Installing and configuring IPA
by Uday R. Sawant, William Leemans, Jonathan Hobson, Oliver Pelz
Linux: Powerful Server Administration
- Linux: Powerful Server Administration
- Table of Contents
- Linux: Powerful Server Administration
- Linux: Powerful Server Administration
- Credits
- Preface
- 1. Module 1
- 1. Managing Users and Groups
- 2. Networking
- Introduction
- Connecting to a network with a static IP
- Installing the DHCP server
- Installing the DNS server
- Hiding behind the proxy with squid
- Being on time with NTP
- Discussing load balancing with HAProxy
- Tuning the TCP stack
- Troubleshooting network connectivity
- Securing remote access with OpenVPN
- Securing a network with uncomplicated firewall
- Securing against brute force attacks
- Discussing Ubuntu security best practices
- 3. Working with Web Servers
- Introduction
- Installing and configuring the Apache web server
- Serving dynamic contents with PHP
- Hosting multiple websites with a virtual domain
- Securing web traffic with HTTPS
- Installing Nginx with PHP_FPM
- Setting Nginx as a reverse proxy
- Load balancing with Nginx
- Setting HTTPs on Nginx
- Benchmarking and performance tuning of Apache
- Securing the web server
- Troubleshooting the web server
- 4. Working with Mail Servers
- 5. Handling Databases
- Introduction
- Installing relational databases with MySQL
- Storing and retrieving data with MySQL
- Importing and exporting bulk data
- Adding users and assigning access rights
- Installing web access for MySQL
- Setting backups
- Optimizing MySQL performance – queries
- Optimizing MySQL performance – configuration
- Creating MySQL replicas for scaling and high availability
- Troubleshooting MySQL
- Installing MongoDB
- Storing and retrieving data with MongoDB
- 6. Network Storage
- 7. Cloud Computing
- 8. Working with Containers
- Introduction
- Installing LXD, the Linux container daemon
- Deploying your first container with LXD
- Managing LXD containers
- Managing LXD containers – advanced options
- Setting resource limits on LXD containers
- Networking with LXD
- Installing Docker
- Starting and managing Docker containers
- Creating images with a Dockerfile
- Understanding Docker volumes
- Deploying WordPress using a Docker network
- Monitoring Docker containers
- Securing Docker containers
- 9. Streaming with Ampache
- 10. Communication Server with XMPP
- 11. Git Hosting
- Introduction
- Installing Git
- Creating a local repository with Git CLI
- Storing file revisions with Git commit
- Synchronizing the repository with a remote server
- Receiving updates with Git pull
- Creating repository clones
- Installing GitLab, your own Git hosting
- Adding users to the GitLab server
- Creating a repository with GitLab
- Automating common tasks with Git hooks
- 12. Collaboration Tools
- 13. Performance Monitoring
- 14. Centralized Authentication Service
- 2. Module 2
- 1. Installing CentOS
- Introduction
- Downloading CentOS and confirming the checksum on Windows or OS X
- Creating USB installation media on Windows or OS X
- Performing an installation of CentOS using the graphical installer
- Running a netinstall over HTTP
- Installing CentOS 7 using a kickstart file
- Getting started and customising the boot loader
- Troubleshooting the system in rescue mode
- Updating the installation and enhancing the minimal install with additional administration and development tools
- 2. Configuring the System
- Introduction
- Navigating text files with less
- Introduction to Vim
- Speaking the right language
- Synchronizing the system clock with NTP and the chrony suite
- Setting your hostname and resolving the network
- Building a static network connection
- Becoming a superuser
- Customizing your system banners and messages
- Priming the kernel
- 3. Managing the System
- Introduction
- Knowing and managing your background services
- Troubleshooting background services
- Tracking system resources with journald
- Configuring journald to make it persistent
- Managing users and their groups
- Scheduling tasks with cron
- Synchronizing files and doing more with rsync
- Maintaining backups and taking snapshots
- Monitoring important server infrastructure
- Taking control with GIT and Subversion
- 4. Managing Packages with YUM
- 5. Administering the Filesystem
- 6. Providing Security
- 7. Building a Network
- 8. Working with FTP
- 9. Working with Domains
- 10. Working with Databases
- 11. Providing Mail Services
- 12. Providing Web Services
- 13. Operating System-Level Virtualization
- 14. Working with SELinux
- 15. Monitoring IT Infrastructure
- 1. Installing CentOS
- 3. Module 3
- 1. Working with KVM Guests
- 2. Deploying RHEL "En Masse"
- 3. Configuring Your Network
- 4. Configuring Your New System
- 5. Using SELinux
- 6. Orchestrating with Ansible
- 7. Puppet Configuration Management
- 8. Yum and Repositories
- 9. Securing RHEL 7
- 10. Monitoring and Performance Tuning
- Bibliography
- Index
The IPA (Identity Policy Audit) server allows you to manage your kerberos, DNS, hosts, users, sudo rules, password policies, and automounts in a central location. IPA is a combination of packages, including—but not limited to—bind, ldap, pam, and so on. It combines all of these to provide identity management for your environment.
In this recipe, I will opt for an integrated DNS setup, although it is possible to use your existing DNS infrastructure.
First, we'll install the server component, followed by what needs to be done on an IPA client.
Follow these instructions to install an IPA server:
- Install the necessary packages via the following command:
~]# yum install -y ipa-server bind bind-dyndb-ldap - When the packages are installed, invoke the
ipainstaller, as follows:~]# ipa-server-install
At this stage, you will be asked a couple of questions on how to set up your IPA server.
- Configure integrated DNS as follows:
Do you want to configure integrated DNS (BIND)? [no]: yes - Overwrite existing
/etc/resolv.confas follows:Existing BIND configuration detected, overwrite? [no]: yes - Provide the IPA server's hostname, as follows:
Server host name [localhost.localdomain]: master.example.com - Now, confirm the DNS domain name for the IPA server as follows:
Please confirm the domain name [example.com]: - Provide an IP address for the IPA server as follows:
Please provide the IP address to be used for this host name: 192.168.0.1 - Next, provide a Kerberos
realmname, as follows:Please provide a realm name [EXAMPLE.COM]: - Create the directory manager's password and confirm it as follows:
Directory Manager password: - Create the IPA manager's password and confirm it as follows:
IPA admin password: - Now, configure the DNS forwarders as follows:
Do you want to configure DNS forwarders? [yes]: no - Finally, configure the reverse DNS zones as follows:
Do you want to configure the reverse zone? [yes]: Please specify the reverse zone name [0.168.192.in-addr.arpa.]:
The installer will now provide an overview similar to the following:
The IPA Master Server will be configured with: Hostname: master.example.com IP address: 192.168.0.1 Domain name: example.com Realm name: EXAMPLE.COM BIND DNS server will be configured to serve IPA domain with: Forwarders: No forwarders Reverse zone: 0.168.192.in-addr.arpa.
- Now, confirm the information by typing "yes", as follows:
Continue to configure the system with these values? [no]: yes
At this point, you will see a lot of information scrolling on your screen, indicating what the installer is doing: installing or configuring NTP, LDAP, BIND, Kerberos, HTTP, the certificate server, and IPA-related modifications to the preceding examples.
The installation and configuration process can take a while, so be patient.
Perform these steps to install and configure the IPA client on your system:
- Install the necessary packages via the following command:
~]# yum install -y ipa-client - Ensure that the IPA server is used as a DNS server through the following:
~]# cat /etc/resolv.conf search example.com nameserver 192.168.0.1
- Invoke the IPA client configuration by running this command line:
~]# ipa-client-install --enable-dns-updates
The installer will now show an overview of the detected IPA server and ask for a user (the IPA manager) and password to register your system, as shown in the following screenshot:
Once installed, you can manage your IPA environment using the command line tool IPA or the web interface, which can be accessed by pointing your browser to your IPA master server over HTTPS. In this case, the URL is https://master.example.com.
By default, the IPA client doesn't create homedirs for new users at first login. If you want to enable this, use the --mkhomedir argument with ipa-client-install. If you happen to have forgotten about this, there's no need to reinstall the IPA client. You can just reconfigure this by executing the following command:
~]# authconfig --enablemkhomedir --update
For more in-depth information about installing and configuring your IPA server, go to https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/installing-ipa.html.
For more information about managing your IPA environment through the command line, read the ipa (1) man pages.
-
No Comment