Skip to main content

Configure RedHat IDM(FreeIPA) on Rhel6 / Rhel7

In below example: -

station1.example.com - 192.168.56.101 (IPA Server or Master server, station1=master)
station2.example.com - 192.168.56.102 (IPA Client1, station2=client1)
station3.example.com - 192.168.56.103 (IPA Client2, station3=client2)
Note: - Please perform below listed steps on station1 (IPA server), before start IPA installation let's complete prerequisites-

1. Set host name: -
#hostname station1.example.com (RHEL6)
#hostnamectl set-hostname station1.example.com (RHEL7)

2. Make host name permanent: -
#vim /etc/sysconfig/network
HOSTNAME=station1.example.com
#exec bash

3. Configure yum: -
Note-I am using rhel6.4 ISO you can use any ISO of RHEL6 or RHEL7.
#vim /etc/yum.repos.d/my.repo
[my]
baseurl=file:///media/RHEL_6.4\ x86_64\ Disc\ 1
gpgcheck=0
#yum repolist
Check if yum has configured properly, your output must as below-
4. Manage DNS locally (it is not mandatory for you if you have DNS in your environment)
Add IPA server and IPA client IP address in below file: -
#vim /etc/hosts
192.168.56.101 station1.example.com
192.168.56.102 station2.example.com
#scp /etc/hosts root@192.168.56.102:/etc/hosts
If everything is fine you would be able to ping both hosts with hostname, please check before processed further
#ping station1.example.com
#ping station2.example.com

5. Check if the time of both hosts is in sync: -
#ssh root@station2.example.com date
#date
Remote system time (IPA Client) and your system (IPA server) time must in sync.
Now we are good start installation of IPA server where -
--reamlm = EXAMPLE.COM
--idstart=As per your requirement
--idmax= As per your requirement
Admin password for LDAP and Kerberos = redhat@123
#yum install ipa-server
#ipa-server-install --realm=EXAMPLE.COM --ds-password=redhat@123 --admin-password=redhat@123 --setup-dns --idstart=5000 --idmax=10000
Check by default parameters and hit enter key: -
           Server host name [station1.example.com]:
           Please confirm the domain name [example.com]:
Installation script will show these details below: -
Continue to configure the system with these values? [no]: yes
It will take around 20-25 minutes to complete the installation. If everything is correct you will see below output –
Note: - Please check the list of ports, these all must be enabled on local as well as network firewall else your IPA server won’t work.
In my environment I don’t have network firewall hence nothing to do with it and for local firewall I am disabling iptables-
# iptables -F
Else you can use below commands to enable firewall rules-
RHEL6
[root@master ~]# for port in 50 80 88 389 443 464 636; do iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport $port -j ACCEPT; done
[root@master ~]# for port in 53 88 123 464; do iptables -I INPUT 5 -p udp -m state --state NEW -m udp --dport $port -j ACCEPT; done
RHEL7
[root@master ~]# firewall-cmd --add-service=freeipa-ldap
success
[root@master ~]# firewall-cmd --add-service=freeipa-ldaps
success
[root@master ~]# firewall-cmd --add-service=freeipa-ldap --permanent
success
[root@master ~]# firewall-cmd --add-service=freeipa-ldaps --permanent
success
 [root@master ~]# firewall-cmd --add-service=dns
success
[root@master ~]# firewall-cmd --add-service=dns --permanent
success
# service iptables save
That’s all guys your IPA server is ready to access. Open your web browser and try to access below URL, you will see a certificate error as shown in below screenshot. To fix this issue you should add IPA portal URL in trusted certificates using “I Understand the Risks” option.
URL – https:// station1.example.com
Finally, you will see below login page of your Identity Management portal.
Username and Password – admin and redat@123 (given at the time of installation)
For client side configurations please follow my next post -> Click here..

Comments

  1. Listed steps are easy to implement.

    My suggestion would be please add firewall rule addition commands and most important client side configurations as well.

    ReplyDelete
    Replies
    1. Hello Mamta,
      Many thanks for valuable suggestions.
      I have added few steps to add firewall rules.
      For client side configurations, I'll post these in my next post.

      Delete
  2. For client side configuration, please follow below post. https://rakeshkumar0504.blogspot.com/2018/12/red-hat-idmfreeipa-client-side.html

    ReplyDelete
  3. Your blog is very interesting. Thank you for your sharing this post.
    DevOps Online Training

    ReplyDelete
  4. Thank a lot for this post that was very interesting. Keep posting like those amazing posts, this is really awesome :) wonderful article. Very interesting to read this article.I would like to thank you for the efforts you had made for writing this awesome article.
    oracle training in chennai

    oracle training institute in chennai

    oracle training in bangalore

    oracle training in hyderabad

    oracle training

    oracle online training

    hadoop training in chennai

    hadoop training in bangalore

    ReplyDelete

Post a Comment

Please share your experience.....

Popular posts from this blog

error: db5 error(11) from dbenv->open: Resource temporarily unavailable

If rpm command is not working in your system and it is giving an error message( error: db5 error(11) from dbenv->open: Resource temporarily unavailable ). What is the root cause of this issue? How to fix this issue?   just a single command- [root@localhost rpm]# rpm --rebuilddb Detailed error message- [root@localhost rpm]# rpm -q firefox ^Cerror: db5 error(11) from dbenv->open: Resource temporarily unavailable error: cannot open Packages index using db5 - Resource temporarily unavailable (11) error: cannot open Packages database in /var/lib/rpm ^Cerror: db5 error(11) from dbenv->open: Resource temporarily unavailable error: cannot open Packages database in /var/lib/rpm package firefox is not installed [root@localhost rpm]# RPM manage a database in which it store all information related to packages installed in our system. /var/lib/rpm, this is directory where this information is available. [root@localhost rpm]# cd /var/lib/rpm ...

Failed to get D-Bus connection: Operation not permitted

" Failed to get D-Bus connection: Operation not permitted " - systemctl command is not working in Docker container. If systemctl command is not working in your container and giving subjected error message then simple solution of this error is, create container with -- privileged option and also provide init file full path  /usr/sbin/init [root@server109 ~]# docker container run -dit --privileged --name systemctl_not_working_centos1 centos:7 /usr/sbin/init For detailed explanation and understanding I am writing more about it, please have look below. If we have a daemon based program(httpd, sshd, jenkins, docker etc.) running inside a container and we would like to start/stop or check status of daemon inside docker then it becomes difficult for us to perform such operations , because by default systemctl and service  commands don't work inside docker. Normally we run below commands to check services status in Linux systems. [root@server109 ~]# systemctl status ...

AWS cloud automation using Terraform

In this post I'll create multiple resources in AWS cloud using Terraform . Terraform is an infrastructure as code( IAC ) software which can do lots of things but it is superb in cloud automation. To use Terraform we have write code in a high-level configuration language known as Hashicorp Configuration Language , optionally we can write code in JSON as well. I'll create below service using Terraform- 1. Create the key-pair and security group which allow inbound traffic on port 80 and 22 2. Launch EC2 instance. 3. To create EC2 instance use same key and security group which created in step 1 4. Launch Volume(EBS) and mount this volume into /var/www/html directory 5. Upload index.php file and an image on GitHub repository 6. Clone GitHub repository into /var/www/html 7. Create S3 bucket, copy images from GitHub repo into it and set permission to public readable 8 Create a CloudFront use S3 bucket(which contains images) and use the CloudFront URL to update code in /var/w...