FreeIPA : Configure FreeIPA Client2018/11/27 |
Configure FreeIPA Client to connect to FreeIPA Server.
|
|
[1] | Add DNS entry for FreeIPA client on FreeIPA server first. (if not using FreeIPA integrated DNS, no need to add) |
# ipa dnsrecord-add [domai name] [recorde name] [record type] [record] root@dlp:~# ipa dnsrecord-add ipa.srv.world node01 --a-rec 10.0.0.51 Record name: node01 A record: 10.0.0.51 |
[2] | |
[3] | Install Client tools on FreeIPA Client. |
root@node01:~# apt -y install freeipa-client oddjob-mkhomedir
|
[4] | Setup as a FreeIPA Client. |
root@node01:~#
vi /etc/netplan/01-netcfg.yaml nameservers: # change DNS setting to refer FreeIPA server addresses: [10.0.0.30]
root@node01:~#
netplan apply
# setup Client with specifying FreeIPA server and Domain name root@node01:~# ipa-client-install --server=dlp.ipa.srv.world --domain ipa.srv.world Autodiscovery of servers for failover cannot work with this configuration. If you proceed with the installation, services will be configured to always access the discovered server for all operations and will not fail over to other servers in case of failure. Proceed with fixed values and no DNS discovery? [no]: yes Client hostname: node01.ipa.srv.world Realm: IPA.SRV.WORLD DNS Domain: ipa.srv.world IPA Server: dlp.ipa.srv.world BaseDN: dc=ipa,dc=srv,dc=world # confirm settings and proceed with [yes] Continue to configure the system with these values? [no]: yes Synchronizing time with KDC... # answer with admin User authorized to enroll computers: admin # admin password Password for admin@IPA.SRV.WORLD: Successfully retrieved CA cert Subject: CN=Certificate Authority,O=IPA.SRV.WORLD Issuer: CN=Certificate Authority,O=IPA.SRV.WORLD Valid From: 2018-11-26 04:58:38 Valid Until: 2038-11-26 04:58:38 Enrolled in IPA realm IPA.SRV.WORLD ..... ..... SSSD enabled Configured /etc/openldap/ldap.conf Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring ipa.srv.world as NIS domain. Client configuration complete. The ipa-client-install command was successful
root@www:~#
vi /etc/pam.d/common-session # add to the end if need (create home dir automatically at initial login) session optional pam_oddjob_mkhomedir.so umask=0077
logout
Ubuntu 18.04.1 LTS node01.ipa.srv.world ttyS0 node01 login: redhat # IPA user Password: # password Password expired. Change your password now. # required to change password at initial login Current Password: # current password New password: # new password Retype new password: Welcome to Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-20-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage System information as of Mon Nov 26 15:12:45 JST 2018 System load: 0.06 Processes: 103 Usage of /: 7.3% of 28.45GB Users logged in: 0 Memory usage: 3% IP address for ens3: 10.0.0.51 Swap usage: 0% * MicroK8s is Kubernetes in a snap. Made by devs for devs. One quick install on a workstation, VM, or appliance. - http://bit.ly/microk8s 14 packages can be updated. 10 updates are security updates. The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Creating home directory for redhat. redhat@node01:~$ # just logined |
Sponsored Link |