Updating nis host entries Chat con video de lesby gratuito


Configuring DNS key synchronization service (ipa-dnskeysyncd) [1/7]: checking status [2/7]: setting up bind-dyndb-ldap working directory [3/7]: setting up kerberos principal [4/7]: setting up Soft HSM [5/7]: adding DNSSEC containers [6/7]: creating replica keys [7/7]: configuring ipa-dnskeysyncd to start on boot Done configuring DNS key synchronization service (ipa-dnskeysyncd). LAN DNS Domain: ec.IPA Server: Base DN: dc=ec,dc=atl,dc=lan Skipping synchronizing time with NTP server.Restarting ipa-dnskeysyncd Restarting named Updating DNS system records Restarting the web server Configuring client side components Using existing certificate ‘/etc/ipa/ca.crt’. New SSSD config will be created Configured sudoers in /etc/Configured /etc/sssd/trying https://domain.lan/ipa/json Forwarding ‘schema’ to json server ‘https://domain.lan/ipa/json’ trying https://domain.lan/ipa/session/json Forwarding ‘ping’ to json server ‘https://domain.lan/ipa/session/json’ Forwarding ‘ca_is_enabled’ to json server ‘https://domain.lan/ipa/session/json’ Systemwide CA database updated.

updating nis host entries-65updating nis host entries-79

Updating nis host entries

button: In opened search page write network.negotiate-auth.trusted-uris and then double click to opened page and write BASE DN (.domain.lan)of our AD Domain controller and press to OK button: After that login to Free IPA server management interface(https://domain.lan): Go to the IPA server -, write there 10/8 and press to Add button. LAN DNS Domain: ec.IPA Server: Base DN: dc=ec,dc=atl,dc=lan Continue to configure the system with these values? (this is INSECURE) [no]: yes Successfully retrieved CA cert Subject: CN=Certificate Authority, O=EC.

Result must be as following: List of records: Change default shell to /bin/bash for all users: [[email protected] ~]# ipa config-mod –defaultshell=/bin/bash Maximum username length: 32 Home directory base: /home Default shell: /bin/bash Default users group: ipausers Default e-mail domain: ec.Search time limit: 2 Search size limit: 100 User search fields: uid,givenname,sn,telephonenumber,ou,title Group search fields: cn,description Enable migration mode: FALSE Certificate Subject base: O=EC. LAN Password Expiration Notification (days): 4 Password plugin features: Allow NThash SELinux user map order: guest_u:s0$xguest_u:s0$user_u:s0$staff_u:s0-s0:c0.c1023$unconfined_u:s0-s0:c0.c1023 Default SELinux user: unconfined_u:s0-s0:c0.c1023 Default PAC types: nfs: NONE, MS-PAC IPA masters: IPA CA servers: IPA NTP servers: IPA CA renewal master: To change default shell in the client machine, go to client machine and in the /etc/sssd/file change under [nss] section override_shell variable to the /bin/bash like as following: [nss] override_shell = /bin/bash Add new Cent OS7 client machine to server: [[email protected] ~]# ipa host-add centos7–password=’A123456789a’ –ip-address=10.50.3.124 –os=”Cent OS 7″ –platform=”VMware” –location=”ATL datacenter” –locality=”Narimanov” –desc=”Test Cent OS7 server” ————————————- Added host “centos7domain.lan” ————————————- Host name: centos7Description: Test Cent OS7 server Locality: Narimanov Location: ATL datacenter Platform: VMware Operating system: Cent OS 7 Password: True Keytab: False Managed by: centos7Now we must to go to the Cent OS7 Free IPA client(10.50.3.124) machine DNS servers for our Cent OS7 client machine must be as following in the /etc/file: [[email protected] ~]# cat /etc/# Generated by Network Manager search nameserver 10.50.3.126 nameserver 10.50.3.2 nameserver 10.50.3.3 Disable Selinux, add IP to /etc/hosts file, update and install needed packages and disable firewalld: [[email protected] ~]# sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g’ /etc/selinux/config [[email protected] ~]# echo “10.50.3.124 centos7centos7client” /etc/hosts [[email protected] ~]# yum update -y && yum -y install vim net-tools bind-utils [[email protected] ~]# systemctl stop firewalld; systemctl disable firewalld; reboot Install IPA client package to the Cent OS7 client machine: [[email protected] ~]# yum -y install ipa-client Connect to Free IPA server(Password we created before for this machine): [[email protected] ~]# ipa-client-install -w ‘A123456789a’ –mkhomedir Discovery was successful!

Configuring ipa-otpd [1/2]: starting ipa-otpd [2/2]: configuring ipa-otpd to start on boot Done configuring ipa-otpd.

Configuring ipa-custodia [1/5]: Generating ipa-custodia config file [2/5]: Making sure custodia container exists [3/5]: Generating ipa-custodia keys [4/5]: starting ipa-custodia [5/5]: configuring ipa-custodia to start on boot Done configuring ipa-custodia. Estimated time: 1 minute [1/21]: setting mod_nss port to 443 [2/21]: setting mod_nss cipher suite [3/21]: setting mod_nss protocol list to TLSv1.0 – TLSv1.2 [4/21]: setting mod_nss password file [5/21]: enabling mod_nss renegotiate [6/21]: adding URL rewriting rules [7/21]: configuring httpd [8/21]: configure certmonger for renewals [9/21]: setting up httpd keytab [10/21]: setting up ssl [11/21]: importing CA certificates from LDAP [12/21]: setting up browser autoconfig [13/21]: publish CA cert [14/21]: clean up any existing httpd ccache [15/21]: configuring SELinux for httpd [16/21]: create KDC proxy user [17/21]: create KDC proxy config [18/21]: enable KDC proxy [19/21]: restarting httpd [20/21]: configuring httpd to start on boot [21/21]: enabling oddjobd Done configuring the web interface (httpd).

The password for these files is the Directory Manager password After installation of the Free IPA server to the 10.50.3.126 server change the /etc/file as following: [[email protected] ~]# cat /etc/search ec.nameserver 10.50.3.2 nameserver 10.50.3.3 Or restart network service: [[email protected] ~]# systemctl restart network Configure IPA server for cross-realm trusts: [[email protected] ~]# ipa-adtrust-install –admin-password=’A123456789a’ –netbios-name=EC –add-sids –unattended The log file for this installation can be found in /var/log/============================================================================== This program will setup components needed to establish trust to AD domains for the IPA Server.