CentOS 7 安装FreeIPA服务器

最新推荐文章于 2024-08-06 21:09:16 发布

qaz13468559745

最新推荐文章于 2024-08-06 21:09:16 发布

阅读量2.9k

点赞数 2

本文链接：https://blog.youkuaiyun.com/qaz13468559745/article/details/90177718

版权

CentOS 7 安装FreeIPA服务器
概念：百度的 FreeIPA是一款集成的安全信息管理解决方案。FreeIPA包含Linux (Fedora),389 Directory Server MIT Kerberos, NTP, DNS, Dogtag (Certificate System)等等身份，认证和策略功能。

安装前准备
1，我们安装带有集成DNS的FreeIPA，需确保网络配置文件中的 DNS1=127.0.0.1

 vi /etc/resolv.conf   ###加入本地DNS服务器
   nameserver 127.0.0.1

2，设置hostname

 hostnamectl set-hostname ipa.kclouder.local  ###改名主机名需要和IPA名字一致

3，添加hosts条目

  echo "192.168.146.151 ipa.kclouder.local ipa" >> /etc/hosts   ###本机IP是192.168.146.151

4，关闭防火墙

systemctl stop firewalld

5，关闭selinux

setenforce 0
setenforce: SELinux is disabled

安装 FreeIPA
1，安装 bind-dyndb-ldap，通过FreeIPA管理集成的DNS

 yum install -y ipa-server ipa-server-dns bind-dyndb-ldap

2，启动Bind(DNS)服务，并设置自动启动

  systemctl start named
  systemctl enable named

3，执行以下命令开始安装FreeIPA

 ipa-server-install

安装过程

[root@ipa ~]# ipa-server-install

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will set up the IPA Server.

This includes:
  * Configure a stand-alone CA (dogtag) for certificate management
  * Configure the Network Time Daemon (ntpd)
  * Create and configure an instance of Directory Server
  * Create and configure a Kerberos Key Distribution Center (KDC)
  * Configure Apache (httpd)
  * Configure the KDC to enable PKINIT

To accept the default shown in brackets, press the Enter key.

WARNING: conflicting time&date synchronization service 'chronyd' will be disabled
in favor of ntpd

Do you want to configure integrated DNS (BIND)? [no]: yes    ### 要配置集成DNS (BIND)

Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: master.example.com.


Server host name [ipa.kclouder.local]: 主机名

Warning: skipping DNS resolution of host ipa.kclouder.local
The domain name has been determined based on the host name.

Please confirm the domain name [kclouder.local]:   ### 域名

The kerberos protocol requires a Realm name to be defined.
This is typically the domain name converted to uppercase.

Please provide a realm name [KCLOUDER.LOCAL]:  ###提供域名
Certain directory server operations require an administrative user.
Thi

最低0.47元/天解锁文章