IPA-SERVER 설치

FreeIAP란?

 FreeIPA like Microsoft’s Active Directory, is an open source project, sponsored by Red Hat, which makes it easy to manage the identity, policy, and audit for Linux-based servers. IPA stands for Identity, Policy and Authentication.

FreeIPA

• IPA is a collection of very useful services that make IPA the Linux equivalent for Active Directory in a Microsoft environment.
• It includes LDAP, the Lightweight Directory Access Protocol, which allows users to be stored in a hierarchical or replicated database.
• It includes Kerberos, which allows for advanced authentication tickets that make sure that no passwords need to be sent in plain text to the LDAP server.
• It includes DNS, as well, which helps storing all the information that Kerberos needs in the DNS database.
• And it includes a Certificate Authority. A Certificate Authority that helps you generating PKI certificates for use with, for example, AODV mail server or an Apache web server.
• Overall, it has Tomcat. Tomcat, which is offering web access in an efficient way to manage all of these

Components

The FreeIPA project provides unified installation and management tools for the following components:

• LDAP Server - based on the 389 project
• KDC - based on MIT Kerberos implementation
• PKI based on Dogtag project
• Samba libraries for Active Directory integration
• DNS Server based on BIND and the Bind-DynDB-LDAP plugin.  

설치환경은

192.168.122.254-->서버,DNS서버

192.168.122.10  -->클라이언트

 

 

설치순서

1.서버측 /etc/hosts파일에 노드를 추가한다.

~.10=클라이언트 ~.254=서버

2.(CentOS8의 경우)idm모듈을 설치한다

idm==>모듈 DL1==>스트림

3.ipa-server-install명령으로 설치 진행

**설치를 진행하다보면 위와 같은 에러가 뜨는 경우가 있는데 이는 인터넷과 연결되어있기때문에 일어나는 에러로 뒤에 옵션으로

"--allow-zone-overlap"을 달아주면 된다.

 

4.ipa서버의 이름(호스트네임)과 케르베로스에 사용할 비밀번호를 입력한다

"[ ]"안은 엔터입력시 디폴트로 들어가는 값.

5.설치 완료후 다음의 서비스를 허용해주면 된다.

설치완료화면

 

*firewall-cmd --permanent --add-service={ntp,http,https,kerberos,ldap,ldaps,dns} --permanent

*firewall-cmd --reload

 

6.kinit admin으로 접속

웹브라우저에서의 관리화면