前面介绍了IPA服务端的配置,IPA服务可以为Linux系统提供用户的集中化管理服务。下面我们看一下客户端的具体配置。
操作步骤:
(1)在另外一台主机上安装CentOS6.5操作系统,作为IPA客户端主机
(2)配置客户端网络参数(配置完成后重启系统)
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 HWADDR=00:0C:29:F4:B0:3A TYPE=Ethernet UUID=7a646205-4bcd-4c58-a425-e6e0735f9e2e ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=static IPADDR=192.168.0.200 NETMASK=255.255.255.0 DNS1=192.168.0.100 [root@localhost ~]# vim /etc/sysconfig/network NETWORKING=yes HOSTNAME=client.example.com
(3)安装软件包
[root@client ~]# yum -y install ipa-client
(4)安装客户端
[root@client ~]# ipa-client-install --mkhomedir -p admin
Discovery was successful!
Hostname: client.example.com
Realm: EXAMPLE.COM
DNS Domain: example.com
IPA Server: ipa.example.com
BaseDN: dc=example,dc=com
Continue to configure the system with these values? [no]: yes
Synchronizing time with KDC...
Password for admin@EXAMPLE.COM:
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=EXAMPLE.COM
Issuer: CN=Certificate Authority,O=EXAMPLE.COM
Valid From: Sat May 17 10:32:32 2014 UTC
Valid Until: Wed May 17 10:32:32 2034 UTC
Enrolled in IPA realm EXAMPLE.COM
Created /etc/ipa/default.conf
New SSSD config will be created
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm EXAMPLE.COM
trying https://ipa.example.com/ipa/xml
Forwarding ‘env‘ to server u‘https://ipa.example.com/ipa/xml‘
Hostname (client.example.com) not found in DNS
DNS server record set to: client.example.com -> 192.168.0.200
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Forwarding ‘host_mod‘ to server u‘https://ipa.example.com/ipa/xml‘
SSSD enabled
Configured /etc/openldap/ldap.conf
NTP enabled
/etc/ssh/ssh_config not found, skipping configuration
Configured /etc/ssh/sshd_config
Client configuration complete.到此为止,客户端配置完成。
客户端测试:
[root@client ~]# su - user01 [user01@client ~]$ id uid=1682400001(user01) gid=1682400001(user01) groups=1682400001(user01) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [user01@client ~]$ pwd /home/user01 [user01@client ~]$ su - user02 Password: [user02@client ~]$ id uid=1682400003(user02) gid=1682400003(user02) groups=1682400003(user02) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [user02@client ~]$ pwd /home/user02
本文出自 “BlackArt” 博客,请务必保留此出处http://blackart.blog.51cto.com/1142352/1413125
基于CentOS6.5进行IPA服务的搭建——客户端配置,布布扣,bubuko.com
原文地址:http://blackart.blog.51cto.com/1142352/1413125
