首页 > 代码库 > ipa ldap

ipa ldap

On per-vm
#systemctl stop dhcpd
#systemctl disable dhcpd

#tzselect   //time zone selection
[root@workstation ~]#yum -y install ntp
#vim /etc/ntp.conf  //#server0,1,2,3,
restrict  192.168.85.0 mask 255.255.255.0 nomodify notrap
server asia.pool.ntp.org iburst
#systemctl restart ntpd
#systemctl enable ntpd
[root@server1 ~]#vim /etc/ntp.conf
server 192.168.85.100 iburst
#ntpq -p     //Standard NTP query program
; #chrony(graphical)
   remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 192.168.85.100  .INIT.          16 u    -   64    0    0.000    0.000   0.000
#date
#timedatectl
---------------------------------------------------------------------- 
#yum -y install ipa-server ipa-server-dns bind bind-dyndb-ldap
#echo "192.168.85.100 workstation.example.com" >> /etc/hosts
#ipa-server-install --setup-dns
; The IPA Master server  will be configured with :
; Hostname:  workstation.example.com
; IP address(es): 192.168.85.100
; Domain name:  example.com
; Realm name:  EXAMPLE.COM
;
; BIND DNS server will be configured to serve IPA domain with:
; Forwarder:  8.8.8.8
; Reverse zone(s): No reverse zone
===============================================================
; Next steps:
;  1. You must make sure these network ports are open:
;  TCP Ports:
;  * 80, 443: HTTP/HTTPS
;  * 389, 636: LDAP/LDAPS
;  * 88, 464: kerberos
;  * 53: bind
;  UDP Ports:
;   * 88, 464: kerberos
;  * 53: bind
;  * 123: ntp
; 2. You can now obtain a kerberos ticket using the command: ‘kinit admin‘
;    This ticket will
#kinit admin
#klist
#ipa user-add ruiyung --firt=Yun --last=Rui --password
password:
#ipa user-find ruiyung
#ipa dnsrecord-add example.com server1 --a-rec 192.168.85.201   ????
#ipa dnsrecord-add example.com server2 --a-rec 192.168.85.202  ???? 
#ipa dnsrecord-add example.com database --a-rec 192.168.85.203  ????
MAIL-----------------------------A record
====================================================================

On server1,server2,database.
#nmcli c m "System eno16777736" ipv4.dns 192.168.85.100
#systemctl restart network
#ipa-client-install
#authconfig --enablemkhomedir --update

ipa ldap