$ sudo ipa-server-install --allow-zone-overlap # 接下来要输入参数如下 - Do you want to configure integrated DNS (BIND)? [no]: yes - Server host name [ipa.sonnyhcl.top]: <Enter> - Please confirm the domainname [sonnyhcl.top]: <Enter> - Please provide a realm name [SONNYHCL.TOP]: <Enter> - Directory Manager password: <secure password> - Password (confirm): <secure password> - IPA adminpassword: <secure password> - Password (confirm): <secure password>
详细安装记录见附录
Ubuntu Patch
这几个都是FreeIPA在ubuntu上遇到的兼容性问题的修补方法
1 2 3 4 5
$ sudo touch /etc/krb5kdc/kadm5.acl $ sudo chmod +x /var/lib/krb5kdc $ echo "session optional pam_mkhomedir.so" | sudo tee -a /etc/pam.d/common-session $ sudo pam-auth-update # 选 create home dir when first login
To accept the default options shown in square brackets, just press Enter key
Do you want to configure integrated DNS (BIND)? [no]: yes
Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: master.example.com.
Server host name [ipa.sonnyhcl.top]: <Enter> The domain name has been determined based on the host name. Please confirm the domain name [sonnyhcl.top]: <Enter> The kerberos protocol requires a Realm name to be defined. This is typically the domain name converted to uppercase. Please provide a realm name [SONNYHCL.TOP]: <Enter> Certain directory server operations require an administrative user. This user is referred toas the Directory Manager and has full access to the Directory for system management tasks and will be added to the instance of directory server created for IPA. The password must be at least 8 characters long Directory Manager password: <secure password> Password (confirm): <secure password> The IPA server requires an administrative user, named 'admin'. This user is a regular system account used for IPA server administration.
Continueto configure the system with these values? [no]: yes
...output cut... Client configuration complete.
The ipa-client-install command was successful
Setup complete
Next steps:
1. You must make sure these network ports are open: TCP Ports: * 80, 443: HTTP/HTTPS * 389, 636: LDAP/LDAPS * 88, 464: kerberos UDP Ports: * 88, 464: kerberos * 123: ntp 2. You can now obtain a kerberos ticket using the command: 'kinit admin' This ticket will allow you to use the IPA tools (e.g., ipa user-add) and the web user interface.