tr><td>
+ -N, --no-ntp
+ </td><td>
+
+ </td><td>
+ Does <span class="emphasis"><em>not</em></span> configure the NTP service for the FreeIPA server. This is normally done by default.
+ <div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
+ If the FreeIPA server is running as a virtual guest, it should not run an NTP service.
+ </div></div></div>
+
+ </td></tr><tr><td colspan="3">
+ <span class="bold bold"><strong>FreeIPA Server Configuration Options</strong></span>
+ </td></tr><tr><td>
+ --idmax=<span class="emphasis"><em>number</em></span>
+ </td><td>
+
+ </td><td>
+ Sets the upper bound for IDs which can be assigned by the FreeIPA server. The default value is the ID start value plus 199999.
+ </td></tr><tr><td>
+ --idstart=<span class="emphasis"><em>number</em></span>
+ </td><td>
+
+ </td><td>
+ Sets the lower bound (starting value) for IDs which can be assigned by the FreeIPA server. The default value is randomly selected.
+ </td></tr><tr><td>
+ --no_hbac_allow
+ </td><td>
+
+ </td><td>
+ Disables the <code class="command">allow_all</code> rule for host-based access control in the FreeIPA domain.
+ </td></tr><tr><td colspan="3">
+ <span class="bold bold"><strong>Other Setup Options</strong></span>
+ </td></tr><tr><td>
+ --no-host-dns
+ </td><td>
+
+ </td><td>
+ Does <span class="emphasis"><em>not</em></span> use DNS to look up the hostname of the FreeIPA server machine during the installation process.
+ </td></tr><tr><td>
+ -U
+ </td><td>
+ --unattended
+ </td><td>
+ Runs the <code class="command">ipa-server-install</code> command without any interactive prompts.
+ </td></tr><tr><td>
+ --uninstall
+ </td><td>
+
+ </td><td>
+ Uninstalls an existing FreeIPA server.
+ </td></tr><tr><td colspan="3">
+ <span class="bold bold"><strong>General Tool Options</strong></span>
+ </td></tr><tr><td>
+ -d
+ </td><td>
+ --debug
+ </td><td>
+ Runs the <code class="command">ipa-server-install</code> command in debug mode and outputs debugging information.
+ </td></tr><tr><td>
+ -h
+ </td><td>
+ --help
+ </td><td>
+ Prints the help information for the <code class="command">ipa-server-install</code> command.
+ </td></tr><tr><td>
+ --version
+ </td><td>
+
+ </td><td>
+ Prints the version number of the <code class="command">ipa-server-install</code> command.
+ </td></tr></tbody><tbody class="footnotes"><tr><td colspan="3"><div class="footnote"><p><sup>[<a id="ftn.id3111955" href="#id3111955" class="para">a</a>] </sup>
+ The installation script will prompt for these options if they are not passed with the script.
+ </p></div></td></tr></tbody></table></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="tools-reference.html"><strong>Prev</strong>Appendix B. FreeIPA Tools Reference</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="client-tools.html"><strong>Next</strong>B.3. Client Scripts</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/setting-up-clients.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/setting-up-clients.html
index 70b75d8..b603b48 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/setting-up-clients.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/setting-up-clients.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 2. Setting up Systems as FreeIPA Clients</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 2. Setting up Systems as FreeIPA Clients</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="Uninstalling_IPA_Servers.html" title="1.5. Uninstalling FreeIPA Servers and Replicas" /><link rel="next" href="Installing_the_IPA_Client_on_Linux.html" title="2.2. Configuring a Fedora System as a FreeIPA Client" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Uninstallin
g_IPA_Servers.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Installing_the_IPA_Client_on_Linux.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="setting-up-clients" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 2. Setting up Systems as FreeIPA Clients</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="setting-up-clients.html#what-happens-clients">2.1. What Happens in Client Setup</a></span></dt><dt><span class="section"><a href="Installing_the_IPA_Client_on_Linux.html">2.2. Configuring a Fedora System as a FreeIPA Client</a></span></dt><dt><span class="section"><a href="Configuring_Microsoft_Windows.html">2.3. Configuring a Microsoft Windows System as a FreeIPA Client</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html">2.4. Configuring a Solaris System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section
"><a href="Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_10">2.4.1. Configuring Solaris 10</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_9">2.4.2. Configuring Solaris 9</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html">2.5. Configuring an HP-UX System as a FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_NTP">2.5.1. Configuring NTP</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_LDAP_Authentication">2.5.2. Configuring LDAP Authentication</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_Kerberos_and_PAM-Configuring_Kerberos">2.5.3. Co
nfiguring Kerberos</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_Kerberos_and_PAM-Configuring_PAM">2.5.4. Configuring PAM</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_SSH">2.5.5. Configuring SSH</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_Access_Control">2.5.6. Configuring Access Control</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#hp-test">2.5.7. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html">2.6. Configuring an AIX System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Prerequisites">2.6.1. Prerequisites</a></span></
dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication">2.6.2. Configuring the AIX Client</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html">2.7. Configuring a Macintosh OS X System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication">2.7.1. Configuring Kerberos Authentication</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_LDAP_Authorization">2.7.2. Configuring LDAP Authorization</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_the_LDAP_Authorization_Options">2.7.3. Co
nfiguring the LDAP Authorization Options</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_NTP">2.7.4. Configuring NTP</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#testing-config-on-mac">2.7.5. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="uninstalling-clients.html">2.8. Uninstalling a FreeIPA Client</a></span></dt></dl></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="Uninstalling_IPA_Servers.html" title="1.5. Uninstalling FreeIPA Servers and Replicas" /><link rel="next" href="Installing_the_IPA_Client_on_Linux.html" title="2.2. Configuring a Fedora System as a FreeIPA Client" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Uninstallin
g_IPA_Servers.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="Installing_the_IPA_Client_on_Linux.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="chapter" id="setting-up-clients" lang="en-US"><div class="titlepage"><div><div><h2 class="title">Chapter 2. Setting up Systems as FreeIPA Clients</h2></div></div></div><div class="toc"><dl><dt><span class="section"><a href="setting-up-clients.html#what-happens-clients">2.1. What Happens in Client Setup</a></span></dt><dt><span class="section"><a href="Installing_the_IPA_Client_on_Linux.html">2.2. Configuring a Fedora System as a FreeIPA Client</a></span></dt><dt><span class="section"><a href="Configuring_Microsoft_Windows.html">2.3. Configuring a Microsoft Windows System as a FreeIPA Client</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html">2.4. Configuring a Solaris System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section
"><a href="Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_10">2.4.1. Configuring Solaris 10</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris-Configuring_an_IPA_Client_on_Solaris_9">2.4.2. Configuring Solaris 9</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html">2.5. Configuring an HP-UX System as a FreeIPA</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_NTP">2.5.1. Configuring NTP</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_LDAP_Authentication">2.5.2. Configuring LDAP Authentication</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_Kerberos_and_PAM-Configuring_Kerberos">2.5.3. Co
nfiguring Kerberos</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_Kerberos_and_PAM-Configuring_PAM">2.5.4. Configuring PAM</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_SSH">2.5.5. Configuring SSH</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#Configuring_an_IPA_Client_on_HP_UX-Configuring_Access_Control">2.5.6. Configuring Access Control</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_HP_UX.html#hp-test">2.5.7. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html">2.6. Configuring an AIX System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Prerequisites">2.6.1. Prerequisites</a></span></
dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication">2.6.2. Configuring the AIX Client</a></span></dt></dl></dd><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html">2.7. Configuring a Macintosh OS X System as a FreeIPA Client</a></span></dt><dd><dl><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_Kerberos_Authentication">2.7.1. Configuring Kerberos Authentication</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_LDAP_Authorization">2.7.2. Configuring LDAP Authorization</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_the_LDAP_Authorization_Options">2.7.3. Co
nfiguring the LDAP Authorization Options</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#Configuring_an_IPA_Client_on_Macintosh_OS_X-Configuring_NTP">2.7.4. Configuring NTP</a></span></dt><dt><span class="section"><a href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html#testing-config-on-mac">2.7.5. Testing the Configuration</a></span></dt></dl></dd><dt><span class="section"><a href="troubleshooting-client-install.html">2.8. Troubleshooting Client Installations</a></span></dt><dt><span class="section"><a href="uninstalling-clients.html">2.9. Uninstalling a FreeIPA Client</a></span></dt></dl></div><div class="para">
A <span class="emphasis"><em>client</em></span> is any system which is a member of the FreeIPA domain. While this is frequently a Fedora system (and FreeIPA has special tools to make configuring Fedora clients very simple), machines with other operating systems can also be added to the FreeIPA domain.
</div><div class="para">
One important aspect of a FreeIPA client is that <span class="emphasis"><em>only</em></span> the system configuration determines whether the system is part of the domain. (The configuration includes things like belonging to the Kerberos domain, DNS domain, and having the proper authentication and certificate setup.) FreeIPA does not require any sort of agent or daemon running on a client.
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sudo.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sudo.html
index b9f5f2e..977c046 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sudo.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/sudo.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 12. Policy: Using sudo</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 12. Policy: Using sudo</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/tools-reference.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/tools-reference.html
index f18b420..323c70e 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/tools-reference.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/tools-reference.html
@@ -1,114 +1,12 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Appendix B. FreeIPA Tools Reference</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.5" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Appendix B. FreeIPA Tools Reference</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html" title="Appendix A. Frequently Asked Questions" /><link rel="next" href="server-tools.html" title="B.2. Server Scripts" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Enterprise_Identity_Mana
gement_Guide-Frequently_Asked_Questions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="server-tools.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="appendix" id="tools-reference" lang="en-US"><div class="titlepage"><div><div><h1 class="title">FreeIPA Tools Reference</h1></div></div></div><div class="toc"><dl><dt><span class="section"><a href="tools-reference.html#ipa">B.1. ipa</a></span></dt><dd><dl><dt><span class="section"><a href="tools-reference.html#ipa-location">B.1.1. Location</a></span></dt><dt><span class="section"><a href="tools-reference.html#ipa-syntax">B.1.2. Syntax</a></span></dt><dt><span class="section"><a href="tools-reference.html#ipa-commands">B.1.3. Commands</a></span></dt><dt><span class="section"><a href="tools-reference.html#ipa-options">B.1.4. Options</a></span></dt><dt><span class="section"><a href="tools-reference.html#ipa-command-automount">B.1.5. ipa automountlocation*</a></span></dt><dt><span cla
ss="section"><a href="tools-reference.html#ipa-command-automountmap">B.1.6. ipa automountmap*</a></span></dt><dt><span class="section"><a href="tools-reference.html#ipa-command-automountkey">B.1.7. ipa automountkey*</a></span></dt></dl></dd><dt><span class="section"><a href="server-tools.html">B.2. Server Scripts</a></span></dt><dd><dl><dt><span class="section"><a href="server-tools.html#ipa-compat-manage">B.2.1. ipa-compat-manage</a></span></dt><dt><span class="section"><a href="server-tools.html#ipa-compliance">B.2.2. ipa-compliance</a></span></dt><dt><span class="section"><a href="server-tools.html#ipa-dns-install">B.2.3. ipa-dns-install</a></span></dt><dt><span class="section"><a href="server-tools.html#ipa-host-net-manage">B.2.4. ipa-host-net-manage</a></span></dt><dt><span class="section"><a href="server-tools.html#ipa_kpasswd">B.2.5. ipa_kpasswd</a></span></dt><dt><span class="section"><a href="server-tools.html#ipa-ldap-updater">B.2.6. ipa-ldap-updater</a></span></dt
><dt><span class="section"><a href="server-tools.html#ipa-nis-manage">B.2.7. ipa-nis-manage</a></span></dt><dt><span class="section"><a href="server-tools.html#ipa-replica-install">B.2.8. ipa-replica-install</a></span></dt><dt><span class="section"><a href="server-tools.html#ipa-replica-manage">B.2.9. ipa-replica-manage</a></span></dt><dt><span class="section"><a href="server-tools.html#ipa-replica-prepare">B.2.10. ipa-replica-prepare</a></span></dt><dt><span class="section"><a href="server-tools.html#ipa-server-certinstall">B.2.11. ipa-server-certinstall</a></span></dt><dt><span class="section"><a href="server-tools.html#ipa-server-install">B.2.12. ipa-server-install</a></span></dt><dt><span class="section"><a href="server-tools.html#ipa-ugradeconfig">B.2.13. ipa-upgradeconfig</a></span></dt><dt><span class="section"><a href="server-tools.html#ipactl">B.2.14. ipactl</a></span></dt></dl></dd><dt><span class="section"><a href="client-tools.html">B.3. Client Scripts</a></span>
</dt><dd><dl><dt><span class="section"><a href="client-tools.html#ipa-client-install">B.3.1. ipa-client-install</a></span></dt><dt><span class="section"><a href="client-tools.html#ipa-getkeytab">B.3.2. ipa-getkeytab</a></span></dt><dt><span class="section"><a href="client-tools.html#ipa-join">B.3.3. ipa-join</a></span></dt><dt><span class="section"><a href="client-tools.html#ipa-rmkeytab">B.3.4. ipa-rmkeytab</a></span></dt></dl></dd><dt><span class="section"><a href="certmonger-tools.html">B.4. Certmonger Scripts</a></span></dt><dd><dl><dt><span class="section"><a href="certmonger-tools.html#getcert">B.4.1. getcert</a></span></dt><dt><span class="section"><a href="certmonger-tools.html#ipa-getcert">B.4.2. ipa-getcert</a></span></dt></dl></dd></dl></div><div class="para">
- XXXXX introXXXXXXXX
- </div><div class="section" id="ipa"><div class="titlepage"><div><div><h2 class="title" id="ipa">B.1. ipa</h2></div></div></div><div class="para">
- IPA uses a plugin system where the same plugin is used both for the XML-RPC server-side interface and for the command-line interface. This results in a consistent, unified interface that is easy to maintain. From the user's perspective, plugins are more or less interchangeable with commands. Most plugins implement commands used to manage IPA and its data. With the exception of two build-ins (`help` and `console`) all commands are introduced by plugins. Commands are invoked like this: ipa [global-options] COMMAND [command-parameters-that-is-options-and-arguments] A list of global options can be displayed using: ipa --help The plugins are organized by type of objects they manage. This type can also be used to get an overview of the available commands. To display all commands in a specific module, use the `help` command as follows: ipa help TOPIC Parameters available for a specific command are displayed with: ipa COMMAND --help If a list of parameter isn't enough, more infor
mation about specific commands is available through the `help` command: ipa help COMMAND Description
- </div><div class="section" id="ipa-location"><div class="titlepage"><div><div><h3 class="title" id="ipa-location">B.1.1. Location</h3></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Description
- </th><th>
- Location
- </th></tr></thead><tbody><tr><td>
- Tool directory
- </td><td>
- Location
- </td></tr><tr><td>
- Package
- </td><td>
- ipa-admintools
- </td></tr></tbody></table></div></div><div class="section" id="ipa-syntax"><div class="titlepage"><div><div><h3 class="title" id="ipa-syntax">B.1.2. Syntax</h3></div></div></div><div class="cmdsynopsis"><p><code class="command">ipa</code>
- <em class="replaceable"><code>commands</code></em>
- [
- <em class="replaceable"><code>options</code></em>
- ]</p></div></div><div class="section" id="ipa-commands"><div class="titlepage"><div><div><h3 class="title" id="ipa-commands">B.1.3. Commands</h3></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Command
- </th><th>
- Description
- </th></tr></thead><tbody><tr><td>
- automountkey-add Create a new automount key. automountkey-del Delete an automount key. automountkey-find Search for an automount key. automountkey-mod Modify an automount key. automountkey-show Display an automount key. automountlocation-add Create a new automount location. automountlocation-del Delete an automount location. automountlocation-find Search for an automount location. automountlocation-import Import automount files for a specific location. automountlocation-show Display an automount location. automountlocation-tofiles Generate automount files for a specific location. automountmap-add Create a new automount map. automountmap-add-indirect Create a new indirect mount point. automountmap-del Delete an automount map. automountmap-find Search for an automount map. automountmap-mod Modify an automount map. automountmap-show Display an automount map. cert-remove-hold Take a revoked certificate off hold. cert-request Submit a certificate signing request. cert-rev
oke Revoke a certificate. cert-show Retrieve an existing certificate. cert-status Check the status of a certificate signing request. config-mod Modify configuration options. config-show Show the current configuration. console Start the IPA interactive Python console. delegation-add Add a new delegation. delegation-del Delete a delegation. delegation-find Search for delegations. delegation-mod Modify a delegation. delegation-show Display information about a delegation. dns-resolve Resolve a host name in DNS dnsrecord-add Add new DNS resource record. dnsrecord-del Delete DNS resource record. dnsrecord-find Search for DNS resources. dnsrecord-show Display DNS resource. dnszone-add Create new DNS zone (SOA record). dnszone-del Delete DNS zone (SOA record). dnszone-disable Disable DNS Zone. dnszone-enable Enable DNS Zone. dnszone-find Search for DNS zones (SOA records). dnszone-mod Modify DNS zone (SOA record). dnszone-show Display information about a DNS zone (SOA record). entit
le-consume Consume an entitlement entitle-find Search for entitlement accounts. entitle-get Retrieve the entitlement certs entitle-import Import an entitlement certificate. entitle-register Register to the entitlement system entitle-status Display current entitlements entitle-sync Re-sync the local entitlement cache with the entitlement server env Show environment variables group-add Create a new group. group-add-member Add members to a group. group-del Delete group. group-detach Detach a managed group from a user group-find Search for groups. group-mod Modify a group. group-remove-member Remove members from a group. group-show Display information about a named group. hbacrule-add Create a new HBAC rule. hbacrule-add-host Add target hosts and hostgroups to an HBAC rule hbacrule-add-service Add services to an HBAC rule. hbacrule-add-sourcehost Add source hosts and hostgroups from a HBAC rule. hbacrule-add-user Add users and groups to an HBAC rule. hbacrule-del Delete an HBAC
rule. hbacrule-disable Disable an HBAC rule. hbacrule-enable Enable an HBAC rule. hbacrule-find Search for HBAC rules. hbacrule-mod Modify an HBAC rule. hbacrule-remove-host Remove target hosts and hostgroups from an HBAC rule. hbacrule-remove-service Remove service and service groups from an HBAC rule. hbacrule-remove-sourcehost Remove source hosts and hostgroups from an HBAC rule. hbacrule-remove-user Remove users and groups from an HBAC rule. hbacrule-show Display the properties of an HBAC rule. hbacsvc-add Add a new HBAC service. hbacsvc-del Delete an existing HBAC service. hbacsvc-find Search for HBAC services. hbacsvc-mod Modify an HBAC service. hbacsvc-show Display information about an HBAC service. hbacsvcgroup-add Add a new HBAC service group. hbacsvcgroup-add-member Add members to an HBAC service group. hbacsvcgroup-del Delete an HBAC service group. hbacsvcgroup-find Search for an HBAC service group. hbacsvcgroup-mod Modify an HBAC service group. hbacsvcgroup-remov
e-member Remove members from an HBAC service group. hbacsvcgroup-show Display information about an HBAC service group. help Display help for a command or topic. host-add Add a new host. host-add-managedby Add hosts that can manage this host. host-del Delete a host. host-disable Disable the Kerberos key, SSL certificate and all services of a host. host-find Search for hosts. host-mod Modify information about a host. host-remove-managedby Remove hosts that can manage this host. host-show Display information about a host. hostgroup-add Add a new hostgroup. hostgroup-add-member Add members to a hostgroup. hostgroup-del Delete a hostgroup. hostgroup-find Search for hostgroups. hostgroup-mod Modify a hostgroup. hostgroup-remove-member Remove members from a hostgroup. hostgroup-show Display information about a hostgroup. krbtpolicy-mod Modify Kerberos ticket policy. krbtpolicy-reset Reset Kerberos ticket policy to the default values. krbtpolicy-show Display the current Kerberos tic
ket policy. migrate-ds Migrate users and groups from DS to IPA. netgroup-add Add a new netgroup. netgroup-add-member Add members to a netgroup. netgroup-del Delete a netgroup. netgroup-find Search for a netgroup. netgroup-mod Modify a netgroup. netgroup-remove-member Remove members from a netgroup. netgroup-show Display information about a netgroup. passwd Set a user's password permission-add Add a new permission. permission-del Delete a permission. permission-find Search for permissions. permission-mod Modify a permission. permission-show Display information about a permission. ping ping a remote server plugins Show all loaded plugins privilege-add Add a new privilege. privilege-add-permission Add permissions to a privilege. privilege-del Delete a privilege. privilege-find Search for privileges. privilege-mod Modify a privilege. privilege-remove-permission Remove permissions from a privilege. privilege-show Display information about a privilege. pwpolicy-add Add a new group
password policy. pwpolicy-del Delete a group password policy. pwpolicy-find Search for group password policies. pwpolicy-mod Modify a group password policy. pwpolicy-show Display information about password policy. role-add Add a new role. role-add-member Add members to a role. role-add-privilege Add privileges to a role. role-del Delete a role. role-find Search for roles. role-mod Modify a role. role-remove-member Remove members from a role. role-remove-privilege Remove privileges from a role. role-show Display information about a role. selfservice-add Add a new self-service permission. selfservice-del Delete a self-service permission. selfservice-find Search for a self-service permission. selfservice-mod Modify a self-service permission. selfservice-show Display information about a self-service permission. service-add Add a new IPA new service. service-add-host Add hosts that can manage this service. service-del Delete an IPA service. service-disable Disable the Kerberos k
ey and SSL certificate of a service. service-find Search for IPA services. service-mod Modify an existing IPA service. service-remove-host Remove hosts that can manage this service. service-show Display information about an IPA service. show-mappings ipalib.cli.show_mappings sudocmd-add Create new sudo command. sudocmd-del Delete sudo command. sudocmd-find Search for commands. sudocmd-mod Modify command. sudocmd-show Display sudo command. sudocmdgroup-add Create new sudo command group. sudocmdgroup-add-member Add members to sudo command group. sudocmdgroup-del Delete sudo command group. sudocmdgroup-find Search for sudo command groups. sudocmdgroup-mod Modify group. sudocmdgroup-remove-member Remove members from sudo command group. sudocmdgroup-show Display sudo command group. sudorule-add Create new Sudo Rule. sudorule-add-allow-command Add commands and sudo command groups affected by Sudo Rule. sudorule-add-deny-command Add commands and sudo command groups affected by Sudo
Rule. sudorule-add-host Add hosts and hostgroups affected by Sudo Rule. sudorule-add-option Add an option to the Sudo rule. sudorule-add-runasgroup Add group for Sudo to execute as. sudorule-add-runasuser Add user for Sudo to execute as. sudorule-add-user Add users and groups affected by Sudo Rule. sudorule-del Delete Sudo Rule. sudorule-disable Disable a Sudo rule. sudorule-enable Enable a Sudo rule. sudorule-find Search for Sudo Rule. sudorule-mod Modify Sudo Rule. sudorule-remove-allow-command Remove commands and sudo command groups affected by Sudo Rule. sudorule-remove-deny-command Remove commands and sudo command groups affected by Sudo Rule. sudorule-remove-host Remove hosts and hostgroups affected by Sudo Rule. sudorule-remove-option Remove an option from Sudo rule. sudorule-remove-runasgroup Remove group for Sudo to execute as. sudorule-remove-runasuser Remove user for Sudo to execute as. sudorule-remove-user Remove users and groups affected by Sudo Rule. sudorule-
show Dispaly Sudo Rule. user-add Add a new user. user-del Delete a user. user-disable Disable a user account. user-enable Enable a user account. user-find Search for users. user-mod Modify a user. user-show Display information about a user. user-unlock Unlock a user account
- </td><td>
- Location
- </td></tr></tbody></table></div></div><div class="section" id="ipa-options"><div class="titlepage"><div><div><h3 class="title" id="ipa-options">B.1.4. Options</h3></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Parameter
- </th><th>
- Description
- </th></tr></thead><tbody><tr><td>
- -h, --help show this help message and exit -e KEY=VAL Set environment variable KEY to VAL -c FILE Load configuration from FILE -d, --debug Produce full debuging output -v, --verbose Produce more verbose output. A second -v displays the XML-RPC request -a, --prompt-all Prompt for ALL values (even if optional) -n, --no-prompt Prompt for NO values (even if required) -f, --no-fallback Only use the server configured in /etc/ipa/default.conf
- </td><td>
- Location
- </td></tr></tbody></table></div><div class="para">
- help topics: automount Automount cert IPA certificate operations config Manage the IPA configuration delegation Group to Group Delegation dns Domain Name System (DNS) entitle Entitlements group Groups of users hbac Host-based access control commands host Hosts/Machines hostgroup Groups of hosts. krbtpolicy Kerberos ticket policy migration Migration to IPA misc Misc plug-ins netgroup Netgroups passwd Set a user's password permission Permissions ping Ping the remote IPA server privilege Privileges pwpolicy Password policy role Roles selfservice Self-service Permissions service Services sudo commands for controlling sudo configuration user Users
- </div></div><div class="section" id="ipa-command-automount"><div class="titlepage"><div><div><h3 class="title" id="ipa-command-automount">B.1.5. ipa automountlocation*</h3></div></div></div><div class="para">
- info
- </div><div class="section" id="ipa-automount-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-automount-syntax">B.1.5.1. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">ipa</code>
- <em class="replaceable"><code>commands</code></em>
- [
- <em class="replaceable"><code>options</code></em>
- ]</p></div></div><div class="section" id="ipa-automount-commands"><div class="titlepage"><div><div><h4 class="title" id="ipa-automount-commands">B.1.5.2. Commands</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Command
- </th><th>
- Description
- </th></tr></thead><tbody><tr><td>
- automountkey-add Create a new automount key. automountkey-del Delete an automount key. automountkey-find Search for an automount key. automountkey-mod Modify an automount key. automountkey-show Display an automount key. automountlocation-add Create a new automount location. automountlocation-del Delete an automount location. automountlocation-find Search for an automount location. automountlocation-import Import automount files for a specific location. automountlocation-show Display an automount location. automountlocation-tofiles Generate automount files for a specific location. automountmap-add Create a new automount map. automountmap-add-indirect Create a new indirect mount point. automountmap-del Delete an automount map. automountmap-find Search for an automount map. automountmap-mod Modify an automount map. automountmap-show Display an automount map.
- </td><td>
- Location
- </td></tr></tbody></table></div></div><div class="section" id="ipa-automount-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-automount-options">B.1.5.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Parameter
- </th><th>
- Description
- </th></tr></thead><tbody><tr><td>
- -h, --help show this help message and exit -e KEY=VAL Set environment variable KEY to VAL -c FILE Load configuration from FILE -d, --debug Produce full debuging output -v, --verbose Produce more verbose output. A second -v displays the XML-RPC request -a, --prompt-all Prompt for ALL values (even if optional) -n, --no-prompt Prompt for NO values (even if required) -f, --no-fallback Only use the server configured in /etc/ipa/default.conf
- </td><td>
- Location
- </td></tr></tbody></table></div></div></div><div class="section" id="ipa-command-automountmap"><div class="titlepage"><div><div><h3 class="title" id="ipa-command-automountmap">B.1.6. ipa automountmap*</h3></div></div></div><div class="para">
- info
- </div><div class="section" id="ipa-automountmap-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-automountmap-syntax">B.1.6.1. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">ipa</code>
- <em class="replaceable"><code>commands</code></em>
- [
- <em class="replaceable"><code>options</code></em>
- ]</p></div></div><div class="section" id="ipa-automountmap-commands"><div class="titlepage"><div><div><h4 class="title" id="ipa-automountmap-commands">B.1.6.2. Commands</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Command
- </th><th>
- Description
- </th></tr></thead><tbody><tr><td>
- automountkey-add Create a new automount key. automountkey-del Delete an automount key. automountkey-find Search for an automount key. automountkey-mod Modify an automount key. automountkey-show Display an automount key. automountlocation-add Create a new automount location. automountlocation-del Delete an automount location. automountlocation-find Search for an automount location. automountlocation-import Import automount files for a specific location. automountlocation-show Display an automount location. automountlocation-tofiles Generate automount files for a specific location. automountmap-add Create a new automount map. automountmap-add-indirect Create a new indirect mount point. automountmap-del Delete an automount map. automountmap-find Search for an automount map. automountmap-mod Modify an automount map. automountmap-show Display an automount map.
- </td><td>
- Location
- </td></tr></tbody></table></div></div><div class="section" id="ipa-automountmap-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-automountmap-options">B.1.6.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Parameter
- </th><th>
- Description
- </th></tr></thead><tbody><tr><td>
- -h, --help show this help message and exit -e KEY=VAL Set environment variable KEY to VAL -c FILE Load configuration from FILE -d, --debug Produce full debuging output -v, --verbose Produce more verbose output. A second -v displays the XML-RPC request -a, --prompt-all Prompt for ALL values (even if optional) -n, --no-prompt Prompt for NO values (even if required) -f, --no-fallback Only use the server configured in /etc/ipa/default.conf
- </td><td>
- Location
- </td></tr></tbody></table></div></div></div><div class="section" id="ipa-command-automountkey"><div class="titlepage"><div><div><h3 class="title" id="ipa-command-automountkey">B.1.7. ipa automountkey*</h3></div></div></div><div class="para">
- info
- </div><div class="section" id="ipa-automountkey-syntax"><div class="titlepage"><div><div><h4 class="title" id="ipa-automountkey-syntax">B.1.7.1. Syntax</h4></div></div></div><div class="cmdsynopsis"><p><code class="command">ipa</code>
- <em class="replaceable"><code>commands</code></em>
- [
- <em class="replaceable"><code>options</code></em>
- ]</p></div></div><div class="section" id="ipa-automountkey-commands"><div class="titlepage"><div><div><h4 class="title" id="ipa-automountkey-commands">B.1.7.2. Commands</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Command
- </th><th>
- Description
- </th></tr></thead><tbody><tr><td>
- automountkey-add Create a new automount key. automountkey-del Delete an automount key. automountkey-find Search for an automount key. automountkey-mod Modify an automount key. automountkey-show Display an automount key. automountlocation-add Create a new automount location. automountlocation-del Delete an automount location. automountlocation-find Search for an automount location. automountlocation-import Import automount files for a specific location. automountlocation-show Display an automount location. automountlocation-tofiles Generate automount files for a specific location. automountmap-add Create a new automount map. automountmap-add-indirect Create a new indirect mount point. automountmap-del Delete an automount map. automountmap-find Search for an automount map. automountmap-mod Modify an automount map. automountmap-show Display an automount map.
- </td><td>
- Location
- </td></tr></tbody></table></div></div><div class="section" id="ipa-automountkey-options"><div class="titlepage"><div><div><h4 class="title" id="ipa-automountkey-options">B.1.7.3. Options</h4></div></div></div><div class="informaltable"><table border="1"><colgroup><col width="50%" /><col width="50%" /></colgroup><thead><tr><th>
- Parameter
- </th><th>
- Description
- </th></tr></thead><tbody><tr><td>
- -h, --help show this help message and exit -e KEY=VAL Set environment variable KEY to VAL -c FILE Load configuration from FILE -d, --debug Produce full debuging output -v, --verbose Produce more verbose output. A second -v displays the XML-RPC request -a, --prompt-all Prompt for ALL values (even if optional) -n, --no-prompt Prompt for NO values (even if required) -f, --no-fallback Only use the server configured in /etc/ipa/default.conf
- </td><td>
- Location
- </td></tr></tbody></table></div></div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html"><strong>Prev</strong>Appendix A. Frequently Asked Questions</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="server-tools.html"><strong>Next</strong>B.2. Server Scripts</a></li></ul></body></html>
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="prev" href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html" title="Appendix A. Frequently Asked Questions" /><link rel="next" href="server-tools.html" title="B.2. Server Scripts" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Enterprise_Identity_Mana
gement_Guide-Frequently_Asked_Questions.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="server-tools.html"><strong>Next</strong></a></li></ul><div xml:lang="en-US" class="appendix" id="tools-reference" lang="en-US"><div class="titlepage"><div><div><h1 class="title">FreeIPA Tools Reference</h1></div></div></div><div class="toc"><dl><dt><span class="section"><a href="tools-reference.html#special-chars">B.1. Using Special Characters</a></span></dt><dt><span class="section"><a href="server-tools.html">B.2. Server Scripts</a></span></dt><dd><dl><dt><span class="section"><a href="server-tools.html#ipa-replica-install">B.2.1. ipa-replica-install</a></span></dt><dt><span class="section"><a href="server-tools.html#ipa-replica-prepare">B.2.2. ipa-replica-prepare</a></span></dt><dt><span class="section"><a href="server-tools.html#ipa-server-install">B.2.3. ipa-server-install</a></span></dt></dl></dd><dt><span class="section"><a href="client-tools.html">B.3.
Client Scripts</a></span></dt><dd><dl><dt><span class="section"><a href="client-tools.html#ipa-client-install">B.3.1. ipa-client-install</a></span></dt></dl></dd></dl></div><div class="section" id="special-chars"><div class="titlepage"><div><div><h2 class="title" id="special-chars">B.1. Using Special Characters</h2></div></div></div><div class="para">
+ The FreeIPA command-line tools are run as any other utilities in a shell. If there are special characters in the command — such as angle brackets (> and <), ampersands (&), asterisks (*), and pipes (|) — the characters must be escaped. Otherwise, the command fails because the shell cannot properly parse the unescaped characters.
+ </div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="chap-Enterprise_Identity_Management_Guide-Frequently_Asked_Questions.html"><strong>Prev</strong>Appendix A. Frequently Asked Questions</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="server-tools.html"><strong>Next</strong>B.2. Server Scripts</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/troubleshooting-client-install.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/troubleshooting-client-install.html
new file mode 100644
index 0000000..30b1922
--- /dev/null
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/troubleshooting-client-install.html
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.8. Troubleshooting Client Installations</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+ addID('Fedora');
+
+ addID('Fedora.15');
+
+ addID('Fedora.15.books');
+ addID('Fedora.15.FreeIPA_Guide');
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="setting-up-clients.html" title="Chapter 2. Setting up Systems as FreeIPA Clients" /><link rel="prev" href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html" title="2.7. Configuring a Macintosh OS X System as a FreeIPA Client" /><link rel="next" href="uninstalling-clients.html" title="2.9. Uninstalling a FreeIPA Client" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a ac
cesskey="p" href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="uninstalling-clients.html"><strong>Next</strong></a></li></ul><div class="section" id="troubleshooting-client-install"><div class="titlepage"><div><div><h2 class="title" id="troubleshooting-client-install">2.8. Troubleshooting Client Installations</h2></div></div></div><a id="id3392430" class="indexterm"></a><a id="id3392445" class="indexterm"></a><div class="para">
+ These are some issues and workarounds for client installation problems.
+ </div><div class="formalpara"><h5 class="formalpara" id="id3392466">The client can't resolve reverse hostnames when using an external DNS.</h5>
+ While FreeIPA can host its own DNS server as part of the domain services, it can also use external DNS name server. However, because of some of the limitations of reverse DNS, there can be problems with resolving reverse lookups if the external DNS is listed in the client's <code class="filename">/etc/resolv.conf</code> file or if there are other resources on the network with SRV records, like Active Directory.
+ </div><div class="para">
+ The problem is that the external DNS name server returns the wrong hostname for the FreeIPA server.
+ </div><a id="id3283175" class="indexterm"></a><a id="id3283187" class="indexterm"></a><div class="para">
+ One way this exhibits is errors with finding the FreeIPA server in the Kerberos database:
+ </div><pre class="screen">Jun 30 11:11:48 server1 krb5kdc[1279](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.60.135: NEEDED_PREAUTH: admin EXAMPLE COM for krbtgt/EXAMPLE COM EXAMPLE COM, Additional pre-authentication required
+Jun 30 11:11:48 server1 krb5kdc[1279](info): AS_REQ (4 etypes {18 17 16 23}) 192.168.60.135: ISSUE: authtime 1309425108, etypes {rep=18 tkt=18 ses=18}, admin EXAMPLE COM for krbtgt/EXAMPLE COM EXAMPLE COM
+Jun 30 11:11:49 server1 krb5kdc[1279](info): TGS_REQ (4 etypes {18 17 16 23}) 192.168.60.135: UNKNOWN_SERVER: authtime 0, admin EXAMPLE COM for HTTP/server1.wrong.example.com at EXAMPLE.COM, Server not found in Kerberos database</pre><div class="para">
+ There are several ways to work around this issue:
+ </div><div class="itemizedlist"><ul><li class="listitem"><div class="para">
+ Edit the <code class="filename">/etc/resolv.conf</code> file to remove the external DNS name server references.
+ </div></li><li class="listitem"><div class="para">
+ Add reverse lookup records for each FreeIPA server.
+ </div></li><li class="listitem"><div class="para">
+ Give the FreeIPA client or domain a subnet and forward all requests for that subnet.
+ </div></li></ul></div><div class="formalpara"><h5 class="formalpara" id="id3283258">A ticket is not being generated by Kerberos on Windows</h5><a id="id3283266" class="indexterm"></a><a id="id3072011" class="indexterm"></a><a id="id3072024" class="indexterm"></a>
+ Windows can use multiple ticket caches with MIT Kerberos. This can create odd scenarios, where it is possible to authenticate against FreeIPA's domain in the command line, but not to open the web UI.
+ </div><div class="para">
+ MIT Kerberos for Windows provides some debugging tools which can be used to troubleshoot Windows Kerberos problems, available at <a href="http://web.mit.edu/Kerberos/dist/index.html#kfw-3.2">http://web.mit.edu/Kerberos/dist/index.html#kfw-3.2</a>.
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html"><strong>Prev</strong>2.7. Configuring a Macintosh OS X System as a Fre...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="uninstalling-clients.html"><strong>Next</strong>2.9. Uninstalling a FreeIPA Client</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/uninstalling-clients.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/uninstalling-clients.html
index a0e18ab..e9f0c20 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/uninstalling-clients.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/uninstalling-clients.html
@@ -1,14 +1,14 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.8. Uninstalling a FreeIPA Client</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>2.9. Uninstalling a FreeIPA Client</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="setting-up-clients.html" title="Chapter 2. Setting up Systems as FreeIPA Clients" /><link rel="prev" href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html" title="2.7. Configuring a Macintosh OS X System as a FreeIPA Client" /><link rel="next" href="basic-usage.html" title="Chapter 3. Basic Usage" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="Co
nfiguring_an_IPA_Client_on_Macintosh_OS_X.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="basic-usage.html"><strong>Next</strong></a></li></ul><div class="section" id="uninstalling-clients"><div class="titlepage"><div><div><h2 class="title" id="uninstalling-clients">2.8. Uninstalling a FreeIPA Client</h2></div></div></div><div class="para">
- For Fedora clients, the <code class="command">ipa-client-install</code> utility can be used to uninstall the client and remove it from the FreeIPA domaine. To remove the client, use the <code class="option">--uninstall</code> option.
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="setting-up-clients.html" title="Chapter 2. Setting up Systems as FreeIPA Clients" /><link rel="prev" href="troubleshooting-client-install.html" title="2.8. Troubleshooting Client Installations" /><link rel="next" href="basic-usage.html" title="Chapter 3. Basic Usage" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="troubleshooting-client-install.htm
l"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="basic-usage.html"><strong>Next</strong></a></li></ul><div class="section" id="uninstalling-clients"><div class="titlepage"><div><div><h2 class="title" id="uninstalling-clients">2.9. Uninstalling a FreeIPA Client</h2></div></div></div><a id="id3072067" class="indexterm"></a><a id="id3072078" class="indexterm"></a><div class="para">
+ For Fedora clients, the <code class="command">ipa-client-install</code> utility can be used to uninstall the client and remove it from the FreeIPA domain. To remove the client, use the <code class="option">--uninstall</code> option.
</div><pre class="programlisting"><span class="perl_Comment"># ipa-client-install --uninstall</span></pre><div class="note"><div class="admonition_header"><h2>NOTE</h2></div><div class="admonition"><div class="para">
There is an uninstall option with the <code class="command">ipa-join</code> command. This is called by <code class="command">ipa-client-install --uninstall</code> as part of the uninstallation process. However, while the <code class="command">ipa-join</code> option removes the client from the domain, it does not actually uninstall the client or properly remove all of the FreeIPA-related configuration. Do not run <code class="command">ipa-join -u</code> to attempt to uninstall the FreeIPA client. The only way to uninstall a client completely is to use <code class="command">ipa-client-install --uninstall</code>.
- </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="Configuring_an_IPA_Client_on_Macintosh_OS_X.html"><strong>Prev</strong>2.7. Configuring a Macintosh OS X System as a Fre...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="basic-usage.html"><strong>Next</strong>Chapter 3. Basic Usage</a></li></ul></body></html>
+ </div></div></div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="troubleshooting-client-install.html"><strong>Prev</strong>2.8. Troubleshooting Client Installations</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="basic-usage.html"><strong>Next</strong>Chapter 3. Basic Usage</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/upgrading-server.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/upgrading-server.html
index a1e6b31..2db02d8 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/upgrading-server.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/upgrading-server.html
@@ -1,13 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.9. Testing Before Upgrading the FreeIPA Server</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>13.10. Testing Before Upgrading the FreeIPA Server</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
addID('Fedora.15.books');
addID('Fedora.15.FreeIPA_Guide');
- </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 13. Configuring the FreeIPA Server" /><link rel="prev" href="promoting-replica.html" title="13.8. Promoting a Read-Only Replica to a FreeIPA Server" /><link rel="next" href="managing-clients.html" title="Chapter 14. Managing Client Machines in the FreeIPA Domain" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pro
moting-replica.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="managing-clients.html"><strong>Next</strong></a></li></ul><div class="section" id="upgrading-server"><div class="titlepage"><div><div><h2 class="title" id="upgrading-server">13.9. Testing Before Upgrading the FreeIPA Server</h2></div></div></div><div class="para">
+ </script><link rel="home" href="index.html" title="FreeIPA: Identity/Policy Management" /><link rel="up" href="server-config.html" title="Chapter 13. Configuring the FreeIPA Server" /><link rel="prev" href="promoting-replica.html" title="13.9. Promoting a Read-Only Replica to a FreeIPA Server" /><link rel="next" href="managing-clients.html" title="Chapter 14. Managing Client Machines in the FreeIPA Domain" /></head><body class="toc_embeded "><div id="tocdiv" class="toc"><iframe id="tocframe" class="toc" src="../../../../toc.html">This is an iframe, to view it upgrade your browser or enable iframe display.</iframe></div><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site" /></a><a class="right" href="http://docs.fedoraproject.org"><img src="Common_Content/images/image_right.png" alt="Documentation Site" /></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="pro
moting-replica.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="managing-clients.html"><strong>Next</strong></a></li></ul><div class="section" id="upgrading-server"><div class="titlepage"><div><div><h2 class="title" id="upgrading-server">13.10. Testing Before Upgrading the FreeIPA Server</h2></div></div></div><div class="para">
It can be beneficial, and safer, to test newer versions of FreeIPA before upgrading production systems. There is a relatively simple way to do this, by creating a sacrifical replica (which is a read-write server) and testing on that system.
</div><div class="orderedlist"><ol><li class="listitem"><div class="para">
Set up a replica based on one of the production servers, with the same version of FreeIPA as is running in production, as described in <a class="xref" href="Setting_up_IPA_Replicas.html">Section 1.4, “Setting up FreeIPA Replicas”</a>. For this example, this is called Test Replica. Make sure that Test Replica can successfully connect to the <span class="emphasis"><em>production</em></span> server and domain.
@@ -23,4 +23,4 @@
Test common things on Test Replica, like getting Kerberos credentials, opening the server UI, and running commands.
</div></li></ol></div><div class="para">
If the update affects the <span class="package">ds-replication</span> package or features which are used for replication between servers and replicas, then create two test replicas which communicate with each other (such as, make a test replica off a production server and then a replica off the test replica). Make sure that the two replicas can communicate with each other before and after updating the FreeIPA packages.
- </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="promoting-replica.html"><strong>Prev</strong>13.8. Promoting a Read-Only Replica to a FreeIPA ...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="managing-clients.html"><strong>Next</strong>Chapter 14. Managing Client Machines in the FreeI...</a></li></ul></body></html>
+ </div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="promoting-replica.html"><strong>Prev</strong>13.9. Promoting a Read-Only Replica to a FreeIPA ...</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="managing-clients.html"><strong>Next</strong>Chapter 14. Managing Client Machines in the FreeI...</a></li></ul></body></html>
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/user-groups.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/user-groups.html
index 9de1e1c..06d00fb 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/user-groups.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/user-groups.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.8. Creating User Groups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.8. Creating User Groups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/user-pwdpolicy.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/user-pwdpolicy.html
index 25a5359..38aa71f 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/user-pwdpolicy.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/user-pwdpolicy.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.9. Setting an Individual Password Policy</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>4.9. Setting an Individual Password Policy</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/users.html b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/users.html
index 45d7941..7336f40 100644
--- a/public_html/en-US/Fedora/15/html/FreeIPA_Guide/users.html
+++ b/public_html/en-US/Fedora/15/html/FreeIPA_Guide/users.html
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 4. Identity: Managing Users and User Groups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-0.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Chapter 4. Identity: Managing Users and User Groups</title><link rel="stylesheet" href="Common_Content/css/default.css" type="text/css" /><link rel="stylesheet" media="print" href="Common_Content/css/print.css" type="text/css" /><meta name="generator" content="publican 2.5" /><meta name="package" content="Fedora-FreeIPA_Guide-15-en-US-2.1-0.0.8" /><script type="text/javascript" src="../../../../../toc.js"></script><script type="text/javascript">
addID('Fedora');
addID('Fedora.15');
diff --git a/public_html/en-US/Fedora/15/pdf/FreeIPA_Guide/Fedora-15-FreeIPA_Guide-en-US.pdf b/public_html/en-US/Fedora/15/pdf/FreeIPA_Guide/Fedora-15-FreeIPA_Guide-en-US.pdf
index f815b9d..9a7e924 100644
Binary files a/public_html/en-US/Fedora/15/pdf/FreeIPA_Guide/Fedora-15-FreeIPA_Guide-en-US.pdf and b/public_html/en-US/Fedora/15/pdf/FreeIPA_Guide/Fedora-15-FreeIPA_Guide-en-US.pdf differ
diff --git a/public_html/en-US/opds-Fedora.xml b/public_html/en-US/opds-Fedora.xml
index 62ccaec..b547112 100644
--- a/public_html/en-US/opds-Fedora.xml
+++ b/public_html/en-US/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/en-US/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:22</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>en-US</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/en-US/opds-Fedora_Contributor_Documentation.xml b/public_html/en-US/opds-Fedora_Contributor_Documentation.xml
index 54b6b02..1bb324d 100644
--- a/public_html/en-US/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/en-US/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/en-US/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:22</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/en-US/opds-Fedora_Core.xml b/public_html/en-US/opds-Fedora_Core.xml
index 42c1220..6ec1b82 100644
--- a/public_html/en-US/opds-Fedora_Core.xml
+++ b/public_html/en-US/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/en-US/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/en-US/opds-Fedora_Draft_Documentation.xml b/public_html/en-US/opds-Fedora_Draft_Documentation.xml
index ea6d96e..fedc508 100644
--- a/public_html/en-US/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/en-US/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/en-US/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:23</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/en-US/opds.xml b/public_html/en-US/opds.xml
index be61767..37294eb 100644
--- a/public_html/en-US/opds.xml
+++ b/public_html/en-US/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/en-US/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:23</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/en-US/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:22</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:22</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:23</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:23</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/es-ES/opds-Fedora.xml b/public_html/es-ES/opds-Fedora.xml
index 6dd44ba..bdb24f9 100644
--- a/public_html/es-ES/opds-Fedora.xml
+++ b/public_html/es-ES/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:24</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>es-ES</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/es-ES/opds-Fedora_15.xml b/public_html/es-ES/opds-Fedora_15.xml
index d2d6418..63a964f 100644
--- a/public_html/es-ES/opds-Fedora_15.xml
+++ b/public_html/es-ES/opds-Fedora_15.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Fedora_15.xml</id>
<title>Fedora 15</title>
<subtitle>Fedora 15</subtitle>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/es-ES/opds-Fedora_Contributor_Documentation.xml b/public_html/es-ES/opds-Fedora_Contributor_Documentation.xml
index a93f6d0..6cadac1 100644
--- a/public_html/es-ES/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/es-ES/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/es-ES/opds-Fedora_Core.xml b/public_html/es-ES/opds-Fedora_Core.xml
index e9ded5b..1c9521f 100644
--- a/public_html/es-ES/opds-Fedora_Core.xml
+++ b/public_html/es-ES/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/es-ES/opds-Fedora_Draft_Documentation.xml b/public_html/es-ES/opds-Fedora_Draft_Documentation.xml
index 366eddb..123e41f 100644
--- a/public_html/es-ES/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/es-ES/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/es-ES/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/es-ES/opds.xml b/public_html/es-ES/opds.xml
index a2c141e..6757350 100644
--- a/public_html/es-ES/opds.xml
+++ b/public_html/es-ES/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/es-ES/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:25</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/es-ES/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:25</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora 15</title>
<id>http://docs.fedoraproject.org/es-ES/Fedora_15/opds-Fedora_15.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:25</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_15.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/es-ES/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:25</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/es-ES/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:25</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -47,7 +47,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/es-ES/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:25</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/fa-IR/opds-Fedora.xml b/public_html/fa-IR/opds-Fedora.xml
index 284ad73..d8efdbe 100644
--- a/public_html/fa-IR/opds-Fedora.xml
+++ b/public_html/fa-IR/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fa-IR/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:25</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>fa-IR</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/fa-IR/opds-Fedora_Contributor_Documentation.xml b/public_html/fa-IR/opds-Fedora_Contributor_Documentation.xml
index 61511b2..172e764 100644
--- a/public_html/fa-IR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/fa-IR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fa-IR/opds-Fedora_Contributor_Documentation.xml</id>
<title>مستندات مشارکت کننده فدورا</title>
<subtitle>مستندات مشارکت کننده فدورا</subtitle>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fa-IR/opds-Fedora_Core.xml b/public_html/fa-IR/opds-Fedora_Core.xml
index 15a9181..54977ec 100644
--- a/public_html/fa-IR/opds-Fedora_Core.xml
+++ b/public_html/fa-IR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fa-IR/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fa-IR/opds-Fedora_Draft_Documentation.xml b/public_html/fa-IR/opds-Fedora_Draft_Documentation.xml
index b10bb85..0a35054 100644
--- a/public_html/fa-IR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/fa-IR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fa-IR/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:25</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fa-IR/opds.xml b/public_html/fa-IR/opds.xml
index 35af9a4..56c6fe4 100644
--- a/public_html/fa-IR/opds.xml
+++ b/public_html/fa-IR/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/fa-IR/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:25</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/fa-IR/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:25</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>مستندات مشارکت کننده فدورا</title>
<id>http://docs.fedoraproject.org/fa-IR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:25</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/fa-IR/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:25</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/fa-IR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:25</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/fi-FI/opds-Fedora.xml b/public_html/fi-FI/opds-Fedora.xml
index 7d6cc5d..f4cd113 100644
--- a/public_html/fi-FI/opds-Fedora.xml
+++ b/public_html/fi-FI/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fi-FI/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:26</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>fi-FI</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/fi-FI/opds-Fedora_Contributor_Documentation.xml b/public_html/fi-FI/opds-Fedora_Contributor_Documentation.xml
index cd0bbf5..5df6a42 100644
--- a/public_html/fi-FI/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/fi-FI/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fi-FI/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fi-FI/opds-Fedora_Core.xml b/public_html/fi-FI/opds-Fedora_Core.xml
index d7ce127..ae1f434 100644
--- a/public_html/fi-FI/opds-Fedora_Core.xml
+++ b/public_html/fi-FI/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fi-FI/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fi-FI/opds-Fedora_Draft_Documentation.xml b/public_html/fi-FI/opds-Fedora_Draft_Documentation.xml
index 0c18246..53af4fc 100644
--- a/public_html/fi-FI/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/fi-FI/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fi-FI/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:26</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fi-FI/opds.xml b/public_html/fi-FI/opds.xml
index 18211f4..b99ef90 100644
--- a/public_html/fi-FI/opds.xml
+++ b/public_html/fi-FI/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/fi-FI/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:26</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/fi-FI/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:26</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/fi-FI/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:26</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/fi-FI/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:26</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/fi-FI/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:26</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/fr-FR/opds-Fedora.xml b/public_html/fr-FR/opds-Fedora.xml
index ab01c73..1066869 100644
--- a/public_html/fr-FR/opds-Fedora.xml
+++ b/public_html/fr-FR/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fr-FR/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:27</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>fr-FR</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/fr-FR/opds-Fedora_Contributor_Documentation.xml b/public_html/fr-FR/opds-Fedora_Contributor_Documentation.xml
index a3375cb..0c2d364 100644
--- a/public_html/fr-FR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/fr-FR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fr-FR/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fr-FR/opds-Fedora_Core.xml b/public_html/fr-FR/opds-Fedora_Core.xml
index 1e0d8f2..b5ba040 100644
--- a/public_html/fr-FR/opds-Fedora_Core.xml
+++ b/public_html/fr-FR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fr-FR/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fr-FR/opds-Fedora_Draft_Documentation.xml b/public_html/fr-FR/opds-Fedora_Draft_Documentation.xml
index 4b15653..a040b25 100644
--- a/public_html/fr-FR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/fr-FR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/fr-FR/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/fr-FR/opds.xml b/public_html/fr-FR/opds.xml
index 40a1737..8c83699 100644
--- a/public_html/fr-FR/opds.xml
+++ b/public_html/fr-FR/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/fr-FR/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:27</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/fr-FR/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:27</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/fr-FR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:27</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/fr-FR/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:27</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/fr-FR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:27</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/gu-IN/opds-Fedora.xml b/public_html/gu-IN/opds-Fedora.xml
index 6cc0bd2..fc2507e 100644
--- a/public_html/gu-IN/opds-Fedora.xml
+++ b/public_html/gu-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/gu-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:27</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>gu-IN</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/gu-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/gu-IN/opds-Fedora_Contributor_Documentation.xml
index c8483c4..459048c 100644
--- a/public_html/gu-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/gu-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/gu-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:27</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/gu-IN/opds-Fedora_Core.xml b/public_html/gu-IN/opds-Fedora_Core.xml
index 81d4f6e..07e1bcd 100644
--- a/public_html/gu-IN/opds-Fedora_Core.xml
+++ b/public_html/gu-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/gu-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/gu-IN/opds-Fedora_Draft_Documentation.xml b/public_html/gu-IN/opds-Fedora_Draft_Documentation.xml
index a283a6b..d77e517 100644
--- a/public_html/gu-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/gu-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/gu-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/gu-IN/opds.xml b/public_html/gu-IN/opds.xml
index 014a525..b2af2ba 100644
--- a/public_html/gu-IN/opds.xml
+++ b/public_html/gu-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/gu-IN/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:28</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/gu-IN/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:27</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/gu-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:28</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/gu-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:28</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/gu-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:28</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/he-IL/opds-Fedora.xml b/public_html/he-IL/opds-Fedora.xml
index 9e69fa0..8c5e720 100644
--- a/public_html/he-IL/opds-Fedora.xml
+++ b/public_html/he-IL/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/he-IL/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:28</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>he-IL</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/he-IL/opds-Fedora_Contributor_Documentation.xml b/public_html/he-IL/opds-Fedora_Contributor_Documentation.xml
index e485823..6fdb530 100644
--- a/public_html/he-IL/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/he-IL/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/he-IL/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/he-IL/opds-Fedora_Core.xml b/public_html/he-IL/opds-Fedora_Core.xml
index 99da1e7..01f46f4 100644
--- a/public_html/he-IL/opds-Fedora_Core.xml
+++ b/public_html/he-IL/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/he-IL/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/he-IL/opds-Fedora_Draft_Documentation.xml b/public_html/he-IL/opds-Fedora_Draft_Documentation.xml
index 21c0368..ba58fe8 100644
--- a/public_html/he-IL/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/he-IL/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/he-IL/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/he-IL/opds.xml b/public_html/he-IL/opds.xml
index 4d2cca2..c6e4d12 100644
--- a/public_html/he-IL/opds.xml
+++ b/public_html/he-IL/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/he-IL/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:28</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/he-IL/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:28</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/he-IL/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:28</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/he-IL/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:28</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/he-IL/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:28</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/hi-IN/opds-Fedora.xml b/public_html/hi-IN/opds-Fedora.xml
index 5d65e8c..49e8d57 100644
--- a/public_html/hi-IN/opds-Fedora.xml
+++ b/public_html/hi-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hi-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:28</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>hi-IN</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/hi-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/hi-IN/opds-Fedora_Contributor_Documentation.xml
index 63da469..9cc90d8 100644
--- a/public_html/hi-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/hi-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hi-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hi-IN/opds-Fedora_Core.xml b/public_html/hi-IN/opds-Fedora_Core.xml
index de3a438..4c1f7ff 100644
--- a/public_html/hi-IN/opds-Fedora_Core.xml
+++ b/public_html/hi-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hi-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hi-IN/opds-Fedora_Draft_Documentation.xml b/public_html/hi-IN/opds-Fedora_Draft_Documentation.xml
index 3fd93bb..9cb75d2 100644
--- a/public_html/hi-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/hi-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hi-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:28</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hi-IN/opds.xml b/public_html/hi-IN/opds.xml
index bc57019..c1a88be 100644
--- a/public_html/hi-IN/opds.xml
+++ b/public_html/hi-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/hi-IN/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:28</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/hi-IN/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:28</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/hi-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:28</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/hi-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:28</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/hi-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:28</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/hu-HU/opds-Fedora.xml b/public_html/hu-HU/opds-Fedora.xml
index 4805847..c03f496 100644
--- a/public_html/hu-HU/opds-Fedora.xml
+++ b/public_html/hu-HU/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hu-HU/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:29</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>hu-HU</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/hu-HU/opds-Fedora_Contributor_Documentation.xml b/public_html/hu-HU/opds-Fedora_Contributor_Documentation.xml
index 7ff42b5..f531f4b 100644
--- a/public_html/hu-HU/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/hu-HU/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hu-HU/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hu-HU/opds-Fedora_Core.xml b/public_html/hu-HU/opds-Fedora_Core.xml
index dbe24ee..cc7709c 100644
--- a/public_html/hu-HU/opds-Fedora_Core.xml
+++ b/public_html/hu-HU/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hu-HU/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hu-HU/opds-Fedora_Draft_Documentation.xml b/public_html/hu-HU/opds-Fedora_Draft_Documentation.xml
index e313a05..61aaafa 100644
--- a/public_html/hu-HU/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/hu-HU/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/hu-HU/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/hu-HU/opds.xml b/public_html/hu-HU/opds.xml
index 3f2d2ed..04caede 100644
--- a/public_html/hu-HU/opds.xml
+++ b/public_html/hu-HU/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/hu-HU/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:29</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/hu-HU/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:29</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/hu-HU/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:29</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/hu-HU/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:29</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/hu-HU/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:29</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/id-ID/opds-Fedora.xml b/public_html/id-ID/opds-Fedora.xml
index 38701cc..ca0d7a9 100644
--- a/public_html/id-ID/opds-Fedora.xml
+++ b/public_html/id-ID/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/id-ID/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:29</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>id-ID</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/id-ID/opds-Fedora_Contributor_Documentation.xml b/public_html/id-ID/opds-Fedora_Contributor_Documentation.xml
index 7271860..3641a6b 100644
--- a/public_html/id-ID/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/id-ID/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/id-ID/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/id-ID/opds-Fedora_Core.xml b/public_html/id-ID/opds-Fedora_Core.xml
index 1729e8f..d87616d 100644
--- a/public_html/id-ID/opds-Fedora_Core.xml
+++ b/public_html/id-ID/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/id-ID/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/id-ID/opds-Fedora_Draft_Documentation.xml b/public_html/id-ID/opds-Fedora_Draft_Documentation.xml
index 64c0264..bbb11ab 100644
--- a/public_html/id-ID/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/id-ID/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/id-ID/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:29</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/id-ID/opds.xml b/public_html/id-ID/opds.xml
index a1a7d3d..3d2d682 100644
--- a/public_html/id-ID/opds.xml
+++ b/public_html/id-ID/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/id-ID/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:29</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/id-ID/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:29</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/id-ID/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:29</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/id-ID/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:29</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/id-ID/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:29</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/it-IT/opds-Fedora.xml b/public_html/it-IT/opds-Fedora.xml
index 62ca08e..1969cfb 100644
--- a/public_html/it-IT/opds-Fedora.xml
+++ b/public_html/it-IT/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/it-IT/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:33</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>it-IT</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/it-IT/opds-Fedora_Contributor_Documentation.xml b/public_html/it-IT/opds-Fedora_Contributor_Documentation.xml
index 81e578a..0e0ca99 100644
--- a/public_html/it-IT/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/it-IT/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/it-IT/opds-Fedora_Contributor_Documentation.xml</id>
<title>Documentazione Collaboratori Fedora</title>
<subtitle>Documentazione Collaboratori Fedora</subtitle>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:33</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/it-IT/opds-Fedora_Core.xml b/public_html/it-IT/opds-Fedora_Core.xml
index 898946f..2899431 100644
--- a/public_html/it-IT/opds-Fedora_Core.xml
+++ b/public_html/it-IT/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/it-IT/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:33</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/it-IT/opds-Fedora_Draft_Documentation.xml b/public_html/it-IT/opds-Fedora_Draft_Documentation.xml
index bc4c03e..1ad31c8 100644
--- a/public_html/it-IT/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/it-IT/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/it-IT/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:33</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/it-IT/opds.xml b/public_html/it-IT/opds.xml
index 8a04bab..d6e03b1 100644
--- a/public_html/it-IT/opds.xml
+++ b/public_html/it-IT/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/it-IT/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:33</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/it-IT/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:33</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Documentazione Collaboratori Fedora</title>
<id>http://docs.fedoraproject.org/it-IT/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:33</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/it-IT/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:33</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/it-IT/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:33</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/ja-JP/opds-Fedora.xml b/public_html/ja-JP/opds-Fedora.xml
index 734216e..86ce5a5 100644
--- a/public_html/ja-JP/opds-Fedora.xml
+++ b/public_html/ja-JP/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ja-JP/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:34</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>ja-JP</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/ja-JP/opds-Fedora_Contributor_Documentation.xml b/public_html/ja-JP/opds-Fedora_Contributor_Documentation.xml
index 3a01bc3a..a2d5c83 100644
--- a/public_html/ja-JP/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ja-JP/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ja-JP/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora コントリビュータ用ドキュメント</title>
<subtitle>Fedora コントリビュータ用ドキュメント</subtitle>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:34</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ja-JP/opds-Fedora_Core.xml b/public_html/ja-JP/opds-Fedora_Core.xml
index 75b9ff6..0b7ce39 100644
--- a/public_html/ja-JP/opds-Fedora_Core.xml
+++ b/public_html/ja-JP/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ja-JP/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:34</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ja-JP/opds-Fedora_Draft_Documentation.xml b/public_html/ja-JP/opds-Fedora_Draft_Documentation.xml
index f65de3a..31efc2f 100644
--- a/public_html/ja-JP/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ja-JP/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ja-JP/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:34</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ja-JP/opds.xml b/public_html/ja-JP/opds.xml
index 05b7861..718de55 100644
--- a/public_html/ja-JP/opds.xml
+++ b/public_html/ja-JP/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ja-JP/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:34</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ja-JP/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:34</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora コントリビュータ用ドキュメント</title>
<id>http://docs.fedoraproject.org/ja-JP/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:34</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ja-JP/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:34</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ja-JP/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:34</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/kn-IN/opds-Fedora.xml b/public_html/kn-IN/opds-Fedora.xml
index 4aed217..98a90f0 100644
--- a/public_html/kn-IN/opds-Fedora.xml
+++ b/public_html/kn-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/kn-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:34</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>kn-IN</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/kn-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/kn-IN/opds-Fedora_Contributor_Documentation.xml
index 7c73950..5186da2 100644
--- a/public_html/kn-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/kn-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/kn-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:34</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/kn-IN/opds-Fedora_Core.xml b/public_html/kn-IN/opds-Fedora_Core.xml
index d545d63..d0e2da6 100644
--- a/public_html/kn-IN/opds-Fedora_Core.xml
+++ b/public_html/kn-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/kn-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:34</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/kn-IN/opds-Fedora_Draft_Documentation.xml b/public_html/kn-IN/opds-Fedora_Draft_Documentation.xml
index 87c532c..a1c82ec 100644
--- a/public_html/kn-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/kn-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/kn-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:34</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/kn-IN/opds.xml b/public_html/kn-IN/opds.xml
index c10ef96..9ae2a8e 100644
--- a/public_html/kn-IN/opds.xml
+++ b/public_html/kn-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/kn-IN/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:34</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/kn-IN/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:34</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/kn-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:34</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/kn-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:34</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/kn-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:34</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/ko-KR/opds-Fedora.xml b/public_html/ko-KR/opds-Fedora.xml
index c6d6799..54bb7e2 100644
--- a/public_html/ko-KR/opds-Fedora.xml
+++ b/public_html/ko-KR/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ko-KR/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:35</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>ko-KR</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/ko-KR/opds-Fedora_Contributor_Documentation.xml b/public_html/ko-KR/opds-Fedora_Contributor_Documentation.xml
index 374471b..bf69519 100644
--- a/public_html/ko-KR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ko-KR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ko-KR/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:35</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ko-KR/opds-Fedora_Core.xml b/public_html/ko-KR/opds-Fedora_Core.xml
index 1c37fdf..473de63 100644
--- a/public_html/ko-KR/opds-Fedora_Core.xml
+++ b/public_html/ko-KR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ko-KR/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:35</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ko-KR/opds-Fedora_Draft_Documentation.xml b/public_html/ko-KR/opds-Fedora_Draft_Documentation.xml
index c38dbef..f97949c 100644
--- a/public_html/ko-KR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ko-KR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ko-KR/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:35</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ko-KR/opds.xml b/public_html/ko-KR/opds.xml
index 9caa64f..b1553fd 100644
--- a/public_html/ko-KR/opds.xml
+++ b/public_html/ko-KR/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ko-KR/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:35</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ko-KR/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:35</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/ko-KR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:35</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ko-KR/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:35</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ko-KR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:35</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/ml-IN/opds-Fedora.xml b/public_html/ml-IN/opds-Fedora.xml
index a8c7e88..06a9ab1 100644
--- a/public_html/ml-IN/opds-Fedora.xml
+++ b/public_html/ml-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ml-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:35</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>ml-IN</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/ml-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/ml-IN/opds-Fedora_Contributor_Documentation.xml
index 11f32e2..a7223f7 100644
--- a/public_html/ml-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ml-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ml-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:35</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ml-IN/opds-Fedora_Core.xml b/public_html/ml-IN/opds-Fedora_Core.xml
index c515224..eea972c 100644
--- a/public_html/ml-IN/opds-Fedora_Core.xml
+++ b/public_html/ml-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ml-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:35</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ml-IN/opds-Fedora_Draft_Documentation.xml b/public_html/ml-IN/opds-Fedora_Draft_Documentation.xml
index 25a67a5..2596991 100644
--- a/public_html/ml-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ml-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ml-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:35</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ml-IN/opds.xml b/public_html/ml-IN/opds.xml
index f0d06ae..3e98b45 100644
--- a/public_html/ml-IN/opds.xml
+++ b/public_html/ml-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ml-IN/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:35</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ml-IN/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:35</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/ml-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:35</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ml-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:35</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ml-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:35</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/mr-IN/opds-Fedora.xml b/public_html/mr-IN/opds-Fedora.xml
index 85ced71..24c6313 100644
--- a/public_html/mr-IN/opds-Fedora.xml
+++ b/public_html/mr-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/mr-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:36</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>mr-IN</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/mr-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/mr-IN/opds-Fedora_Contributor_Documentation.xml
index a3110ab..c0e597f 100644
--- a/public_html/mr-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/mr-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/mr-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:36</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/mr-IN/opds-Fedora_Core.xml b/public_html/mr-IN/opds-Fedora_Core.xml
index 07db742..d454248 100644
--- a/public_html/mr-IN/opds-Fedora_Core.xml
+++ b/public_html/mr-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/mr-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:36</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/mr-IN/opds-Fedora_Draft_Documentation.xml b/public_html/mr-IN/opds-Fedora_Draft_Documentation.xml
index cc519f2..da82ebb 100644
--- a/public_html/mr-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/mr-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/mr-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:36</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/mr-IN/opds.xml b/public_html/mr-IN/opds.xml
index 86510e5..eaab3d9 100644
--- a/public_html/mr-IN/opds.xml
+++ b/public_html/mr-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/mr-IN/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:36</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/mr-IN/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:36</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/mr-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:36</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/mr-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:36</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/mr-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:36</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/nb-NO/opds-Fedora.xml b/public_html/nb-NO/opds-Fedora.xml
index 8de993c..209608c 100644
--- a/public_html/nb-NO/opds-Fedora.xml
+++ b/public_html/nb-NO/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nb-NO/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:36</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>nb-NO</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/nb-NO/opds-Fedora_Contributor_Documentation.xml b/public_html/nb-NO/opds-Fedora_Contributor_Documentation.xml
index 529136c..069328d 100644
--- a/public_html/nb-NO/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/nb-NO/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nb-NO/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:36</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nb-NO/opds-Fedora_Core.xml b/public_html/nb-NO/opds-Fedora_Core.xml
index 3ce51ee..b3aadb6 100644
--- a/public_html/nb-NO/opds-Fedora_Core.xml
+++ b/public_html/nb-NO/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nb-NO/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:36</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nb-NO/opds-Fedora_Draft_Documentation.xml b/public_html/nb-NO/opds-Fedora_Draft_Documentation.xml
index 76fcc6d..38bd613 100644
--- a/public_html/nb-NO/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/nb-NO/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nb-NO/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:36</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nb-NO/opds.xml b/public_html/nb-NO/opds.xml
index 5a50027..3e1f6bb 100644
--- a/public_html/nb-NO/opds.xml
+++ b/public_html/nb-NO/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/nb-NO/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:36</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/nb-NO/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:36</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/nb-NO/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:36</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/nb-NO/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:36</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/nb-NO/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:36</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/nl-NL/opds-Fedora.xml b/public_html/nl-NL/opds-Fedora.xml
index 1694661..f05ff9a 100644
--- a/public_html/nl-NL/opds-Fedora.xml
+++ b/public_html/nl-NL/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nl-NL/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:38</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>nl-NL</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/nl-NL/opds-Fedora_Contributor_Documentation.xml b/public_html/nl-NL/opds-Fedora_Contributor_Documentation.xml
index 43d5648..3ad6e47 100644
--- a/public_html/nl-NL/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/nl-NL/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nl-NL/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:38</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nl-NL/opds-Fedora_Core.xml b/public_html/nl-NL/opds-Fedora_Core.xml
index 16b366a..1174197 100644
--- a/public_html/nl-NL/opds-Fedora_Core.xml
+++ b/public_html/nl-NL/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nl-NL/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:38</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nl-NL/opds-Fedora_Draft_Documentation.xml b/public_html/nl-NL/opds-Fedora_Draft_Documentation.xml
index 8cb1b90..dd280fb 100644
--- a/public_html/nl-NL/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/nl-NL/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/nl-NL/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:38</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/nl-NL/opds.xml b/public_html/nl-NL/opds.xml
index fa46d14..6918c65 100644
--- a/public_html/nl-NL/opds.xml
+++ b/public_html/nl-NL/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/nl-NL/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:38</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/nl-NL/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:38</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/nl-NL/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:38</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/nl-NL/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:38</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/nl-NL/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:38</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/opds.xml b/public_html/opds.xml
index 2592e69..f39bfc7 100644
--- a/public_html/opds.xml
+++ b/public_html/opds.xml
@@ -7,7 +7,7 @@
<link rel="start" href="http://docs.fedoraproject.org/opds.xml" type="application/atom+xml;type=feed;profile=opds-catalog"/>
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<title>Fedora Documentation</title>
- <updated>2011-07-16T02:46:08</updated>
+ <updated>2011-07-22T14:16:51</updated>
<!--author>
<name></name>
<uri></uri>
@@ -16,7 +16,7 @@
<entry>
<title>অসমীয়া</title>
<id>as-IN/opds.xml</id>
- <updated>2011-07-16T02:45:59</updated>
+ <updated>2011-07-22T14:16:18</updated>
<dc:language>as-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="as-IN/opds.xml"/>
@@ -24,7 +24,7 @@
<entry>
<title>български</title>
<id>bg-BG/opds.xml</id>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:19</updated>
<dc:language>bg-BG</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="bg-BG/opds.xml"/>
@@ -32,7 +32,7 @@
<entry>
<title>বাংলা</title>
<id>bn-IN/opds.xml</id>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:19</updated>
<dc:language>bn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="bn-IN/opds.xml"/>
@@ -40,7 +40,7 @@
<entry>
<title>Bosanski</title>
<id>bs-BA/opds.xml</id>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:19</updated>
<dc:language>bs-BA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="bs-BA/opds.xml"/>
@@ -48,7 +48,7 @@
<entry>
<title>Català</title>
<id>ca-ES/opds.xml</id>
- <updated>2011-07-16T02:46:00</updated>
+ <updated>2011-07-22T14:16:20</updated>
<dc:language>ca-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ca-ES/opds.xml"/>
@@ -56,7 +56,7 @@
<entry>
<title>Čeština</title>
<id>cs-CZ/opds.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:20</updated>
<dc:language>cs-CZ</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="cs-CZ/opds.xml"/>
@@ -64,7 +64,7 @@
<entry>
<title>Dansk</title>
<id>da-DK/opds.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:21</updated>
<dc:language>da-DK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="da-DK/opds.xml"/>
@@ -72,7 +72,7 @@
<entry>
<title>Deutsch</title>
<id>de-DE/opds.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:22</updated>
<dc:language>de-DE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="de-DE/opds.xml"/>
@@ -80,7 +80,7 @@
<entry>
<title>Ελληνικά</title>
<id>el-GR/opds.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:22</updated>
<dc:language>el-GR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="el-GR/opds.xml"/>
@@ -88,7 +88,7 @@
<entry>
<title>English</title>
<id>en-US/opds.xml</id>
- <updated>2011-07-16T02:46:01</updated>
+ <updated>2011-07-22T14:16:23</updated>
<dc:language>en-US</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="en-US/opds.xml"/>
@@ -96,7 +96,7 @@
<entry>
<title>Español</title>
<id>es-ES/opds.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:25</updated>
<dc:language>es-ES</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="es-ES/opds.xml"/>
@@ -104,7 +104,7 @@
<entry>
<title>فارسی</title>
<id>fa-IR/opds.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:25</updated>
<dc:language>fa-IR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="fa-IR/opds.xml"/>
@@ -112,7 +112,7 @@
<entry>
<title>Suomi</title>
<id>fi-FI/opds.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:26</updated>
<dc:language>fi-FI</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="fi-FI/opds.xml"/>
@@ -120,7 +120,7 @@
<entry>
<title>Français</title>
<id>fr-FR/opds.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:27</updated>
<dc:language>fr-FR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="fr-FR/opds.xml"/>
@@ -128,7 +128,7 @@
<entry>
<title>ગુજરાતી</title>
<id>gu-IN/opds.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:28</updated>
<dc:language>gu-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="gu-IN/opds.xml"/>
@@ -136,7 +136,7 @@
<entry>
<title>עברית</title>
<id>he-IL/opds.xml</id>
- <updated>2011-07-16T02:46:02</updated>
+ <updated>2011-07-22T14:16:28</updated>
<dc:language>he-IL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="he-IL/opds.xml"/>
@@ -144,7 +144,7 @@
<entry>
<title>हिन्दी</title>
<id>hi-IN/opds.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:28</updated>
<dc:language>hi-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="hi-IN/opds.xml"/>
@@ -152,7 +152,7 @@
<entry>
<title>Magyar</title>
<id>hu-HU/opds.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:29</updated>
<dc:language>hu-HU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="hu-HU/opds.xml"/>
@@ -160,7 +160,7 @@
<entry>
<title>Indonesia</title>
<id>id-ID/opds.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:29</updated>
<dc:language>id-ID</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="id-ID/opds.xml"/>
@@ -168,7 +168,7 @@
<entry>
<title>Italiano</title>
<id>it-IT/opds.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:33</updated>
<dc:language>it-IT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="it-IT/opds.xml"/>
@@ -176,7 +176,7 @@
<entry>
<title>日本語</title>
<id>ja-JP/opds.xml</id>
- <updated>2011-07-16T02:46:03</updated>
+ <updated>2011-07-22T14:16:34</updated>
<dc:language>ja-JP</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ja-JP/opds.xml"/>
@@ -184,7 +184,7 @@
<entry>
<title>ಕನ್ನಡ</title>
<id>kn-IN/opds.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:34</updated>
<dc:language>kn-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="kn-IN/opds.xml"/>
@@ -192,7 +192,7 @@
<entry>
<title>한국어</title>
<id>ko-KR/opds.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:35</updated>
<dc:language>ko-KR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ko-KR/opds.xml"/>
@@ -200,7 +200,7 @@
<entry>
<title>മലയാളം</title>
<id>ml-IN/opds.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:35</updated>
<dc:language>ml-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ml-IN/opds.xml"/>
@@ -208,7 +208,7 @@
<entry>
<title>मराठी</title>
<id>mr-IN/opds.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:36</updated>
<dc:language>mr-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="mr-IN/opds.xml"/>
@@ -216,7 +216,7 @@
<entry>
<title>Norsk (bokmål)</title>
<id>nb-NO/opds.xml</id>
- <updated>2011-07-16T02:46:04</updated>
+ <updated>2011-07-22T14:16:36</updated>
<dc:language>nb-NO</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="nb-NO/opds.xml"/>
@@ -224,7 +224,7 @@
<entry>
<title>Nederlands</title>
<id>nl-NL/opds.xml</id>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:38</updated>
<dc:language>nl-NL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="nl-NL/opds.xml"/>
@@ -232,7 +232,7 @@
<entry>
<title>ଓଡ଼ିଆ</title>
<id>or-IN/opds.xml</id>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:38</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="or-IN/opds.xml"/>
@@ -240,7 +240,7 @@
<entry>
<title>ਪੰਜਾਬੀ</title>
<id>pa-IN/opds.xml</id>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:39</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="pa-IN/opds.xml"/>
@@ -248,7 +248,7 @@
<entry>
<title>Polski</title>
<id>pl-PL/opds.xml</id>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:40</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="pl-PL/opds.xml"/>
@@ -256,7 +256,7 @@
<entry>
<title>Português Brasileiro</title>
<id>pt-BR/opds.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:41</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="pt-BR/opds.xml"/>
@@ -264,7 +264,7 @@
<entry>
<title>Português</title>
<id>pt-PT/opds.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:42</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="pt-PT/opds.xml"/>
@@ -272,7 +272,7 @@
<entry>
<title>Русский</title>
<id>ru-RU/opds.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:43</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ru-RU/opds.xml"/>
@@ -280,7 +280,7 @@
<entry>
<title>Slovenščina</title>
<id>sk-SK/opds.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:43</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="sk-SK/opds.xml"/>
@@ -288,7 +288,7 @@
<entry>
<title>Srpski (latinica)</title>
<id>sr-Latn-RS/opds.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:44</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="sr-Latn-RS/opds.xml"/>
@@ -296,7 +296,7 @@
<entry>
<title>Српски</title>
<id>sr-RS/opds.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:45</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="sr-RS/opds.xml"/>
@@ -304,7 +304,7 @@
<entry>
<title>Svenska</title>
<id>sv-SE/opds.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:46</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="sv-SE/opds.xml"/>
@@ -312,7 +312,7 @@
<entry>
<title>தமிழ்</title>
<id>ta-IN/opds.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:46</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="ta-IN/opds.xml"/>
@@ -320,7 +320,7 @@
<entry>
<title>తెలుగు</title>
<id>te-IN/opds.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:47</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="te-IN/opds.xml"/>
@@ -328,7 +328,7 @@
<entry>
<title>Українська</title>
<id>uk-UA/opds.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:48</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="uk-UA/opds.xml"/>
@@ -336,7 +336,7 @@
<entry>
<title>简体中文</title>
<id>zh-CN/opds.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:49</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="zh-CN/opds.xml"/>
@@ -344,7 +344,7 @@
<entry>
<title>繁體中文</title>
<id>zh-TW/opds.xml</id>
- <updated>2011-07-16T02:46:08</updated>
+ <updated>2011-07-22T14:16:50</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="zh-TW/opds.xml"/>
diff --git a/public_html/or-IN/opds-Fedora.xml b/public_html/or-IN/opds-Fedora.xml
index d7c310b..3765f73 100644
--- a/public_html/or-IN/opds-Fedora.xml
+++ b/public_html/or-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/or-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:38</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>or-IN</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/or-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/or-IN/opds-Fedora_Contributor_Documentation.xml
index e724d90..bd99f6c 100644
--- a/public_html/or-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/or-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/or-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:38</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/or-IN/opds-Fedora_Core.xml b/public_html/or-IN/opds-Fedora_Core.xml
index ec53d69..208fe3b 100644
--- a/public_html/or-IN/opds-Fedora_Core.xml
+++ b/public_html/or-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/or-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:38</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/or-IN/opds-Fedora_Draft_Documentation.xml b/public_html/or-IN/opds-Fedora_Draft_Documentation.xml
index 620ea20..e268069 100644
--- a/public_html/or-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/or-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/or-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:38</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/or-IN/opds.xml b/public_html/or-IN/opds.xml
index ddf9209..af61621 100644
--- a/public_html/or-IN/opds.xml
+++ b/public_html/or-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/or-IN/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:38</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/or-IN/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:38</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/or-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:38</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/or-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:38</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/or-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:38</updated>
<dc:language>or-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/pa-IN/opds-Fedora.xml b/public_html/pa-IN/opds-Fedora.xml
index 8df9303..f711b93 100644
--- a/public_html/pa-IN/opds-Fedora.xml
+++ b/public_html/pa-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pa-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:38</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>pa-IN</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/pa-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/pa-IN/opds-Fedora_Contributor_Documentation.xml
index 0338537..96390cd 100644
--- a/public_html/pa-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/pa-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pa-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:39</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pa-IN/opds-Fedora_Core.xml b/public_html/pa-IN/opds-Fedora_Core.xml
index 26f9e28..9c78bba 100644
--- a/public_html/pa-IN/opds-Fedora_Core.xml
+++ b/public_html/pa-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pa-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:39</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pa-IN/opds-Fedora_Draft_Documentation.xml b/public_html/pa-IN/opds-Fedora_Draft_Documentation.xml
index ac3e338..6176d67 100644
--- a/public_html/pa-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/pa-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pa-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:39</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pa-IN/opds.xml b/public_html/pa-IN/opds.xml
index f467686..e1b784d 100644
--- a/public_html/pa-IN/opds.xml
+++ b/public_html/pa-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/pa-IN/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:39</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/pa-IN/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:38</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/pa-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:39</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/pa-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:39</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/pa-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:39</updated>
<dc:language>pa-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/pl-PL/opds-Fedora.xml b/public_html/pl-PL/opds-Fedora.xml
index 527607d..e1ecbb1 100644
--- a/public_html/pl-PL/opds-Fedora.xml
+++ b/public_html/pl-PL/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pl-PL/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:40</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>pl-PL</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/pl-PL/opds-Fedora_Contributor_Documentation.xml b/public_html/pl-PL/opds-Fedora_Contributor_Documentation.xml
index d5ce74f..289d047 100644
--- a/public_html/pl-PL/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/pl-PL/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pl-PL/opds-Fedora_Contributor_Documentation.xml</id>
<title>Dokumentacja dla współtwórców Fedory</title>
<subtitle>Dokumentacja dla współtwórców Fedory</subtitle>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pl-PL/opds-Fedora_Core.xml b/public_html/pl-PL/opds-Fedora_Core.xml
index 74cced3..70c878d 100644
--- a/public_html/pl-PL/opds-Fedora_Core.xml
+++ b/public_html/pl-PL/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pl-PL/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pl-PL/opds-Fedora_Draft_Documentation.xml b/public_html/pl-PL/opds-Fedora_Draft_Documentation.xml
index a72af57..8c09cac 100644
--- a/public_html/pl-PL/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/pl-PL/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pl-PL/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:40</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pl-PL/opds.xml b/public_html/pl-PL/opds.xml
index 890657d..22b0785 100644
--- a/public_html/pl-PL/opds.xml
+++ b/public_html/pl-PL/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/pl-PL/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:40</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/pl-PL/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:40</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Dokumentacja dla współtwórców Fedory</title>
<id>http://docs.fedoraproject.org/pl-PL/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:40</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/pl-PL/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:40</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/pl-PL/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:40</updated>
<dc:language>pl-PL</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/pt-BR/opds-Fedora.xml b/public_html/pt-BR/opds-Fedora.xml
index 3b93b88..5b2eeb7 100644
--- a/public_html/pt-BR/opds-Fedora.xml
+++ b/public_html/pt-BR/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-BR/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:41</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>pt-BR</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/pt-BR/opds-Fedora_Contributor_Documentation.xml b/public_html/pt-BR/opds-Fedora_Contributor_Documentation.xml
index 4685c7b..c757b92 100644
--- a/public_html/pt-BR/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/pt-BR/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-BR/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-BR/opds-Fedora_Core.xml b/public_html/pt-BR/opds-Fedora_Core.xml
index d2ab279..58cad21 100644
--- a/public_html/pt-BR/opds-Fedora_Core.xml
+++ b/public_html/pt-BR/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-BR/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-BR/opds-Fedora_Draft_Documentation.xml b/public_html/pt-BR/opds-Fedora_Draft_Documentation.xml
index 5c06aac..43fbbf5 100644
--- a/public_html/pt-BR/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/pt-BR/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-BR/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:41</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-BR/opds.xml b/public_html/pt-BR/opds.xml
index 88f35ac..e906353 100644
--- a/public_html/pt-BR/opds.xml
+++ b/public_html/pt-BR/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/pt-BR/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:41</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/pt-BR/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:41</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/pt-BR/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:41</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/pt-BR/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:41</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/pt-BR/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:05</updated>
+ <updated>2011-07-22T14:16:41</updated>
<dc:language>pt-BR</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/pt-PT/opds-Fedora.xml b/public_html/pt-PT/opds-Fedora.xml
index 501bcfc..5ca27b6 100644
--- a/public_html/pt-PT/opds-Fedora.xml
+++ b/public_html/pt-PT/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-PT/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:42</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>pt-PT</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/pt-PT/opds-Fedora_Contributor_Documentation.xml b/public_html/pt-PT/opds-Fedora_Contributor_Documentation.xml
index dfa174a..eff6341 100644
--- a/public_html/pt-PT/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/pt-PT/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-PT/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:42</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-PT/opds-Fedora_Core.xml b/public_html/pt-PT/opds-Fedora_Core.xml
index f6b4107..7a4db39 100644
--- a/public_html/pt-PT/opds-Fedora_Core.xml
+++ b/public_html/pt-PT/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-PT/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:42</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-PT/opds-Fedora_Draft_Documentation.xml b/public_html/pt-PT/opds-Fedora_Draft_Documentation.xml
index 98f52b3..6bcc1b5 100644
--- a/public_html/pt-PT/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/pt-PT/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/pt-PT/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:42</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/pt-PT/opds.xml b/public_html/pt-PT/opds.xml
index fed72bd..26a0b49 100644
--- a/public_html/pt-PT/opds.xml
+++ b/public_html/pt-PT/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/pt-PT/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:42</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/pt-PT/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:42</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/pt-PT/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:42</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/pt-PT/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:42</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/pt-PT/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:42</updated>
<dc:language>pt-PT</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/ru-RU/opds-Fedora.xml b/public_html/ru-RU/opds-Fedora.xml
index 4a8ada3..a89bd2c 100644
--- a/public_html/ru-RU/opds-Fedora.xml
+++ b/public_html/ru-RU/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ru-RU/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:43</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>ru-RU</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/ru-RU/opds-Fedora_Contributor_Documentation.xml b/public_html/ru-RU/opds-Fedora_Contributor_Documentation.xml
index 974bf64..6984177 100644
--- a/public_html/ru-RU/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ru-RU/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ru-RU/opds-Fedora_Contributor_Documentation.xml</id>
<title>Документация участника Fedora</title>
<subtitle>Документация участника Fedora</subtitle>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:43</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ru-RU/opds-Fedora_Core.xml b/public_html/ru-RU/opds-Fedora_Core.xml
index 08b5a36..08c7742 100644
--- a/public_html/ru-RU/opds-Fedora_Core.xml
+++ b/public_html/ru-RU/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ru-RU/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:43</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ru-RU/opds-Fedora_Draft_Documentation.xml b/public_html/ru-RU/opds-Fedora_Draft_Documentation.xml
index 920b19a..93912b1 100644
--- a/public_html/ru-RU/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ru-RU/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ru-RU/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:43</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ru-RU/opds.xml b/public_html/ru-RU/opds.xml
index 3374255..d336eb0 100644
--- a/public_html/ru-RU/opds.xml
+++ b/public_html/ru-RU/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ru-RU/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:43</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ru-RU/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:43</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Документация участника Fedora</title>
<id>http://docs.fedoraproject.org/ru-RU/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:43</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ru-RU/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:43</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ru-RU/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:43</updated>
<dc:language>ru-RU</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/sk-SK/opds-Fedora.xml b/public_html/sk-SK/opds-Fedora.xml
index eaad2ec..5f82680 100644
--- a/public_html/sk-SK/opds-Fedora.xml
+++ b/public_html/sk-SK/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sk-SK/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:43</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>sk-SK</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/sk-SK/opds-Fedora_Contributor_Documentation.xml b/public_html/sk-SK/opds-Fedora_Contributor_Documentation.xml
index 03ad1ce..ff67b85 100644
--- a/public_html/sk-SK/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/sk-SK/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sk-SK/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:43</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sk-SK/opds-Fedora_Core.xml b/public_html/sk-SK/opds-Fedora_Core.xml
index 0014c02..c398e14 100644
--- a/public_html/sk-SK/opds-Fedora_Core.xml
+++ b/public_html/sk-SK/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sk-SK/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:43</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sk-SK/opds-Fedora_Draft_Documentation.xml b/public_html/sk-SK/opds-Fedora_Draft_Documentation.xml
index 50e22ce..7b501f9 100644
--- a/public_html/sk-SK/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/sk-SK/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sk-SK/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:43</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sk-SK/opds.xml b/public_html/sk-SK/opds.xml
index f2b1e77..a7854ed 100644
--- a/public_html/sk-SK/opds.xml
+++ b/public_html/sk-SK/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/sk-SK/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:43</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/sk-SK/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:43</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/sk-SK/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:43</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/sk-SK/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:43</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/sk-SK/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:43</updated>
<dc:language>sk-SK</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/sr-Latn-RS/opds-Fedora.xml b/public_html/sr-Latn-RS/opds-Fedora.xml
index 0f2b6b2..3ca0b15 100644
--- a/public_html/sr-Latn-RS/opds-Fedora.xml
+++ b/public_html/sr-Latn-RS/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:44</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>sr-Latn-RS</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml b/public_html/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml
index aeaab0d..04f3db2 100644
--- a/public_html/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-Latn-RS/opds-Fedora_Core.xml b/public_html/sr-Latn-RS/opds-Fedora_Core.xml
index 3475cfc..8fa2240 100644
--- a/public_html/sr-Latn-RS/opds-Fedora_Core.xml
+++ b/public_html/sr-Latn-RS/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml b/public_html/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml
index de4f36e..e2dc448 100644
--- a/public_html/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:44</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-Latn-RS/opds.xml b/public_html/sr-Latn-RS/opds.xml
index 9851b43..50355d0 100644
--- a/public_html/sr-Latn-RS/opds.xml
+++ b/public_html/sr-Latn-RS/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/sr-Latn-RS/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:44</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/sr-Latn-RS/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:44</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/sr-Latn-RS/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:44</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/sr-Latn-RS/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:44</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/sr-Latn-RS/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:44</updated>
<dc:language>sr-Latn-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/sr-RS/opds-Fedora.xml b/public_html/sr-RS/opds-Fedora.xml
index 36b84f3..13d437c 100644
--- a/public_html/sr-RS/opds-Fedora.xml
+++ b/public_html/sr-RS/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-RS/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:45</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>sr-RS</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/sr-RS/opds-Fedora_Contributor_Documentation.xml b/public_html/sr-RS/opds-Fedora_Contributor_Documentation.xml
index a490d5e..e9b80b7 100644
--- a/public_html/sr-RS/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/sr-RS/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-RS/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:45</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-RS/opds-Fedora_Core.xml b/public_html/sr-RS/opds-Fedora_Core.xml
index 67308f7..ee0fd1e 100644
--- a/public_html/sr-RS/opds-Fedora_Core.xml
+++ b/public_html/sr-RS/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-RS/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:45</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-RS/opds-Fedora_Draft_Documentation.xml b/public_html/sr-RS/opds-Fedora_Draft_Documentation.xml
index 41d1ca5..1c600b2 100644
--- a/public_html/sr-RS/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/sr-RS/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sr-RS/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:45</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sr-RS/opds.xml b/public_html/sr-RS/opds.xml
index 45f6d8b..f8dd26d 100644
--- a/public_html/sr-RS/opds.xml
+++ b/public_html/sr-RS/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/sr-RS/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:45</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/sr-RS/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:45</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/sr-RS/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:45</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/sr-RS/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:45</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/sr-RS/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:06</updated>
+ <updated>2011-07-22T14:16:45</updated>
<dc:language>sr-RS</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/sv-SE/opds-Fedora.xml b/public_html/sv-SE/opds-Fedora.xml
index a434381..66b291b 100644
--- a/public_html/sv-SE/opds-Fedora.xml
+++ b/public_html/sv-SE/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sv-SE/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:46</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>sv-SE</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/sv-SE/opds-Fedora_Contributor_Documentation.xml b/public_html/sv-SE/opds-Fedora_Contributor_Documentation.xml
index 9a9b455..c91572a 100644
--- a/public_html/sv-SE/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/sv-SE/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sv-SE/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:46</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sv-SE/opds-Fedora_Core.xml b/public_html/sv-SE/opds-Fedora_Core.xml
index 8ca53a4..b9bc198 100644
--- a/public_html/sv-SE/opds-Fedora_Core.xml
+++ b/public_html/sv-SE/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sv-SE/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:46</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sv-SE/opds-Fedora_Draft_Documentation.xml b/public_html/sv-SE/opds-Fedora_Draft_Documentation.xml
index 81ac1ba..2c68ae0 100644
--- a/public_html/sv-SE/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/sv-SE/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/sv-SE/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:46</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/sv-SE/opds.xml b/public_html/sv-SE/opds.xml
index 539e085..9f60392 100644
--- a/public_html/sv-SE/opds.xml
+++ b/public_html/sv-SE/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/sv-SE/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:46</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/sv-SE/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:46</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/sv-SE/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:46</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/sv-SE/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:46</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/sv-SE/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:46</updated>
<dc:language>sv-SE</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/ta-IN/opds-Fedora.xml b/public_html/ta-IN/opds-Fedora.xml
index f4d0ea0..62c2ef4 100644
--- a/public_html/ta-IN/opds-Fedora.xml
+++ b/public_html/ta-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ta-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:46</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>ta-IN</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/ta-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/ta-IN/opds-Fedora_Contributor_Documentation.xml
index a5e9fb7..43206d3 100644
--- a/public_html/ta-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/ta-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ta-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:46</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ta-IN/opds-Fedora_Core.xml b/public_html/ta-IN/opds-Fedora_Core.xml
index a4f25ed..9bc1920 100644
--- a/public_html/ta-IN/opds-Fedora_Core.xml
+++ b/public_html/ta-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ta-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:46</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ta-IN/opds-Fedora_Draft_Documentation.xml b/public_html/ta-IN/opds-Fedora_Draft_Documentation.xml
index e865f39..f5e599e 100644
--- a/public_html/ta-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/ta-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/ta-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:46</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/ta-IN/opds.xml b/public_html/ta-IN/opds.xml
index 4bf0bf6..a4c8c1a 100644
--- a/public_html/ta-IN/opds.xml
+++ b/public_html/ta-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/ta-IN/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:46</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/ta-IN/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:46</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/ta-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:46</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/ta-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:46</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/ta-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:46</updated>
<dc:language>ta-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/te-IN/opds-Fedora.xml b/public_html/te-IN/opds-Fedora.xml
index 3edeae5..f9a85aa 100644
--- a/public_html/te-IN/opds-Fedora.xml
+++ b/public_html/te-IN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/te-IN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:47</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>te-IN</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/te-IN/opds-Fedora_Contributor_Documentation.xml b/public_html/te-IN/opds-Fedora_Contributor_Documentation.xml
index fd64bef..327fd89 100644
--- a/public_html/te-IN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/te-IN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/te-IN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:47</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/te-IN/opds-Fedora_Core.xml b/public_html/te-IN/opds-Fedora_Core.xml
index ed8cb3c..714b0d2 100644
--- a/public_html/te-IN/opds-Fedora_Core.xml
+++ b/public_html/te-IN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/te-IN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:47</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/te-IN/opds-Fedora_Draft_Documentation.xml b/public_html/te-IN/opds-Fedora_Draft_Documentation.xml
index 58edd75..cc3db12 100644
--- a/public_html/te-IN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/te-IN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/te-IN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:47</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/te-IN/opds.xml b/public_html/te-IN/opds.xml
index 43dd70c..1a70b23 100644
--- a/public_html/te-IN/opds.xml
+++ b/public_html/te-IN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/te-IN/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:47</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/te-IN/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:47</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/te-IN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:47</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/te-IN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:47</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/te-IN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:47</updated>
<dc:language>te-IN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/uk-UA/opds-Fedora.xml b/public_html/uk-UA/opds-Fedora.xml
index 4dfc1ba..186d210 100644
--- a/public_html/uk-UA/opds-Fedora.xml
+++ b/public_html/uk-UA/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/uk-UA/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:47</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>uk-UA</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/uk-UA/opds-Fedora_Contributor_Documentation.xml b/public_html/uk-UA/opds-Fedora_Contributor_Documentation.xml
index a08e4dc..ad8796e 100644
--- a/public_html/uk-UA/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/uk-UA/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/uk-UA/opds-Fedora_Contributor_Documentation.xml</id>
<title>Документація для учасника розробки Fedora</title>
<subtitle>Документація для учасника розробки Fedora</subtitle>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/uk-UA/opds-Fedora_Core.xml b/public_html/uk-UA/opds-Fedora_Core.xml
index 61b4569..347d775 100644
--- a/public_html/uk-UA/opds-Fedora_Core.xml
+++ b/public_html/uk-UA/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/uk-UA/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/uk-UA/opds-Fedora_Draft_Documentation.xml b/public_html/uk-UA/opds-Fedora_Draft_Documentation.xml
index 2b1ea18..18eb42f 100644
--- a/public_html/uk-UA/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/uk-UA/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/uk-UA/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:48</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/uk-UA/opds.xml b/public_html/uk-UA/opds.xml
index 405a832..bca7714 100644
--- a/public_html/uk-UA/opds.xml
+++ b/public_html/uk-UA/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/uk-UA/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:48</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/uk-UA/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:48</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Документація для учасника розробки Fedora</title>
<id>http://docs.fedoraproject.org/uk-UA/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:48</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/uk-UA/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:48</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/uk-UA/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:48</updated>
<dc:language>uk-UA</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/zh-CN/opds-Fedora.xml b/public_html/zh-CN/opds-Fedora.xml
index 3555210..5a631a3 100644
--- a/public_html/zh-CN/opds-Fedora.xml
+++ b/public_html/zh-CN/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-CN/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:49</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>zh-CN</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/zh-CN/opds-Fedora_Contributor_Documentation.xml b/public_html/zh-CN/opds-Fedora_Contributor_Documentation.xml
index 0bb00a0..2435fdf 100644
--- a/public_html/zh-CN/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/zh-CN/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-CN/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:49</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-CN/opds-Fedora_Core.xml b/public_html/zh-CN/opds-Fedora_Core.xml
index 48b24b5..839206d 100644
--- a/public_html/zh-CN/opds-Fedora_Core.xml
+++ b/public_html/zh-CN/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-CN/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:49</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-CN/opds-Fedora_Draft_Documentation.xml b/public_html/zh-CN/opds-Fedora_Draft_Documentation.xml
index 089b2c7..b455f0b 100644
--- a/public_html/zh-CN/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/zh-CN/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-CN/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:49</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-CN/opds.xml b/public_html/zh-CN/opds.xml
index b4b412d..0b54373 100644
--- a/public_html/zh-CN/opds.xml
+++ b/public_html/zh-CN/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/zh-CN/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:49</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/zh-CN/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:49</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/zh-CN/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:49</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/zh-CN/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:49</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/zh-CN/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:07</updated>
+ <updated>2011-07-22T14:16:49</updated>
<dc:language>zh-CN</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
diff --git a/public_html/zh-TW/opds-Fedora.xml b/public_html/zh-TW/opds-Fedora.xml
index 68833d1..3600353 100644
--- a/public_html/zh-TW/opds-Fedora.xml
+++ b/public_html/zh-TW/opds-Fedora.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-TW/opds-Fedora.xml</id>
<title>Fedora</title>
<subtitle>Fedora</subtitle>
- <updated>2011-07-16T02:46:08</updated>
+ <updated>2011-07-22T14:16:49</updated>
<!--author>
<name></name>
<uri></uri>
@@ -19,7 +19,7 @@
<name></name>
<uri></uri>
</author-->
- <updated>2011-07-16</updated>
+ <updated>2011-07-22</updated>
<dc:language>zh-TW</dc:language>
<category label="15" scheme="http://lexcycle.com/stanza/header" term="free"/>
<!--dc:issued></dc:issued-->
diff --git a/public_html/zh-TW/opds-Fedora_Contributor_Documentation.xml b/public_html/zh-TW/opds-Fedora_Contributor_Documentation.xml
index 3deff79..1be05bf 100644
--- a/public_html/zh-TW/opds-Fedora_Contributor_Documentation.xml
+++ b/public_html/zh-TW/opds-Fedora_Contributor_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-TW/opds-Fedora_Contributor_Documentation.xml</id>
<title>Fedora Contributor Documentation</title>
<subtitle>Fedora Contributor Documentation</subtitle>
- <updated>2011-07-16T02:46:08</updated>
+ <updated>2011-07-22T14:16:50</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-TW/opds-Fedora_Core.xml b/public_html/zh-TW/opds-Fedora_Core.xml
index a3b4696..5f8ef85 100644
--- a/public_html/zh-TW/opds-Fedora_Core.xml
+++ b/public_html/zh-TW/opds-Fedora_Core.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-TW/opds-Fedora_Core.xml</id>
<title>Fedora Core</title>
<subtitle>Fedora Core</subtitle>
- <updated>2011-07-16T02:46:08</updated>
+ <updated>2011-07-22T14:16:50</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-TW/opds-Fedora_Draft_Documentation.xml b/public_html/zh-TW/opds-Fedora_Draft_Documentation.xml
index 37789a6..499c649 100644
--- a/public_html/zh-TW/opds-Fedora_Draft_Documentation.xml
+++ b/public_html/zh-TW/opds-Fedora_Draft_Documentation.xml
@@ -6,7 +6,7 @@
<id>http://docs.fedoraproject.org/zh-TW/opds-Fedora_Draft_Documentation.xml</id>
<title>Fedora Draft Documentation</title>
<subtitle>Fedora Draft Documentation</subtitle>
- <updated>2011-07-16T02:46:08</updated>
+ <updated>2011-07-22T14:16:50</updated>
<!--author>
<name></name>
<uri></uri>
diff --git a/public_html/zh-TW/opds.xml b/public_html/zh-TW/opds.xml
index 04ae60c..3c884f4 100644
--- a/public_html/zh-TW/opds.xml
+++ b/public_html/zh-TW/opds.xml
@@ -6,7 +6,7 @@
<link rel="http://opds-spec.org/crawlable" type="application/atom+xml" href="http://bookserver.archive.org/catalog/crawlable" title="Crawlable feed"/>
<id>http://docs.fedoraproject.org/zh-TW/opds.xml</id>
<title>Product List</title>
- <updated>2011-07-16T02:46:08</updated>
+ <updated>2011-07-22T14:16:50</updated>
<!--author>
<name></name>
<uri></uri>
@@ -15,7 +15,7 @@
<entry>
<title>Fedora</title>
<id>http://docs.fedoraproject.org/zh-TW/Fedora/opds-Fedora.xml</id>
- <updated>2011-07-16T02:46:08</updated>
+ <updated>2011-07-22T14:16:49</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora.xml"/>
@@ -23,7 +23,7 @@
<entry>
<title>Fedora Contributor Documentation</title>
<id>http://docs.fedoraproject.org/zh-TW/Fedora_Contributor_Documentation/opds-Fedora_Contributor_Documentation.xml</id>
- <updated>2011-07-16T02:46:08</updated>
+ <updated>2011-07-22T14:16:50</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Contributor_Documentation.xml"/>
@@ -31,7 +31,7 @@
<entry>
<title>Fedora Core</title>
<id>http://docs.fedoraproject.org/zh-TW/Fedora_Core/opds-Fedora_Core.xml</id>
- <updated>2011-07-16T02:46:08</updated>
+ <updated>2011-07-22T14:16:50</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Core.xml"/>
@@ -39,7 +39,7 @@
<entry>
<title>Fedora Draft Documentation</title>
<id>http://docs.fedoraproject.org/zh-TW/Fedora_Draft_Documentation/opds-Fedora_Draft_Documentation.xml</id>
- <updated>2011-07-16T02:46:08</updated>
+ <updated>2011-07-22T14:16:50</updated>
<dc:language>zh-TW</dc:language>
<content type="text"></content>
<link type="application/atom+xml" href="opds-Fedora_Draft_Documentation.xml"/>
More information about the docs-commits
mailing list