[3] FreeIPA – konfiguracja klienta
5 lutego 2021Skonfigurujemy teraz klienta FreeIPA
[1] Dodaj wpis DNS na serwerze FreeIPA, w zintegrowanej usłudze DNS z serwerem FreeIPA. (Jeśli nie używasz zintegrowanej usługi DNS z serwerem FreeIPA, możesz pominąć ten krok).
# ipa dnsrecoed-add [nazwa domeny] [nazwa rekordu] [typ rekordu] [rekord]
[root@vlsr01 ~]# ipa dnsrecord-add zicher.lab vlsr02 --a-rec 192.168.100.102
Record name: vlsr02
A record: 192.168.100.102
[2] Skonfiguruj klienta NTP na kliencie-hoście w celu synchronizacji czasu z serwerem FreeIPA: [2] Konfiguracja klienta NTP
[3] Zainstaluj pakiety klienta FreeIPA.
[root@vlsr02 ~]# dnf module install idm:DL1/client
4. Skonfiguruj klienta FreeIPA
# ustaw serwery DNS na serwer FreeIPA [root@vlsr02 ~]# nmcli connection modify enp192 ipv4.dns 192.168.100.101 [root@vlsr02 ~]# nmcli connection down enp192; nmcli connection up enp192 # skonfiguruj klienta z wyspecyfikowanym serwerem FreeIPA i nazwą domeny [root@vlsr02 ~]# ipa-client-install --server=vlsr01.zicher.lab --domain zicher.lab This program will set up IPA client. Version 4.9.0 Autodiscovery of servers for failover cannot work with this configuration. If you proceed with the installation, services will be configured to always access the discovered server for all operations and will not fail over to other servers in case of failure. Proceed with fixed values and no DNS discovery? [no]: yes # wpisz YES Do you want to configure chrony with NTP server or pool address? [no]: # naciśnij ENTER Client hostname: vlsr02.zicher.lab Realm: ZICHER.LAB DNS Domain: zicher.lab IPA Server: vlsr01.zicher.lab BaseDN: dc=zicher,dc=lab Continue to configure the system with these values? [no]: yes # wpisz YES Synchronizing time No SRV records of NTP servers found and no NTP server or pool address was provided. Using default chrony configuration. Attempting to sync time with chronyc. Time synchronization was successful. User authorized to enroll computers: admin # wpisz administratora IPA Password for admin@ZICHER.LAB: # wpisz hasło Successfully retrieved CA cert Subject: CN=Certificate Authority,O=ZICHER.LAB Issuer: CN=Certificate Authority,O=ZICHER.LAB Valid From: 2021-02-05 15:38:29 Valid Until: 2041-02-05 15:38:29 Enrolled in IPA realm ZICHER.LAB Created /etc/ipa/default.conf Configured sudoers in /etc/authselect/user-nsswitch.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm ZICHER.LAB Systemwide CA database updated. Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub SSSD enabled Configured /etc/openldap/ldap.conf Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring zicher.lab as NIS domain. Client configuration complete. The ipa-client-install command was successful # ustaw jeśli potrzebujesz (tworzenie folderów domowych przy pierwszym logowaniu) [root@vlsr02 ~]# authselect enable-feature with-mkhomedir Make sure that SSSD service is configured and enabled. See SSSD documentation for more information. - with-mkhomedir is selected, make sure pam_oddjob_mkhomedir module is present and oddjobd service is enabled and active - systemctl enable --now oddjobd.service [root@vlsr02 ~]# systemctl enable --now oddjobd [root@vlsr02 ~]# exit
[5] Zaloguj się jako użytkownik, którego utworzyłeś w [2] FreeIPA – konfiguracja kont