Differences

This shows you the differences between two versions of the page.

--- решение_freeipa [2025/12/27 14:53]
val
+++ решение_freeipa [2026/02/15 07:21] (current)
val [Отладка]
@@ Line 1: / Line 1: @@
 ====== Решение FreeIPA ======
+  * [[https://youtu.be/HjbWMi3h8r4|youtu.be Синхронизация пользователей MSAD ↔ Freeipa]]
+  * [[https://habr.com/ru/companies/astralinux/articles/806223/|Хотите присоединить Windows к домену ALD Pro (FreeIPA)? Спросите меня как]]
 ===== Установка и инициализация =====
@@ Line 24: / Line 26: @@
 <code>
 # cat /etc/docker/daemon.json
-{ "userns-remap": "default" }
+</code><code>
+{
+  "userns-remap": "default"
+}
+</code><code>
 # service docker restart
@@ Line 34: / Line 39: @@
     userns_mode: 'host'
 ...
-# ###docker run --name freeipa-server-container -ti -h ipa.example.test --read-only -v /var/lib/ipa-data:/data:Z freeipa/freeipa-server:centos-9-stream
 # ###rm -rf /opt/freeipa-data/
@@ Line 104: / Line 107: @@
 Около 20 минут
 </code>
-  * !!! не резолвит имя server (иногда :) и рекурсивные запросы из других сетей, помогает:
+==== Настройка доступа для клиентов DNS ====
 <code>
 server# cat /opt/freeipa-data/etc/named/ipa-options-ext.conf
@@ Line 129: / Line 132: @@
 <code>
 # apt update && apt install freeipa-client
-минуты
+...
+  Default Kerberos version 5 realm: CORPX.UN
+...
 # #kinit admin
@@ Line 149: / Line 154: @@
 # systemctl status sssd
+# cat /etc/resolv.conf
 [root@server ~]# ipa host-show gate|client1
@@ Line 260: / Line 266: @@
 ===== Динамический DNS =====
-  * [[https://astrid.tech/2021/04/18/0/k8s-freeipa-dns/]]
+  * [[https://astrid.tech/2021/04/18/0/k8s-freeipa-dns/|How to set up Dynamic DNS on FreeIPA for your Kubernetes Cluster]]
-  * [[https://www.ipamworldwide.com/ipam/update-policy.html]]
+  * [[https://www.ipamworldwide.com/ipam/update-policy.html|BIND update-policy option]]
 <code>
 [root@freeipa-server ~]# tsig-keygen cert-manager | tee /data/etc/named/cert-manager.key
-server.corp13.un:~# cat /opt/freeipa-data/etc/named/ipa-ext.conf
+server# cat /opt/freeipa-data/etc/named/ipa-ext.conf
 ...
 include "/data/etc/named/cert-manager.key";
@@ Line 272: / Line 278: @@
 [root@freeipa-server ~]# rndc reload
-Политика обновления BIND
+Network Service->DNS-Zone-corpX.un->Settings->BIND update policy
-...; grant cert-manager subdomain corp13.un. TXT;
+...; grant cert-manager subdomain corpX.un. TXT;
 [root@freeipa-server ~]# nsupdate -k /data/etc/named/cert-manager.key
 server 127.0.0.1
-zone corp13.un
+zone corpX.un
-update add _acme-challenge.gitlab.corp13.un. 30 IN TXT "your_txt_record_data 1"
+update add _acme-challenge.gitlab.corpX.un. 30 IN TXT "your_txt_record_data 1"
 send
 </code>
@@ Line 287: / Line 293: @@
 <code>
 [root@freeipa-server /]# find /data/var/log/ -mmin -2 -type f -ls
+server# find /opt/freeipa-data/var/log/ -mmin -2 -type f -ls
 </code>

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools