Fedora 29
Sponsored Link

FreeIPA : Configure FreeIPA Client
2018/11/09
 
Configure FreeIPA Client to connect to FreeIPA Server.
[1] Add DNS entry for FreeIPA client on FreeIPA server first.
(if not using FreeIPA integrated DNS, no need to add)
# ipa dnsrecord-add [domai name] [recorde name] [record type] [record]

[root@dlp ~]#
ipa dnsrecord-add ipa.srv.world client01 --a-rec 10.0.0.31

  Record name: client01
  A record: 10.0.0.31
[2]
Install NTPd on FreeIPA Client. (NTPd is required on FreeIPA, not Chrony)
[3] Install Client tools on FreeIPA Client.
[root@client01 ~]#
dnf -y install freeipa-client oddjob-mkhomedir
[4] Setup as a FreeIPA Client.
# set DNS to refer FreeIPA Server

[root@client01 ~]#
nmcli connection modify ens3 ipv4.dns 10.0.0.30

[root@client01 ~]#
nmcli connection down ens3; nmcli connection up ens3
# setup Client with specifying FreeIPA server and Domain name

[root@client01 ~]#
ipa-client-install --server=dlp.ipa.srv.world --domain ipa.srv.world

Autodiscovery of servers for failover cannot work with this configuration.
If you proceed with the installation, services will be configured to always access the discovered 
server for all operations and will not fail over to other servers in case of failure.
Proceed with fixed values and no DNS discovery? [no]: yes
Client hostname: client01.ipa.srv.world
Realm: IPA.SRV.WORLD
DNS Domain: ipa.srv.world
IPA Server: dlp.ipa.srv.world
BaseDN: dc=ipa,dc=srv,dc=world

# confirm settings and proceed with [yes]
Continue to configure the system with these values? [no]: yes
Synchronizing time with KDC...
# answer with admin
User authorized to enroll computers: admin
# admin password
Password for admin@IPA.SRV.WORLD:
Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=IPA.SRV.WORLD
    Issuer:      CN=Certificate Authority,O=IPA.SRV.WORLD
    Valid From:  2018-11-09 02:03:15
    Valid Until: 2038-11-09 02:03:15

Enrolled in IPA realm IPA.SRV.WORLD
.....
.....
SSSD enabled
Configured /etc/openldap/ldap.conf
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring ipa.srv.world as NIS domain.
Client configuration complete.
The ipa-client-install command was successful

[root@client01 ~]#
authselect select sssd with-mkhomedir

Profile "sssd" was selected.
The following nsswitch maps are overwritten by the profile:
- passwd
- group
- netgroup
- automount
- services

Make sure that SSSD service is configured and enabled. See SSSD documentation for more information.

- with-mkhomedir is selected, make sure oddjobd service is enabled
  - systemctl enable oddjobd.service
  - systemctl start oddjobd.service

[root@client01 ~]#
systemctl start oddjobd

[root@client01 ~]#
systemctl enable oddjobd
[root@client01 ~]#
logout
Fedora 29 (Server Edition)
Kernel 4.18.16-300.fc29.x86_64 on an x86_64 (ttyS0)

Web console: https://client01.ipa.srv.world:9090/ or https://10.0.0.31:9090/

client01 login: redhat    # IPA user
Password:                 # password
Password expired. Change your password now.  # required to change the password at initial login
Current Password:         # current password
New password:             # new password
Retype new password:
Creating home directory for redhat.
[redhat@client01 ~]$      # just logined
Matched Content
 
Tweet