From 373032fc97d27c79895e6114670760aa717f9f61 Mon Sep 17 00:00:00 2001 From: Prashanth Pai Date: Tue, 24 Sep 2013 11:47:50 +0530 Subject: Add documentation The following guides were added: * Setting up a RHEL 6.x IdM server with a Fedora 18 client * Setting up and configuring swiftkerbauth * Architecture of Swiftkerbauth Change-Id: I50665e584ff9513b5a20d1eda546c73c93f14638 Signed-off-by: Prashanth Pai Reviewed-on: http://review.gluster.org/6040 Reviewed-by: Luis Pabon Tested-by: Luis Pabon --- doc/ipa_server.md | 134 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 134 insertions(+) create mode 100644 doc/ipa_server.md (limited to 'doc/ipa_server.md') diff --git a/doc/ipa_server.md b/doc/ipa_server.md new file mode 100644 index 0000000..ef12b53 --- /dev/null +++ b/doc/ipa_server.md @@ -0,0 +1,134 @@ +#IPA Server Guide + +##Contents +* [Setup Overview] (#setup) +* [Configure Network] (#network) +* [Installing IPA Server] (#ipa-server) +* [Configuring DNS] (#dns) +* [Adding Users and Groups] (#users-groups) + + + +##Setup Overview +We have used a RHEL 6.4 box as IPA and DNS server. This document borrows +instructions from the following more detailed guide. +[RHEL 6 Identity Management Guide][] + + + +## Configure network + +Change hostname (FQDN) to server.rhelbox.com +> hostname "server.rhelbox.com" + +Add following to */etc/sysconfig/network* file + + HOSTNAME=server.rhelbox.com + +Add the following to */etc/hosts* file + + 192.168.56.110 server.rhelbox.com server + 192.168.56.101 client.rhelbox.com client + +Logout and login again and verify new hostname +> hostname --fqdn + +Turn off firewall +> service iptables stop +> +> chkconfig iptables off + + + +## Installing IPA Server + +Install IPA server packages and DNS dependencies +> yum install ipa-server bind bind-dyndb-ldap + +Run the following interactive setup to install IPA server with DNS +> ipa-server-install --setup-dns + + The IPA Master Server will be configured with: + Hostname: server.rhelbox.com + IP address: 192.168.56.110 + Domain name: rhelbox.com + Realm name: RHELBOX.COM + + BIND DNS server will be configured to serve IPA domain with: + Forwarders: No forwarders + Reverse zone: 56.168.192.in-addr.arpa. + +The installation may take some time. + +Check if IPA is installed correctly : +> kinit admin +> +> ipa user-find admin + + + +## Configuring DNS + +Edit */etc/resolv.conf* to add this at beginning of file : + + nameserver 192.168.56.110 + +Warning: NetworkManager changes resolv.conf on restart + +Add a DNS A record and PTR record for the client under rhelbox.com zone +> ipa dnsrecord-add rhelbox.com client --a-rec=192.168.56.101 --a-create-reverse + +Check if DNS resolution is working by running : + +> dig server.rhelbox.com + + ;; ANSWER SECTION: + server.rhelbox.com. 1200 IN A 192.168.56.110 + +> dig client.rhelbox.com + + ;; ANSWER SECTION: + client.rhelbox.com. 86400 IN A 192.168.56.101 + +Check if reverse resolution works : + +> dig -t ptr 101.56.168.192.in-addr.arpa. + + ;; ANSWER SECTION: + 101.56.168.192.in-addr.arpa. 86400 IN PTR client.rhelbox.com. + + +> dig -t ptr 110.56.168.192.in-addr.arpa. + + ;; ANSWER SECTION: + 110.56.168.192.in-addr.arpa. 86400 IN PTR server.rhelbox.com. + + + +## Adding users and groups + +Create *auth_reseller_admin* user group +> ipa group-add auth_reseller_admin --desc="Full access to all Swift accounts" + +Create *auth_rhs_test* user group +> ipa group-add auth_rhs_test --desc="Full access to rhs_test account" + +Create user *auth_admin* user as member of *auth_reseller_admin* user group +> ipa user-add auth_admin --first=Auth --last=Admin --password +> +> ipa group-add-member auth_reseller_admin --users=auth_admin + +Create user *rhs_test_admin* as member of *auth_rhs_test* user group +> ipa user-add rhs_test_admin --first=RHS --last=Admin --password +> +> ipa group-add-member auth_rhs_test --users=rhs_test_admin + +Create user *jsmith* with no relevant group membership +> ipa user-add rhs_test_admin --first=RHS --last=Admin --password + +You can verify users have been added by running +>ipa user-find admin + +NOTE: Every user has to change password on first login. + +[RHEL 6 Identity Management Guide]: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/ -- cgit