User Tools
решение_freeipa
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
решение_freeipa [2026/01/22 10:17] val [Динамический DNS] |
решение_freeipa [2026/02/15 07:21] (current) val [Отладка] |
||
|---|---|---|---|
| Line 2: | Line 2: | ||
| * [[https://youtu.be/HjbWMi3h8r4|youtu.be Синхронизация пользователей MSAD ↔ Freeipa]] | * [[https://youtu.be/HjbWMi3h8r4|youtu.be Синхронизация пользователей MSAD ↔ Freeipa]] | ||
| + | * [[https://habr.com/ru/companies/astralinux/articles/806223/|Хотите присоединить Windows к домену ALD Pro (FreeIPA)? Спросите меня как]] | ||
| ===== Установка и инициализация ===== | ===== Установка и инициализация ===== | ||
| Line 25: | Line 26: | ||
| <code> | <code> | ||
| # cat /etc/docker/daemon.json | # cat /etc/docker/daemon.json | ||
| - | { "userns-remap": "default" } | + | </code><code> |
| + | { | ||
| + | "userns-remap": "default" | ||
| + | } | ||
| + | </code><code> | ||
| # service docker restart | # service docker restart | ||
| Line 35: | Line 39: | ||
| userns_mode: 'host' | userns_mode: 'host' | ||
| ... | ... | ||
| - | |||
| - | # ###docker run --name freeipa-server-container -ti -h ipa.example.test --read-only -v /var/lib/ipa-data:/data:Z freeipa/freeipa-server:centos-9-stream | ||
| # ###rm -rf /opt/freeipa-data/ | # ###rm -rf /opt/freeipa-data/ | ||
| Line 105: | Line 107: | ||
| Около 20 минут | Около 20 минут | ||
| </code> | </code> | ||
| - | * !!! не резолвит имя server (иногда :) и рекурсивные запросы из других сетей, помогает: | + | ==== Настройка доступа для клиентов DNS ==== |
| <code> | <code> | ||
| server# cat /opt/freeipa-data/etc/named/ipa-options-ext.conf | server# cat /opt/freeipa-data/etc/named/ipa-options-ext.conf | ||
| Line 130: | Line 132: | ||
| <code> | <code> | ||
| # apt update && apt install freeipa-client | # apt update && apt install freeipa-client | ||
| - | 2 минуты | + | ... |
| + | Default Kerberos version 5 realm: CORPX.UN | ||
| + | ... | ||
| # #kinit admin | # #kinit admin | ||
| Line 150: | Line 154: | ||
| # systemctl status sssd | # systemctl status sssd | ||
| + | # cat /etc/resolv.conf | ||
| [root@server ~]# ipa host-show gate|client1 | [root@server ~]# ipa host-show gate|client1 | ||
| Line 267: | Line 272: | ||
| [root@freeipa-server ~]# tsig-keygen cert-manager | tee /data/etc/named/cert-manager.key | [root@freeipa-server ~]# tsig-keygen cert-manager | tee /data/etc/named/cert-manager.key | ||
| - | server.corp13.un:~# cat /opt/freeipa-data/etc/named/ipa-ext.conf | + | server# cat /opt/freeipa-data/etc/named/ipa-ext.conf |
| ... | ... | ||
| include "/data/etc/named/cert-manager.key"; | include "/data/etc/named/cert-manager.key"; | ||
| Line 279: | Line 284: | ||
| server 127.0.0.1 | server 127.0.0.1 | ||
| zone corpX.un | zone corpX.un | ||
| - | update add _acme-challenge.gitlab.corp13.un. 30 IN TXT "your_txt_record_data 1" | + | update add _acme-challenge.gitlab.corpX.un. 30 IN TXT "your_txt_record_data 1" |
| send | send | ||
| </code> | </code> | ||
| Line 288: | Line 293: | ||
| <code> | <code> | ||
| [root@freeipa-server /]# find /data/var/log/ -mmin -2 -type f -ls | [root@freeipa-server /]# find /data/var/log/ -mmin -2 -type f -ls | ||
| + | |||
| + | server# find /opt/freeipa-data/var/log/ -mmin -2 -type f -ls | ||
| </code> | </code> | ||
решение_freeipa.1769066239.txt.gz · Last modified: 2026/01/22 10:17 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
