\u7b80\u4ecb<\/strong><\/div>\n
FreeIPA\u662f\u4e00\u4e2a\u96c6\u6210\u4e86Linux (Fedora)\u3001389\u76ee\u5f55\u670d\u52a1\u5668\u3001MIT Kerberos\u3001NTP\u3001DNS\u548cDogtag(\u8bc1\u4e66\u7cfb\u7edf)\u7684\u5b89\u5168\u4fe1\u606f\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u5b83\u7531web\u754c\u9762\u548c\u547d\u4ee4\u884c\u7ba1\u7406\u5de5\u5177\u7ec4\u6210\u3002<\/p>\n
FreeIPA\u662f\u9488\u5bf9Linux\/UNIX\u7f51\u7edc\u73af\u5883\u7684\u96c6\u6210\u8eab\u4efd\u548c\u8ba4\u8bc1\u89e3\u51b3\u65b9\u6848\u3002FreeIPA\u670d\u52a1\u5668\u901a\u8fc7\u5b58\u50a8\u5173\u4e8e\u7528\u6237\u3001\u7ec4\u3001\u4e3b\u673a\u548c\u5176\u4ed6\u7ba1\u7406\u8ba1\u7b97\u673a\u7f51\u7edc\u5b89\u5168\u65b9\u9762\u6240\u9700\u7684\u5bf9\u8c61\u7684\u6570\u636e\uff0c\u63d0\u4f9b\u96c6\u4e2d\u7684\u8eab\u4efd\u9a8c\u8bc1\u3001\u6388\u6743\u548c\u5e10\u6237\u4fe1\u606f\u3002<\/p>\n
FreeIPA\u6784\u5efa\u4e8e\u4f17\u6240\u5468\u77e5\u7684\u5f00\u6e90\u7ec4\u4ef6\u548c\u6807\u51c6\u534f\u8bae\u4e4b\u4e0a\uff0c\u975e\u5e38\u6ce8\u91cd\u7ba1\u7406\u7684\u7b80\u4fbf\u6027\u4ee5\u53ca\u5b89\u88c5\u548c\u914d\u7f6e\u4efb\u52a1\u7684\u81ea\u52a8\u5316\u3002<\/p>\n
\u53ef\u4ee5\u5728\u4e00\u4e2aFreeIPA\u57df\u4e2d\u8f7b\u677e\u5730\u914d\u7f6e\u591a\u4e2aFreeIPA\u670d\u52a1\u5668\uff0c\u4ee5\u63d0\u4f9b\u5197\u4f59\u548c\u53ef\u4f38\u7f29\u6027\u3002389\u76ee\u5f55\u670d\u52a1\u5668\u662f\u4e3b\u8981\u7684\u6570\u636e\u5b58\u50a8\uff0c\u5e76\u63d0\u4f9b\u4e86\u5b8c\u6574\u7684\u591a\u4e3bLDAPv3\u76ee\u5f55\u57fa\u7840\u7ed3\u6784\u3002\u5355\u70b9\u767b\u5f55\u8eab\u4efd\u9a8c\u8bc1\u662f\u901a\u8fc7MIT Kerberos KDC\u63d0\u4f9b\u7684\u3002\u57fa\u4e8eDogtag\u9879\u76ee\u7684\u96c6\u6210\u8bc1\u4e66\u9881\u53d1\u673a\u6784\u589e\u5f3a\u4e86\u8eab\u4efd\u9a8c\u8bc1\u529f\u80fd\u3002\u8fd8\u53ef\u4ee5\u4f7f\u7528\u96c6\u6210\u7684ISC\u7ed1\u5b9a\u670d\u52a1\u5668\u7ba1\u7406\u57df\u540d\u3002<\/p>\n
\u73af\u5883\u51c6\u5907<\/strong><\/div>\n
Centos7.7 \u865a\u62df\u673a\u4e24\u53f0<\/p>\n
IPA server \u7248\u672c 4.6.5<\/p>\n
\u5730\u5740\u4fe1\u606f<\/strong><\/span><\/div>\n
VM1\u4f5c\u4e3a\u670d\u52a1\u7aef<\/p>\n
VM2\u4f5c\u4e3a\u5ba2\u6237\u7aef<\/p>\n\n\n\n\n\n\n
<\/td>\n Virtual Machine 1\/VM1<\/td>\n Virtual Machine 2\/VM2<\/td>\n<\/tr>\n
IP\/Netmask<\/td>\n 192.168.43.138\/24<\/td>\n 192.168.43.139\/24<\/td>\n<\/tr>\n
Gateway<\/td>\n 192.168.43.2<\/td>\n 192.168.43.2<\/td>\n<\/tr>\n
DNS<\/td>\n 114.114.114.114<\/td>\n 114.114.114.114<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
DNS\u5730\u5740\u5148\u8bbe\u7f6e\u6210\u516c\u7f51\u5730\u5740\uff0c\u56e0\u4e3a\u9700\u8981\u4ece\u7f51\u7edc\u5b89\u88c5\u8f6f\u4ef6\u5305\u3002\u5b89\u88c5\u5b8c\u8f6f\u4ef6\u5305\u4e4b\u540e\u9700\u8981VM1\u548cVM2\u7684dns\u5730\u5740\u6539\u6210192.168.43.138\uff0c\u4e5f\u5c31\u662f\u6539\u6210VM1\u7684\u5730\u5740\u3002<\/p>\n
\u5173\u95ed\u9632\u706b\u5899<\/strong><\/span><\/div>\n
\u4e24\u53f0\u865a\u62df\u673a\u90fd\u8981\u5173\u95ed\u9632\u706b\u5899\u3002<\/p>\n
# \u5173\u95edfirewalld \u548c selinux\u8bbe\u7f6e\u6210Permissive\u6a21\u5f0f\r\n[root@localhost ~]# systemctl stop firewalld && systemctl disable firewalld && setenforce 0\r\n# \u5173\u95edselinux\r\n[root@localhost ~]# sed -i '\/^SELINUX\/s\/enforcing\/disabled\/' \/etc\/selinux\/config\r\n<\/pre>\n
\u4fee\u6539\u4e3b\u673a\u540d\u548c\u4fee\u6539\/etc\/hosts\u6587\u4ef6<\/strong><\/span><\/div>\n
VM1\u4fee\u6539\u5185\u5bb9\uff1a<\/p>\n
[root@localhost ~]# hostnamectl set-hostname server.lrxjmw.cn\r\n[root@localhost ~]# echo '192.168.43.138 server.lrxjmw.cn server\u2019 >> \/etc\/hosts\r\n[root@localhost ~]# echo \u2018192.168.43.139 client.lrxjmw.cn client' >> \/etc\/hosts\r\n<\/pre>\n
VM2\u4fee\u6539\u5185\u5bb9\uff1a<\/p>\n
[root@localhost ~]# hostnamectl set-hostname client.lrxjmw.cn\r\n[root@localhost ~]# echo '192.168.43.138 server.lrxjmw.cn server\u2019 >> \/etc\/hosts\r\n[root@localhost ~]# echo \u2018192.168.43.139 client.lrxjmw.cn client' >> \/etc\/hosts\r\n<\/pre>\n
\u5f00\u673antp\u65f6\u95f4\u540c\u6b65<\/strong><\/span><\/div>\n
\u5728VM1\u548cVM2\u4e0a\u9762\u8bbe\u7f6entp\u670d\u52a1\u5668\u5730\u5740\u4e3a ntp.aliyun.com<\/p>\n
# \u6ce8\u91ca\u6389\u81ea\u5e26\u7684\u670d\u52a1\u5668\u5730\u5740\r\n[root@localhost ~]# sed -i 's\/^server\/#&\/' \/etc\/chrony.conf\r\n# \u6dfb\u52a0ntp.aliyun.com\r\n[root@localhost ~]# echo 'server ntp.aliyun.com iburst' >> \/etc\/chrony.conf\r\n# \u91cd\u542fchronyd\u670d\u52a1\r\n[root@localhost ~]# systemctl restart chronyd\r\n# \u67e5\u770bntp\u72b6\u6001\r\n[root@localhost ~]# chronyc sources -v\r\n210 Number of sources = 1\r\n\r\n .-- Source mode '^' = server, '=' = peer, '#' = local clock.\r\n \/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,\r\n| \/ '?' = unreachable, 'x' = time may be in error, '~' = time too variable.\r\n|| .- xxxx [ yyyy ] +\/- zzzz\r\n|| Reachability register (octal) -. | xxxx = adjusted offset,\r\n|| Log2(Polling interval) --. | | yyyy = measured offset,\r\n|| \\ | | zzzz = estimated error.\r\n|| | | \\\r\nMS Name\/IP address Stratum Poll Reach LastRx Last sample \r\n===============================================================================\r\n^* 203.107.6.88 2 6 17 40 -5540us[-5762us] +\/- 16ms\r\n<\/pre>\n
\u7136\u540e\u91cd\u542f\u4e00\u4e0bVM1\u548cVM2<\/p>\n
[root@localhost ~]# reboot\r\n<\/pre>\n
\u5728VM1\u4e2d\u914d\u7f6eFreeIPA \u670d\u52a1\u7aef <\/strong><\/div>\n
\u5b89\u88c5ipa-server<\/strong><\/span><\/div>\n
[root@server ~]# yum install -y ipa-server bind bind-dyndb-ldap ipa-server-dns\r\n<\/pre>\n
\u914d\u7f6eipa-server<\/strong><\/span><\/div>\n
\u5148\u8bbe\u7f6e\u7f51\u5361dns\u5730\u5740\u4e3a\u672c\u5730\u5730\u5740\u3002
\n $\"\"$ <\/p>\n
\u7136\u540e\u914d\u7f6eipa-server<\/p>\n
[root@server ~]# ipa-server-install --setup-dns --forwarder=114.114.114.114\r\n<\/pre>\n
$\"\"$ <\/p>\n
$\"\"$ <\/p>\n
$\"\"$ <\/p>\n
# \u4e3a\u9996\u6b21\u767b\u9646\u7684\u7528\u6237\u521b\u5efa\u4e3b\u76ee\u5f55 \uff0c\u5e76\u4e14\u66f4\u65b0\u914d\u7f6e\r\n[root@server ~]# authconfig --enablemkhomedir --update\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
FreeIPA\u662f\u4e00\u4e2a\u96c6\u6210\u4e86Linux (Fedora)\u3001389\u76ee\u5f55\u670d\u52a1\u5668\u3001MIT Kerberos\u3001NTP\u3001D […]<\/p>\n","protected":false},"author":309,"featured_media":168945,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[55],"tags":[],"class_list":["post-168902","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-thread"],"acf":[],"_links":{"self":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/168902","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/users\/309"}],"replies":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/comments?post=168902"}],"version-history":[{"count":10,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/168902\/revisions"}],"predecessor-version":[{"id":168944,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/168902\/revisions\/168944"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media\/168945"}],"wp:attachment":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media?parent=168902"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/categories?post=168902"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/tags?post=168902"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}