GOAL: Setup freeipa for w/ kerberos NFS4 file sharing, and autofs/auto mount home directories. A small number of users or hosts.
I have a centos 7.3 Internet host "pez.ipa.uqjau.org", with bind/bind-chroot installed and working. There is a "ipa.uqjau.org" delegation NS record and a SOA ipa.uqjau.org record, both mapped to host "pez.ipa.uqjau.org" both in the "uqjau.org" zone. bind is working OK on pez with pez bind authoritative for ipa.uqjau.org, but I plan to uninstall bind-chroot and let 'ipa-server-install' setup bind from scratch. (I understand I need to uninstall bind-chroot, and plan to do so.)
I'm new to freeipa, but have read for 7 hours or so, and have spent a couple of hours reading the list. NFS4 is working now.
For guidance on the install I have been looking at:
https://blog.christophersmart.com/articles/freeipa-how-to-fedora/
How does this look?
ipa-server-install \ --unattended \ --realm=IPA.UQJAU.ORG \ --domain=ipa.uqjau.org \ --ds-password=SOMETHINGSECRET \ --admin-password=ANOTHERPW \ --mkhomedir \ --ip-address=45.55.89.85 \ --idstart=50000 \ --no_hbac_allow \ --ssh-trust-dns \ --setup-dns \ --no-forwarders \ --no-reverse \ --zonemgr=AN_EMAIL_ADDR_HERE \ --no-dnssec-validation \
The --zonemgr line above is what I think the man page intends, right?
-- thanks, Tom