Configure FreeIPA Client
2015/11/05 |
Configure FreeIPA Client to connect to FreeIPA Server.
|
|
[1] | Add DNS entry for FreeIPA client on FreeIPA server first. |
# ipa dnsrecord-add [domain name] [record name] [record type] [record] [root@dlp ~]# ipa dnsrecord-add srv.world client01 --a-rec 10.0.0.31 Record name: client01 A record: 10.0.0.31 |
[2] | Install Client tools on FreeIPA Client Host and change DNS settings. |
[root@client01 ~]#
[root@client01 ~]# dnf -y install freeipa-client nmcli c modify eno16777736 ipv4.dns 10.0.0.30 [root@client01 ~]# nmcli c down eno16777736; nmcli c up eno16777736 |
[3] | Setup as a FreeIPA Client. Sync time with FreeIPA server before it. |
[root@client01 ~]# ipa-client-install Discovery was successful! Hostname: client01.srv.world Realm: SRV.WORLD DNS Domain: srv.world IPA Server: dlp.srv.world BaseDN: dc=srv,dc=world # confirm settings and proceed with "yes" Continue to configure the system with these values? [no]: yes # answer with admin User authorized to enroll computers: admin Synchronizing time with KDC... Unable to sync time with IPA NTP server, assuming the time is in sync. Please check that 123 UDP port is opened. Password for admin@SRV.WORLD: Successfully retrieved CA cert Subject: CN=Certificate Authority,O=SRV.WORLD Issuer: CN=Certificate Authority,O=SRV.WORLD Valid From: Thu Nov 05 07:34:55 2015 UTC Valid Until: Mon Nov 05 07:34:55 2035 UTC Enrolled in IPA realm SRV.WORLD ..... ..... SSSD enabled Configured /etc/openldap/ldap.conf Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Configuring srv.world as NIS domain. Client configuration complete. # configure mkhomedir if you need ( homedirs of users are created at inital login ) [root@client01 ~]# authconfig --enablemkhomedir --update getsebool: SELinux is disabled
logout
Fedora 23 (Server Edition) Kernel 4.2.5-300.fc23.x86_64 on an x86_64 (ttyS0) Admin Console: https://10.0.0.31:9090/ or https://[fe80::5054:ff:feae:73e1]:9090/client01 login: redhat # FreeIPA user Password: # password Password expired. Change your password now. # required to change the password when initial login Current Password: # current password New password: # new password Retype new password: [redhat@client01 ~]$ # just logined |