Ipa-server is a complete solution for Red Hat authentication, and the upstream open source project is Freeipa, which itself does not provide specific functionality, but integrates core packages such as 389-ds, bind, and Kerberos to form a back end with 389-ds (LDAP) as the data store , Kerberos for authentication front end, bind for host identification, APACHE+TOMCAT provides a Web management interface, unified command line management interface for identity recognition system.
The host name (domain name), IP address, user name, password, and so on, are stored to read-oriented, so it is very suitable for LDAP features.
- Pre-Installation Preparation work
Set the machine name
# Hostnamectl Set-hostname ipa.example.com
Add/etc/hosts entry
# echo "192.168.136.254 ipa.example.com" >>/etc/hosts
Firewall to open the following port
Service |
Ports |
Type |
Http/https |
80, 443 |
Tcp |
Ldap/ldaps |
389, 636 |
Tcp |
Kerberos |
88, 464 |
TCP and UDP |
Dns |
53 |
TCP and UDP |
Ntp |
123 |
Udp |
# Firewall-cmd--permanent--add-port={80/tcp,443/tcp,389/tcp,636/tcp,88/tcp,464/tcp,53/tcp,88/udp,464/udp,53/udp , 123/udp}# firewall-cmd--reload
# yum Install Ipa-server ipa-server-dns Config # ipa-server-install--setup-dns--forwarder=192.168.136.2
Just answer a few questions, set two passwords, respectively, the administrator password for 389-ds and the administrator password for Kerberos. Almost all the way to the return, even if the basic configuration is finished.
Redhat Build Ipa-server