blob: ef12b53f4a72f5adb9a6e2a447c333bd65076dfd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
#IPA Server Guide
##Contents
* [Setup Overview] (#setup)
* [Configure Network] (#network)
* [Installing IPA Server] (#ipa-server)
* [Configuring DNS] (#dns)
* [Adding Users and Groups] (#users-groups)
<a name="setup" />
##Setup Overview
We have used a RHEL 6.4 box as IPA and DNS server. This document borrows
instructions from the following more detailed guide.
[RHEL 6 Identity Management Guide][]
<a name="network" />
## Configure network
Change hostname (FQDN) to server.rhelbox.com
> hostname "server.rhelbox.com"
Add following to */etc/sysconfig/network* file
HOSTNAME=server.rhelbox.com
Add the following to */etc/hosts* file
192.168.56.110 server.rhelbox.com server
192.168.56.101 client.rhelbox.com client
Logout and login again and verify new hostname
> hostname --fqdn
Turn off firewall
> service iptables stop
>
> chkconfig iptables off
<a name="ipa-server" />
## Installing IPA Server
Install IPA server packages and DNS dependencies
> yum install ipa-server bind bind-dyndb-ldap
Run the following interactive setup to install IPA server with DNS
> ipa-server-install --setup-dns
The IPA Master Server will be configured with:
Hostname: server.rhelbox.com
IP address: 192.168.56.110
Domain name: rhelbox.com
Realm name: RHELBOX.COM
BIND DNS server will be configured to serve IPA domain with:
Forwarders: No forwarders
Reverse zone: 56.168.192.in-addr.arpa.
The installation may take some time.
Check if IPA is installed correctly :
> kinit admin
>
> ipa user-find admin
<a name="dns" />
## Configuring DNS
Edit */etc/resolv.conf* to add this at beginning of file :
nameserver 192.168.56.110
Warning: NetworkManager changes resolv.conf on restart
Add a DNS A record and PTR record for the client under rhelbox.com zone
> ipa dnsrecord-add rhelbox.com client --a-rec=192.168.56.101 --a-create-reverse
Check if DNS resolution is working by running :
> dig server.rhelbox.com
;; ANSWER SECTION:
server.rhelbox.com. 1200 IN A 192.168.56.110
> dig client.rhelbox.com
;; ANSWER SECTION:
client.rhelbox.com. 86400 IN A 192.168.56.101
Check if reverse resolution works :
> dig -t ptr 101.56.168.192.in-addr.arpa.
;; ANSWER SECTION:
101.56.168.192.in-addr.arpa. 86400 IN PTR client.rhelbox.com.
> dig -t ptr 110.56.168.192.in-addr.arpa.
;; ANSWER SECTION:
110.56.168.192.in-addr.arpa. 86400 IN PTR server.rhelbox.com.
<a name="users-groups" />
## Adding users and groups
Create *auth_reseller_admin* user group
> ipa group-add auth_reseller_admin --desc="Full access to all Swift accounts"
Create *auth_rhs_test* user group
> ipa group-add auth_rhs_test --desc="Full access to rhs_test account"
Create user *auth_admin* user as member of *auth_reseller_admin* user group
> ipa user-add auth_admin --first=Auth --last=Admin --password
>
> ipa group-add-member auth_reseller_admin --users=auth_admin
Create user *rhs_test_admin* as member of *auth_rhs_test* user group
> ipa user-add rhs_test_admin --first=RHS --last=Admin --password
>
> ipa group-add-member auth_rhs_test --users=rhs_test_admin
Create user *jsmith* with no relevant group membership
> ipa user-add rhs_test_admin --first=RHS --last=Admin --password
You can verify users have been added by running
>ipa user-find admin
NOTE: Every user has to change password on first login.
[RHEL 6 Identity Management Guide]: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/
|