User Tools
решение_freeipa
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
решение_freeipa [2026/02/13 11:59] val [Установка и инициализация клиента] |
решение_freeipa [2026/03/16 14:30] (current) val [Создание ключа и сертификата для стороннего сервиса] |
||
|---|---|---|---|
| Line 225: | Line 225: | ||
| [root@freeipa-server /]# | [root@freeipa-server /]# | ||
| - | ipa dnsrecord-add corpX.un keycloak --a-rec="192.168.X.64" | + | ipa dnsrecord-add corpX.un keycloak --a-rec="192.168.X.66" |
| - | sleep 5 | + | |
| ipa host-add keycloak.corpX.un | ipa host-add keycloak.corpX.un | ||
| Line 234: | Line 233: | ||
| openssl req -new -key /data/keycloak.key -subj '/CN=keycloak.corpX.un/O=CORPX.UN' -addext 'subjectAltName=DNS:keycloak.corpX.un' -out /data/keycloak.req | openssl req -new -key /data/keycloak.key -subj '/CN=keycloak.corpX.un/O=CORPX.UN' -addext 'subjectAltName=DNS:keycloak.corpX.un' -out /data/keycloak.req | ||
| ipa cert-request /data/keycloak.req --principal=HTTP/keycloak.corpX.un --certificate-out=/data/keycloak.crt | ipa cert-request /data/keycloak.req --principal=HTTP/keycloak.corpX.un --certificate-out=/data/keycloak.crt | ||
| + | |||
| server# scp /opt/freeipa-data/keycloak.* kube1:/tmp/ | server# scp /opt/freeipa-data/keycloak.* kube1:/tmp/ | ||
| Line 260: | Line 260: | ||
| ipa dnsrecord-add corpX.un kube4 --a-rec="192.168.X.224" | ipa dnsrecord-add corpX.un kube4 --a-rec="192.168.X.224" | ||
| </code> | </code> | ||
| - | ===== Работа с LDAP ===== | ||
| - | |||
| - | * [[Авторизация с использованием LDAP сервера]] | ||
| ===== Динамический DNS ===== | ===== Динамический DNS ===== | ||
| Line 272: | Line 269: | ||
| [root@freeipa-server ~]# tsig-keygen cert-manager | tee /data/etc/named/cert-manager.key | [root@freeipa-server ~]# tsig-keygen cert-manager | tee /data/etc/named/cert-manager.key | ||
| - | server.corp13.un:~# cat /opt/freeipa-data/etc/named/ipa-ext.conf | + | server# cat /opt/freeipa-data/etc/named/ipa-ext.conf |
| ... | ... | ||
| include "/data/etc/named/cert-manager.key"; | include "/data/etc/named/cert-manager.key"; | ||
| Line 284: | Line 281: | ||
| server 127.0.0.1 | server 127.0.0.1 | ||
| zone corpX.un | zone corpX.un | ||
| - | update add _acme-challenge.gitlab.corp13.un. 30 IN TXT "your_txt_record_data 1" | + | update add _acme-challenge.gitlab.corpX.un. 30 IN TXT "your_txt_record_data 1" |
| send | send | ||
| </code> | </code> | ||
| + | ===== Работа с LDAP ===== | ||
| + | * [[Авторизация с использованием LDAP сервера]] | ||
| ===== Отладка ===== | ===== Отладка ===== | ||
| Line 293: | Line 292: | ||
| <code> | <code> | ||
| [root@freeipa-server /]# find /data/var/log/ -mmin -2 -type f -ls | [root@freeipa-server /]# find /data/var/log/ -mmin -2 -type f -ls | ||
| + | |||
| + | server# find /opt/freeipa-data/var/log/ -mmin -2 -type f -ls | ||
| </code> | </code> | ||
решение_freeipa.1770973142.txt.gz · Last modified: 2026/02/13 11:59 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
