Freeipa Rocky Installation: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| (13 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
=Hostname muss in die /etc/hosts= | =Hostname muss in die /etc/hosts= | ||
| − | *echo 172.26. | + | *echo 172.26.55.6 freeipa.lab34.int >> /etc/hosts |
| − | *echo 2a02:24d8:71:3036::6 freeipa.lab34. | + | *echo 2a02:24d8:71:3036::6 freeipa.lab34.int >> /etc/hosts |
;Test | ;Test | ||
*hostname -i | *hostname -i | ||
| − | 2a02:24d8:71: | + | 2a02:24d8:71:3037::6 172.26.55.6 |
| + | |||
| + | =Firewall anpassen= | ||
| + | *firewall-cmd --add-service=freeipa-ldap --add-service=freeipa-ldaps | ||
| + | *firewall-cmd --add-service=freeipa-ldap --add-service=freeipa-ldaps --permanent | ||
| + | =Installation= | ||
| + | *dnf install freeipa-server ipa-server-dns | ||
| + | |||
| + | =Konfiguration des Paketes= | ||
| + | *ipa-server-install | ||
| + | <pre> | ||
| + | Do you want to configure integrated DNS (BIND)? [no]: | ||
| + | Server host name [freeipa.lab34.linuggs.de]: | ||
| + | Please confirm the domain name [lab34.linuggs.de]: | ||
| + | |||
| + | Please provide a realm name [LAB34.LINUGGS.DE]: | ||
| + | Directory Manager password: | ||
| + | Password (confirm): | ||
| + | IPA admin password: | ||
| + | Password (confirm): | ||
| + | NetBIOS domain name [LAB34] | ||
| + | Do you want to configure chrony with NTP server or pool address? [no]: yes | ||
| + | NetBIOS domain name [LAB34]: | ||
| + | |||
| + | Do you want to configure chrony with NTP server or pool address? [no]: yes | ||
| + | Enter NTP source server addresses separated by comma, or press Enter to skip: | ||
| + | Enter a NTP source pool address, or press Enter to skip: | ||
| + | |||
| + | The IPA Master Server will be configured with: | ||
| + | Hostname: freeipa.lab34.linuggs.de | ||
| + | IP address(es): 172.26.54.6, 2a02:24d8:71:3036::6 | ||
| + | Domain name: lab34.linuggs.de | ||
| + | Realm name: LAB34.LINUGGS.DE | ||
| + | |||
| + | The CA will be configured with: | ||
| + | Subject DN: CN=Certificate Authority,O=LAB34.LINUGGS.DE | ||
| + | Subject base: O=LAB34.LINUGGS.DE | ||
| + | Chaining: self-signed | ||
| + | Continue to configure the system with these values? [no]: yes | ||
| + | </pre> | ||
| + | =Chrony als Zeitserver aktivieren= | ||
| + | In der der '''/etc/chrony.conf''' diese beiden Zeilen einfügen: | ||
| + | allow 172.26.52.0/22 | ||
| + | allow 2a02:24d8:71:3034::/62 | ||
| + | ;Neustart von chrony | ||
| + | *systemctl restart chronyd | ||
| + | ;Test - 123 UDP muss offen sein. | ||
| + | *ss -lnup | grep 123 | ||
| + | |||
| + | =Test= | ||
| + | *kinit admin | ||
| + | Password for admin@IPA.TEST: | ||
| + | *klist | ||
| + | Ticket cache: KCM:0 | ||
| + | Default principal: admin@LAB34.LINUGGS.DE | ||
| + | |||
| + | Valid starting Expires Service principal | ||
| + | 10/07/2024 11:00:39 10/08/2024 10:47:22 krbtgt/LAB34.LINUGGS.DE@LAB34.LINUGGS.DE | ||
| + | |||
| + | =Links= | ||
| + | *https://www.freeipa.org/page/Documentation.html | ||
Aktuelle Version vom 17. Oktober 2024, 06:08 Uhr
Hostname muss in die /etc/hosts
- echo 172.26.55.6 freeipa.lab34.int >> /etc/hosts
- echo 2a02:24d8:71:3036::6 freeipa.lab34.int >> /etc/hosts
- Test
- hostname -i
2a02:24d8:71:3037::6 172.26.55.6
Firewall anpassen
- firewall-cmd --add-service=freeipa-ldap --add-service=freeipa-ldaps
- firewall-cmd --add-service=freeipa-ldap --add-service=freeipa-ldaps --permanent
Installation
- dnf install freeipa-server ipa-server-dns
Konfiguration des Paketes
- ipa-server-install
Do you want to configure integrated DNS (BIND)? [no]: Server host name [freeipa.lab34.linuggs.de]: Please confirm the domain name [lab34.linuggs.de]: Please provide a realm name [LAB34.LINUGGS.DE]: Directory Manager password: Password (confirm): IPA admin password: Password (confirm): NetBIOS domain name [LAB34] Do you want to configure chrony with NTP server or pool address? [no]: yes NetBIOS domain name [LAB34]: Do you want to configure chrony with NTP server or pool address? [no]: yes Enter NTP source server addresses separated by comma, or press Enter to skip: Enter a NTP source pool address, or press Enter to skip: The IPA Master Server will be configured with: Hostname: freeipa.lab34.linuggs.de IP address(es): 172.26.54.6, 2a02:24d8:71:3036::6 Domain name: lab34.linuggs.de Realm name: LAB34.LINUGGS.DE The CA will be configured with: Subject DN: CN=Certificate Authority,O=LAB34.LINUGGS.DE Subject base: O=LAB34.LINUGGS.DE Chaining: self-signed Continue to configure the system with these values? [no]: yes
Chrony als Zeitserver aktivieren
In der der /etc/chrony.conf diese beiden Zeilen einfügen:
allow 172.26.52.0/22 allow 2a02:24d8:71:3034::/62
- Neustart von chrony
- systemctl restart chronyd
- Test - 123 UDP muss offen sein.
- ss -lnup | grep 123
Test
- kinit admin
Password for admin@IPA.TEST:
- klist
Ticket cache: KCM:0 Default principal: admin@LAB34.LINUGGS.DE Valid starting Expires Service principal 10/07/2024 11:00:39 10/08/2024 10:47:22 krbtgt/LAB34.LINUGGS.DE@LAB34.LINUGGS.DE