IPA Server Installation Guide

By | September 12, 2018
Pre Requisites
IP Settings for IPA Server.

HOSTNAME: ipa.example.local
IP : 192.168.12.250/24
GW: 192.168.12.250
DNS: 127.0.0.1

RHCE Lab Network Diagram

rhce lab

Set hostname
# hostnamectl set-hostname ipa.example.local

Add the following to /etc/hosts, where 192.168.12.250 is the IP of our IPA server:

#vi /etc/hosts
192.168.12.250 ipa.example.local ipa
Installation:
# yum install ipa-server bind-dyndb-ldap
# ipa-server-install --setup-dns
Firewall settings
# firewall-cmd --permanent --add-service={http,https,ldap,ldaps,kerberos,dns,kpasswd,ntp}
# firewall-cmd --reload
# firewall-cmd --list-services
Obtain & list Ticket
# kinit admin
# klist
Check Server Status
# ipactl status

Content of the file /etc/resolv.conf:

#cat /etc/resolv.conf 
search example.local 
nameserver 192.168.12.250

or

#cat /etc/resolv.conf 
search example.local 
nameserver 127.0.0.1
Additional Settings
Create FTP

Create  an FTP server where we can place keytab files , certificates  , scripts etc.

# yum install -y vsftpd
# systemctl enable vsftpd && systemctl start vsftpd
# firewall-cmd --permanent --add-service=ftp
# firewall-cmd --reload

Copy the CA certificate of the IPA server to the FTP site:

# cp /root/cacert.p12 /var/ftp/pub
Create Users

Set default login shell to Bash (optional)

# ipa config-mod --defaultshell=/bin/bash

Create a couple of users with Kerberos credentials. We will use these users for our testing with Kerberos NFS/Samba

# ipa user-add asif --first=Muhammad --last=asif --password
# ipa user-add atif --first=Muhammad --last=atif --password
Configure FreeIPA Server for Kerberised NFS
# kinit admin

Create couple of NFS host machines.

ipa host-add --ip-address 192.168.12.71 system1.example.local
ipa host-add --ip-address 192.168.12.72 system2.example.local

Create the NFS service entry :

ipa service-add nfs/system1.example.local
ipa service-add nfs/system2.example.local

Add entry to the keytab file /etc/krb5.keytab:

#kadmin.local
ktadd nfs/system1.example.local
ktadd nfs/system2.example.local

quit
List keys
klist -k

Generate keys to copy over to NFS systems.

ipa-getkeytab -s ipa.example.local -p nfs/system1.example.local -k /var/ftp/pub/system1.keytab
ipa-getkeytab -s ipa.example.local -p nfs/system2.example.local -k /var/ftp/pub/system2.keytab
Set File Permissions for FTP Files
# chmod 644 /var/ftp/pub/*.keytab
Configure DNS
ipa dnszone-mod --allow-transfer=192.168.12.0/24 example.local
ipa dnsrecord-add example.local vhost1 --ttl=3600 --a-ip-address=192.168.12.71
ipa dnsrecord-add example.local vhost2 --ttl=3600 --a-ip-address=192.168.12.71
ipa dnsrecord-add example.local cgi1 --ttl=3600 --a-ip-address=192.168.12.71
ipa dnsrecord-add example.local ssl1 --ttl=3600 --a-ip-address=192.168.12.71
MX record for central mail server
ipa dnsrecord-add example.local @ --mx-rec="0 example.local."

Video Explanation

Youtube:
( Please subscribe to our channel )

 

Share This Post

2 thoughts on “IPA Server Installation Guide

Leave a Reply

Your email address will not be published. Required fields are marked *