Centos 7 uzerine FreeIPA Kurulumu

Kullanilan yazilimlar:

  • Centos Linux 7.2

  • ipa-server 4.2.0

  • ipa-server-dns 4.2.0

  • bind-dyndb-ldap 8.0

  • bind 9.9.4

Kurulum Oncesi Hazirlik:

FQDN:

ipa.piesso.local

IP:

172.16.183.128/24

IPA DOMAIN:

piesso.local

IPA NETBIOS:

PIESSO

Kuruluma baslamadan once kontrol edilmesi gerekenler;

  1. Hostname

  2. /etc/hosts

  3. Statik IP

  4. Sistem update

1. Hostname:

# hostnamectl set-hostname ipa.piesso.local

2. /etc/hosts:

172.16.183.128 ipa.piesso.local ipa

3. Statik IP:

Ornek statik ip konfigurasyonu "/etc/sysconfig/network-scripts/ifcfg-xxxx"

ONBOOT= yes
BOOTPROTO= none
IPADDR= 172.16.183.128
PREFIX= 24
GATEWAY= 172.16.183.2
DNS1= 8.8.8.8
DNS2= 8.8.4.4
DEFROUTE= yes

4. Sistem update:

# yum update -y

Kurulum:

  • ipa-server, integrated dns, ad trust ve ldap back-end plugin yazilimlarinin repodan kurulmasi;

# yum install ipa-server ipa-server-dns bind-dyndb-ldap ipa-server-trust-ad
  • ipa-server kurulumu;

# ipa-server-install -a IpaAdminpassword -p IpaManagerpassword --domain=piesso.local --realm=piesso.local --setup-dns --no-forwarders -U
  • ipa-server kurulumu asagidaki sekilde basari ile biterse firewalld daemonuna gerekli port izinlerinin verilmesi;

Restarting the web server
==============================================================================
Setup complete

Next steps:
      1. You must make sure these network ports are open:
                 TCP Ports:
                   * 80, 443: HTTP/HTTPS
                   * 389, 636: LDAP/LDAPS
                   * 88, 464: kerberos
                   * 53: bind
                 UDP Ports:
                   * 88, 464: kerberos
                   * 53: bind
                   * 123: ntp
      2. You can now obtain a kerberos ticket using the command: 'kinit admin'
         This ticket will allow you to use the IPA tools (e.g., ipa user-add)
         and the web user interface.

Be sure to back up the CA certificate stored in /root/cacert.p12
This file is required to create replicas. The password for this
file is the Directory Manager password
# firewall-cmd --permanent --add-service={http,https,ldap,ldaps,kerberos,dns,kpasswd,ntp}
# firewall-cmd --reload
  • Firewall kurallarinin kontrol edilmesi;

# firewall-cmd --list-services

IPA Server ve Kerberos Ticket Testi:

  • Kerberos'tan ticket alimi;

# kinit admin
  • Ticketin basarili alinip alinmadigi kontrolu;

# klist
  • ipa-server servislerinin kontrolu;

# ipactl status
  • Hersey saglam gorunuyorsa sunucu dnslerini local adrese donusturulmesi;

/etc/resolv.conf:

search piesso.local
nameserver 127.0.0.1

Comments