common_linux:freeipa:setup
Различия
Показаны различия между двумя версиями страницы.
| Следующая версия | Предыдущая версия | ||
| common_linux:freeipa:setup [2025/08/30 20:39] – создано root | common_linux:freeipa:setup [2025/09/02 22:42] (текущий) – [Добавление реплики] root | ||
|---|---|---|---|
| Строка 1: | Строка 1: | ||
| - | ====== Устанвока FreeIPA в Fedora 42 ====== | + | ====== Установка FreeIPA в Fedora 42 ====== |
| + | |||
| + | * Отключить репозиторий ciscobinary.openh264.org | ||
| + | <code bash> | ||
| + | sudo sed -i ' | ||
| + | sudo yum update | ||
| + | </ | ||
| + | * Установить пакеты freeipa-server | ||
| + | <code bash> | ||
| + | sudo dnf install freeipa-server freeipa-server-dns -y | ||
| + | </ | ||
| + | |||
| + | * Открыть на Firewall порты | ||
| + | <code bash> | ||
| + | #sudo yum install firewall-cmd -y | ||
| + | #sudo systemctl enable firewalld --now | ||
| + | sudo firewall-cmd --add-service={freeipa-ldap, | ||
| + | sudo firewall-cmd --reload | ||
| + | </ | ||
| + | |||
| + | * Выполнить установку Контроллера домена | ||
| + | <code bash> | ||
| + | set +o history | ||
| + | ipa-server-install --allow-zone-overlap \ | ||
| + | --ca-subject=" | ||
| + | --ca-signing-algorithm=SHA512withRSA \ | ||
| + | --hostname=dc01.sdksystems.ru \ | ||
| + | --realm=SDKSYSTEMS.RU \ | ||
| + | --domain=sdksystems.ru \ | ||
| + | --auto-reverse \ | ||
| + | --forwarder=10.10.0.1 \ | ||
| + | --no-dnssec-validation \ | ||
| + | --ntp-server=10.10.0.1 \ | ||
| + | --ntp-pool=0.ru.pool.ntp.ru \ | ||
| + | --mkhomedir \ | ||
| + | --no-hbac-allow \ | ||
| + | --no-host-dns \ | ||
| + | --setup-dns | ||
| + | set -o history | ||
| + | </ | ||
| + | <code bash> | ||
| + | ipa-acme-manage enable | ||
| + | ipa-acme-manage pruning --enable --cron "0 0 1 * *" | ||
| + | </ | ||
| + | |||
| + | < | ||
| + | Do you want to configure integrated DNS (BIND)? [no]: yes | ||
| + | Server host name [dc01.sdksystems.ru]: | ||
| + | Please confirm the domain name [sdksystems.ru]: | ||
| + | Please provide a realm name [SDKSYSTEMS.RU]: | ||
| + | Directory Manager password: | ||
| + | Password (confirm): | ||
| + | IPA admin password: | ||
| + | Password (confirm): | ||
| + | |||
| + | NetBIOS domain name [SDKSYSTEMS]: | ||
| + | Do you want to configure chrony with NTP server or pool address? [no]: yes | ||
| + | </ | ||
| + | |||
| + | |||
| + | <code bash>vi / | ||
| + | <code | download> | ||
| + | acl " | ||
| + | localnets; | ||
| + | localhost; | ||
| + | 10.0.0.0/ | ||
| + | 172.16.0.0/ | ||
| + | 192.168.0.0/ | ||
| + | }; | ||
| + | </ | ||
| + | |||
| + | |||
| + | |||
| + | <code bash>vi / | ||
| + | <code | download> | ||
| + | allow-recursion { trusted_network; | ||
| + | allow-query-cache { trusted_network; | ||
| + | </ | ||
| + | |||
| + | ipactl restart | ||
| + | |||
| + | ===== Добавление реплики ===== | ||
| + | На реплике: | ||
| + | <code bash> | ||
| + | yum install freeipa-server freeipa-server-dns -y | ||
| + | firewall-cmd --add-service={freeipa-ldap, | ||
| + | firewall-cmd --reload | ||
| + | ipa-client-install --domain=sdksystems.ru --server=dc01.sdksystems.ru | ||
| + | kinit admin | ||
| + | ipa-replica-install | ||
| + | ipa-ca-install | ||
| + | ipa-dns-install --forwarder=10.10.0.1 \ | ||
| + | --no-dnssec-validation \ | ||
| + | --allow-zone-overlap | ||
| + | |||
| + | |||
| + | |||
| + | </ | ||
common_linux/freeipa/setup.1756575576.txt.gz · Последнее изменение: 2025/08/30 20:39 — root