Please execute Red Hat IDM master server configuration steps before executing below. Master server configuration steps are listed in my previous post -> Click here..
1. Login with root user and check
connectivity with master server, it must pingable from client host.
[root@localhost ~]# ping 192.168.56.101
2. Set hostname (I am
performing these steps on RHEL7, if you are performing on RHEL6 and need steps to set hostname, please check my previous post)
[root@localhost ~]# hostnamectl
set-hostname client1.example.com
[root@localhost ~]# exec bash
[root@client1 ~]# hostname
client.example.com
3. Check time of client and server, it must
be in sync :-
[root@client1 ~]# ssh 192.168.56.101 date
The authenticity of host '192.168.56.101 (192.168.56.101)' can't be established.
ECDSA key fingerprint is
f1:48:1b:9a:0c:d0:7a:7c:56:75:09:c6:50:a8:2d:5e.
Are you sure you want to continue
connecting (yes/no)? yes
Warning: Permanently added '192.168.1.102'
(ECDSA) to the list of known hosts.
Password:
Fri Dec 21 23:06:01 IST 2018
[root@client 1~]# date
Fri Dec 21 23:06:04 IST 2018
-> Time of master and client is same in my case, if it differs in your case, please change it according to master else Kerberos won't work as IPA
has lots of dependencies on Kerberos. You can use below commands for time synchronization :-
[root@client 1~]# date 1221231318
If my master
server time is - Fri Dec 21 23:13:34 IST 2018.
In command 1221231318 - 12-December,21-Date, 23-Hours, 13-Minutes, 18-Year
In command 1221231318 - 12-December,21-Date, 23-Hours, 13-Minutes, 18-Year
4. Configure yum :-
If you need steps, please check above URL, I have listed steps in IPA server
prerequisites.
Now we are good to start ipa-client
installation.
[root@client1 ~]# yum install ipa-client -y
-> If DNS is not configured you can add
master server IP in /etc/hosts and get the local DNS enabled.
[root@client1 ~]# vim /etc/hosts
192.168.1.102 master.example.com
If DNS is configured than become DNS client
using below commands
[root@client1 ~]# vim /etc/resolv.conf
RHEL6
nameserver 192.168.56.101
Save the file and restart network service.
[root@client1 ~]# service network restart
[root@client1 ~]# service NetworkManager restart
RHEL7
[root@client1
~]# nmcli connection modify enp0s3 ipv4.dns 192.168.56.101
[root@client1 ~]# nmcli connection up
enp0s3
[root@client1 ~]# nslookup
master.example.com
-> If Above command return IP address of
your DNS server then the DNS configurations are perfect and you can install
ipa-client.
[root@client1 ~]# ipa-client-install
--principal=admin --password=redhat@123 --mkhomedir
That's all the installation has been completed. Please login in IPA portal and navigate to
below, where you can see master and enrolled clients :-
Identity > Hosts >
Now let's create some user on master and
try to login with these user on client systems or I would say test if our IPA
is working or not:-
Note: - Please run below commands on master
server (master.example.com or station1.example.com)
Login in IPA on CLI :-
[root@master ~]# kinit admin
Password for admin@EXAMPLE.COM:
Check if you have logged in, if you
get below kind of output then you are logged in:-
[root@master ~]# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: admin@EXAMPLE.COM
Valid starting Expires Service principal
12/22/2018 02:33:51 12/23/2018 02:33:43 krbtgt/EXAMPLE.COM@EXAMPLE.COM
Below command is to create user on IPA server
[root@master ~]# ipa user-add - run the command and put the details as
asked (shown in below Screen shot)
How to check list of users? use below
command
[root@master ~]# ipa user-find
Note: - It is not mandatory to login in master server to add/remove/modify users, user can be added on
client systems as well using both CLI as well as GUI (web portal). Only the
thing is that you must be aware of admin credentials or you must have admin rights. Let's try to create users
on client system:-
Running below commands on client1 :-
[root@client1 ~]# klist
klist: Credentials cache keyring
'persistent:0:0' not found
[root@client1 ~]# kinit admin
Password for admin@EXAMPLE.COM:
[root@client1 ~]# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: admin@EXAMPLE.COM
Valid starting Expires Service principal
12/22/2018 02:51:37 12/23/2018 02:51:32 krbtgt/EXAMPLE.COM@EXAMPLE.COM
[root@client1 ~]# ipa user-find
bash: ipa: command not found...
If you get this error message you need to install ipa-admintools
[root@client2 ~]# yum install ipa-admintools -y
[root@client1 ~]# ipa user-find
bash: ipa: command not found...
If you get this error message you need to install ipa-admintools
[root@client2 ~]# yum install ipa-admintools -y
[root@client2 ~]# ipa user-find
[root@client1 ~]# ipa user-find rkumar
[root@client1 ~]# ipa user-find rkumar
[root@client2 ~]# ipa user-add
Do the same as shown in above screen shot and your user has been created.
Let's test if IPA is working
Try to login with rkumar user on client1 if I am able to login then we can say "Red Hat IDM deployment has been successfully completed".
[root@client2 ~]# su - rkumar
[rkumar@client2 ~]# whoami
rkumar
Also if you check /home directory you will find that rkumar user home directory has been created over there. It is quite enough evident of successful deployment of Red Hat IDM.
That's all from my side on this topic.
Red Hat Idm(Ipa) Client Side Configuration >>>>> Download Now
ReplyDelete>>>>> Download Full
Red Hat Idm(Ipa) Client Side Configuration >>>>> Download LINK
>>>>> Download Now
Red Hat Idm(Ipa) Client Side Configuration >>>>> Download Full
>>>>> Download LINK 7k