码迷,mamicode.com
首页 > 其他好文 > 详细

ipa ldap

时间:2016-10-12 23:07:51      阅读:138      评论:0      收藏:0      [点我收藏+]

标签:enable

On per-vm
#systemctl stop dhcpd
#systemctl disable dhcpd

#tzselect   //time zone selection
[root@workstation ~]#yum -y install ntp
#vim /etc/ntp.conf  //#server0,1,2,3,
restrict  192.168.85.0 mask 255.255.255.0 nomodify notrap
server asia.pool.ntp.org iburst
#systemctl restart ntpd
#systemctl enable ntpd
[root@server1 ~]#vim /etc/ntp.conf
server 192.168.85.100 iburst
#ntpq -p     //Standard NTP query program
; #chrony(graphical)
   remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 192.168.85.100  .INIT.          16 u    -   64    0    0.000    0.000   0.000
#date
#timedatectl
---------------------------------------------------------------------- 
#yum -y install ipa-server ipa-server-dns bind bind-dyndb-ldap
#echo "192.168.85.100 workstation.example.com" >> /etc/hosts
#ipa-server-install --setup-dns
; The IPA Master server  will be configured with :
; Hostname:  workstation.example.com
; IP address(es): 192.168.85.100
; Domain name:  example.com
; Realm name:  EXAMPLE.COM
;
; BIND DNS server will be configured to serve IPA domain with:
; Forwarder:  8.8.8.8
; Reverse zone(s): No reverse zone
===============================================================
; Next steps:
;  1. You must make sure these network ports are open:
;  TCP Ports:
;  * 80, 443: HTTP/HTTPS
;  * 389, 636: LDAP/LDAPS
;  * 88, 464: kerberos
;  * 53: bind
;  UDP Ports:
;   * 88, 464: kerberos
;  * 53: bind
;  * 123: ntp
; 2. You can now obtain a kerberos ticket using the command: ‘kinit admin‘
;    This ticket will
#kinit admin
#klist
#ipa user-add ruiyung --firt=Yun --last=Rui --password
password:
#ipa user-find ruiyung
#ipa dnsrecord-add example.com server1 --a-rec 192.168.85.201   ????
#ipa dnsrecord-add example.com server2 --a-rec 192.168.85.202  ???? 
#ipa dnsrecord-add example.com database --a-rec 192.168.85.203  ????
MAIL-----------------------------A record
====================================================================

On server1,server2,database.
#nmcli c m "System eno16777736" ipv4.dns 192.168.85.100
#systemctl restart network
#ipa-client-install
#authconfig --enablemkhomedir --update

ipa ldap

标签:enable

原文地址:http://12156877.blog.51cto.com/12146877/1861268

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!