CentOS部署ipa红帽身份验证

1.先下载必须包

yum install -y ipa-server bind bind-dyndb-ldap

2.初始化ipa基本配置

ipa-server-install

* Configure a stand-alone CA (dogtag) for certificate management
  * Configure the Network Time Daemon (ntpd)
  * Create and configure an instance of Directory Server
  * Create and configure a Kerberos Key Distribution Center (KDC)
  * Configure Apache (httpd)

Do you want to configure integrated DNS (BIND)? [no]: yes

Existing BIND configuration detected, overwrite? [no]: yes

Server host name [server1.example.com]:回车

Please confirm the domain name [example.com]:回车

Please provide a realm name [EXAMPLE.COM]:

Directory Manager password:

IPA admin password:

Do you want to configure DNS forwarders? [yes]:

Enter IP address for a DNS forwarder:(填写本地DNS服务器IP)

Do you want to configure the reverse zone? [yes]:

Continue to configure the system with these values? [no]: yes

3.登录浏览器管理页面,添加用户

https://server1.example.com

4.需要登录验证的客户端(注：此服务严重依赖DNS解析，必要时修改本地/etc/resolv.conf文件)

yum install -y ipa-client

5.初始化客户端用户家目录

ipa-client-install --mkhomedir

6.也可以使用命令管理ipa

kinit admin

kinit list

等等