Step 3. Open Firewall ports
Now that the intial configuration is set up, lets open up the ports on the firewall and then log in.
To do this, run the following commands.
[root@ds01 ~]# for x in 80 443 389 636 88 464 53 ; do iptables -I INPUT -p tcp --dport $x -j ACCEPT ; done [root@ds01 ~]# for x in 88 464 53 123 ; do iptables -I INPUT -p udp --dport $x -j ACCEPT ; done [root@ds01 ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] [root@ds01 ~]#
Phase 2. Connecting Red Hat / Fedora based client systems to FreeIPA for central authentication.
Next, lets add a “Member” system to the FreeIPA domain. Adding a server or workstation is basically the same process, however in this example, I’ll add a client system.
What’s the difference? I hear you say, basically I will have a GUI on my client, whereas on my servers I do not. FreeIPA has a rather elegant WebUI as well as CLI options. I’ll show you both a little later.
For now, go grab another machine to install RHEL onto, however I want you to install the GUI and a browser. If you are performing a new installation, just select “Desktop” system.
Step 1. Install required packages
Once your client is installed and updated, install the following packages.
[root@workstation01 ~]# yum install -y ipa-client oddjob-mkhomedir
Step 2. Join domain
As this is a workstation, I want my user’s home drives to be automatically created on first login, as well as the DNS entry from the host to automatically update the record in IPA as I am using DHCP for my workstations.
Run the following command to joint it to the domain. You will notice I have used the IPA admin user to join the domain.
[root@workstation01 ~]# ipa-client-install --mkhomedir --enable-dns-updates Discovery was successful! Hostname: workstation01.example.com Realm: EXAMPLE.COM DNS Domain: example.com IPA Server: ds01.example.com BaseDN: dc=example,dc=com Continue to configure the system with these values? [no]: yes User authorized to enroll computers: admin Synchronizing time with KDC... Password for admin@EXAMPLE.COM: Enrolled in IPA realm EXAMPLE.COM Created /etc/ipa/default.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm EXAMPLE.COM DNS server record set to: workstation01.example.com -> 10.0.1.91 SSSD enabled NTP enabled Client configuration complete. [root@workstation01 ~]#
Great write-up!
Cool. Great work.