Skip to main content

Red Hat IDM(FreeIPA) client side configuration


Please execute Red Hat IDM master server configuration steps before executing below. Master server configuration steps are listed in my previous post -> Click here..

1. Login with root user and check connectivity with master server, it must pingable from client host.
[root@localhost ~]# ping 192.168.56.101

2. Set hostname (I am performing these steps on RHEL7, if you are performing on RHEL6 and need steps to set hostname, please check my previous post)
[root@localhost ~]# hostnamectl set-hostname client1.example.com
[root@localhost ~]# exec bash
[root@client1 ~]# hostname
client.example.com

3. Check time of client and server, it must be in sync :-
[root@client1 ~]# ssh 192.168.56.101 date
The authenticity of host '192.168.56.101 (192.168.56.101)' can't be established.
ECDSA key fingerprint is f1:48:1b:9a:0c:d0:7a:7c:56:75:09:c6:50:a8:2d:5e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.102' (ECDSA) to the list of known hosts.
Password:
Fri Dec 21 23:06:01 IST 2018
[root@client 1~]# date
Fri Dec 21 23:06:04 IST 2018

-> Time of master and client is same in my case, if it differs in your case, please change it according to master else Kerberos won't work as IPA has lots of dependencies on Kerberos. You can use below commands for time synchronization :-
[root@client 1~]# date 1221231318 
If my master server time is - Fri Dec 21 23:13:34 IST 2018.
In command 1221231318 - 12-December,21-Date, 23-Hours, 13-Minutes, 18-Year

4. Configure yum :-
If you need steps, please check above URL, I have listed steps in IPA server prerequisites.
Now we are good to start ipa-client installation.

[root@client1 ~]# yum install ipa-client -y

-> If DNS is not configured you can add master server IP in /etc/hosts and get the local DNS enabled.

[root@client1 ~]# vim /etc/hosts

192.168.1.102     master.example.com

If DNS is configured than become DNS client using below commands

[root@client1 ~]# vim /etc/resolv.conf 

RHEL6
nameserver       192.168.56.101
Save the file and restart network service.
[root@client1 ~]# service network restart
[root@client1 ~]# service NetworkManager restart
RHEL7
[root@client1 ~]# nmcli connection modify enp0s3 ipv4.dns 192.168.56.101
[root@client1 ~]# nmcli connection up enp0s3
[root@client1 ~]# nslookup master.example.com
-> If Above command return IP address of your DNS server then the DNS configurations are perfect and you can install ipa-client.
[root@client1 ~]# ipa-client-install --principal=admin --password=redhat@123 --mkhomedir
That's all the installation has been completed. Please login in IPA portal and navigate to below, where you can see master and enrolled clients :-
Identity > Hosts >
Now let's create some user on master and try to login with these user on client systems or I would say test if our IPA is working or not:-
Note: - Please run below commands on master server (master.example.com or station1.example.com)
Login in IPA on CLI :-
[root@master ~]# kinit admin
Password for admin@EXAMPLE.COM:
Check if you have logged in, if you get below kind of output then you are logged in:-
[root@master ~]# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: admin@EXAMPLE.COM

Valid starting       Expires              Service principal
12/22/2018 02:33:51  12/23/2018 02:33:43  krbtgt/EXAMPLE.COM@EXAMPLE.COM
Below command is to create user on IPA server
[root@master ~]# ipa user-add     - run the command and put the details as asked (shown in below Screen shot)
How to check list of users? use below command
[root@master ~]# ipa user-find
Note: - It is not mandatory to login in master server to add/remove/modify users, user can be added on client systems as well using both CLI as well as GUI (web portal). Only the thing is that you must be aware of admin credentials or you must have admin rights. Let's try to create users on client system:-
Running below commands on client1 :-
[root@client1 ~]# klist
klist: Credentials cache keyring 'persistent:0:0' not found
[root@client1 ~]# kinit admin
Password for admin@EXAMPLE.COM:
[root@client1 ~]# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: admin@EXAMPLE.COM

Valid starting       Expires              Service principal
12/22/2018 02:51:37  12/23/2018 02:51:32  krbtgt/EXAMPLE.COM@EXAMPLE.COM
[root@client1 ~]# ipa user-find
bash: ipa: command not found...
If you get this error message you need to install ipa-admintools
[root@client2 ~]# yum install ipa-admintools -y
[root@client2 ~]# ipa user-find
[root@client1 ~]# ipa user-find rkumar
[root@client2 ~]# ipa user-add
Do the same as shown in above screen shot and your user has been created.

Let's test if IPA is working
Try to login with rkumar user on client1 if I am able to login then we can say "Red Hat IDM deployment has been successfully completed".
[root@client2 ~]# su - rkumar
[rkumar@client2 ~]# whoami
rkumar
Also if you check /home directory you will find that rkumar user home directory has been created over there. It is quite enough evident of successful deployment of Red Hat IDM.

That's all from my side on this topic.

Comments

  1. Red Hat Idm(Ipa) Client Side Configuration >>>>> Download Now

    >>>>> Download Full

    Red Hat Idm(Ipa) Client Side Configuration >>>>> Download LINK

    >>>>> Download Now

    Red Hat Idm(Ipa) Client Side Configuration >>>>> Download Full

    >>>>> Download LINK 7k

    ReplyDelete

Post a Comment

Please share your experience.....

Popular posts from this blog

error: db5 error(11) from dbenv->open: Resource temporarily unavailable

If rpm command is not working in your system and it is giving an error message( error: db5 error(11) from dbenv->open: Resource temporarily unavailable ). What is the root cause of this issue? How to fix this issue?   just a single command- [root@localhost rpm]# rpm --rebuilddb Detailed error message- [root@localhost rpm]# rpm -q firefox ^Cerror: db5 error(11) from dbenv->open: Resource temporarily unavailable error: cannot open Packages index using db5 - Resource temporarily unavailable (11) error: cannot open Packages database in /var/lib/rpm ^Cerror: db5 error(11) from dbenv->open: Resource temporarily unavailable error: cannot open Packages database in /var/lib/rpm package firefox is not installed [root@localhost rpm]# RPM manage a database in which it store all information related to packages installed in our system. /var/lib/rpm, this is directory where this information is available. [root@localhost rpm]# cd /var/lib/rpm ...

Failed to get D-Bus connection: Operation not permitted

" Failed to get D-Bus connection: Operation not permitted " - systemctl command is not working in Docker container. If systemctl command is not working in your container and giving subjected error message then simple solution of this error is, create container with -- privileged option and also provide init file full path  /usr/sbin/init [root@server109 ~]# docker container run -dit --privileged --name systemctl_not_working_centos1 centos:7 /usr/sbin/init For detailed explanation and understanding I am writing more about it, please have look below. If we have a daemon based program(httpd, sshd, jenkins, docker etc.) running inside a container and we would like to start/stop or check status of daemon inside docker then it becomes difficult for us to perform such operations , because by default systemctl and service  commands don't work inside docker. Normally we run below commands to check services status in Linux systems. [root@server109 ~]# systemctl status ...

AWS cloud automation using Terraform

In this post I'll create multiple resources in AWS cloud using Terraform . Terraform is an infrastructure as code( IAC ) software which can do lots of things but it is superb in cloud automation. To use Terraform we have write code in a high-level configuration language known as Hashicorp Configuration Language , optionally we can write code in JSON as well. I'll create below service using Terraform- 1. Create the key-pair and security group which allow inbound traffic on port 80 and 22 2. Launch EC2 instance. 3. To create EC2 instance use same key and security group which created in step 1 4. Launch Volume(EBS) and mount this volume into /var/www/html directory 5. Upload index.php file and an image on GitHub repository 6. Clone GitHub repository into /var/www/html 7. Create S3 bucket, copy images from GitHub repo into it and set permission to public readable 8 Create a CloudFront use S3 bucket(which contains images) and use the CloudFront URL to update code in /var/w...