CentOS 7
Sponsored Link

FreeIPA : Configure FreeIPA Client
2015/03/21
 
Configure FreeIPA Client to connect to FreeIPA Server.
[1] Add DNS entry for FreeIPA client on FreeIPA server first.
(if not using FreeIPA integrated DNS, no need to add)
# ipa dnsrecord-add [domai name] [recorde name] [record type] [record]

[root@dlp ~]#
ipa dnsrecord-add ipa.srv.world node01 --a-rec 10.0.0.51

  Record name: node01
  A record: 10.0.0.51
[2] Install Client tools on FreeIPA Client and also change DNS setting to bind FreeIPA Server. (replace the name [eth0] to your own environment)
[root@node01 ~]#
yum -y install ipa-client
[root@node01 ~]#
nmcli connection modify eth0 ipv4.dns 10.0.0.30

[root@node01 ~]#
nmcli connection down eth0; nmcli connection up eth0

[3] Setup as a FreeIPA Client.
[root@node01 ~]#
ipa-client-install --force-ntpd

Discovery was successful!
Client hostname: node01.srv.world
Realm: IPA.SRV.WORLD
DNS Domain: ipa.srv.world
IPA Server: dlp.ipa.srv.world
BaseDN: dc=ipa,dc=srv,dc=world

# confirm settings and proceed with [yes]
Continue to configure the system with these values? [no]: yes

Synchronizing time with KDC...
Attempting to sync time using ntpd.  Will timeout after 15 seconds
# answer with admin
User authorized to enroll computers: admin
Password for admin@IPA.SRV.WORLD:
Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=IPA.SRV.WORLD
    Issuer:      CN=Certificate Authority,O=IPA.SRV.WORLD
    Valid From:  2018-08-08 05:44:32
    Valid Until: 2038-08-08 05:44:32

Enrolled in IPA realm IPA.SRV.WORLD
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm IPA.SRV.WORLD
trying https://dlp.ipa.srv.world/ipa/json
[try 1]: Forwarding 'schema' to json server 'https://dlp.ipa.srv.world/ipa/json'
trying https://dlp.ipa.srv.world/ipa/session/json
[try 1]: Forwarding 'ping' to json server 'https://dlp.ipa.srv.world/ipa/session/json'
[try 1]: Forwarding 'ca_is_enabled' to json server 'https://dlp.ipa.srv.world/ipa/session/json'
Systemwide CA database updated.
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
[try 1]: Forwarding 'host_mod' to json server 'https://dlp.ipa.srv.world/ipa/session/json'
Could not update DNS SSHFP records.
SSSD enabled
Configured /etc/openldap/ldap.conf
NTP enabled
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring ipa.srv.world as NIS domain.
Client configuration complete.
The ipa-client-install command was successful

# set follows if you need ( create home directory automatically at initial login for each user )

[root@node01 ~]#
authconfig --enablemkhomedir --update

[root@node01 ~]#
logout

CentOS Linux 7 (Core)
Kernel 3.10.0-862.9.1.el7.x86_64 on an x86_64

node01 login: redhat     # FreeIPA user
Password:
# required to change the password at initial login
Password expired. Change your password now.
Current Password:
New password:
Retype new password:
Creating home directory for redhat.
[redhat@node01 ~]$       # just logined
Matched Content
 
Tweet