User Tools
решение_freeipa
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
решение_freeipa [2026/02/19 15:14] val [Создание ключа и сертификата для стороннего сервиса] |
решение_freeipa [2026/06/08 11:45] (current) val [Поддержка ACME] |
||
|---|---|---|---|
| Line 106: | Line 106: | ||
| Около 20 минут | Около 20 минут | ||
| + | </code> | ||
| + | ==== Поверка после установки ==== | ||
| + | <code> | ||
| + | [root@server ~]# ipactl status | ||
| </code> | </code> | ||
| ==== Настройка доступа для клиентов DNS ==== | ==== Настройка доступа для клиентов DNS ==== | ||
| Line 112: | Line 116: | ||
| </code><code> | </code><code> | ||
| ... | ... | ||
| + | dnssec-validation no; | ||
| allow-recursion { any; }; | allow-recursion { any; }; | ||
| </code><code> | </code><code> | ||
| Line 121: | Line 126: | ||
| </code> | </code> | ||
| - | ==== Поверка после установки ==== | + | |
| - | <code> | + | |
| - | [root@server ~]# ipactl status | + | |
| - | </code> | + | |
| ===== Установка и инициализация клиента ===== | ===== Установка и инициализация клиента ===== | ||
| Line 154: | Line 156: | ||
| # systemctl status sssd | # systemctl status sssd | ||
| - | # cat /etc/resolv.conf | + | |
| + | gate# cat /etc/resolv.conf | ||
| [root@server ~]# ipa host-show gate|client1 | [root@server ~]# ipa host-show gate|client1 | ||
| Line 225: | Line 228: | ||
| [root@freeipa-server /]# | [root@freeipa-server /]# | ||
| - | ipa dnsrecord-add corpX.un keycloak --a-rec="192.168.X.64" | + | ipa dnsrecord-add corpX.un keycloak --a-rec="192.168.X.66" |
| ipa host-add keycloak.corpX.un | ipa host-add keycloak.corpX.un | ||
| Line 244: | Line 247: | ||
| <code> | <code> | ||
| [root@freeipa-server /]# | [root@freeipa-server /]# | ||
| + | |||
| + | ipa-acme-manage status | ||
| ipa-acme-manage enable | ipa-acme-manage enable | ||
| - | ipa-acme-manage status | + | cat /etc/ipa/ca.crt | base64 -w0 |
| </code> | </code> | ||
| ===== Управление DNS ===== | ===== Управление DNS ===== | ||
| Line 260: | Line 265: | ||
| ipa dnsrecord-add corpX.un kube4 --a-rec="192.168.X.224" | ipa dnsrecord-add corpX.un kube4 --a-rec="192.168.X.224" | ||
| </code> | </code> | ||
| - | ===== Работа с LDAP ===== | ||
| - | |||
| - | * [[Авторизация с использованием LDAP сервера]] | ||
| ===== Динамический DNS ===== | ===== Динамический DNS ===== | ||
| Line 272: | Line 274: | ||
| [root@freeipa-server ~]# tsig-keygen cert-manager | tee /data/etc/named/cert-manager.key | [root@freeipa-server ~]# tsig-keygen cert-manager | tee /data/etc/named/cert-manager.key | ||
| - | server# cat /opt/freeipa-data/etc/named/ipa-ext.conf | + | [root@freeipa-server ~]# echo 'include "/data/etc/named/cert-manager.key";' >> /etc/named/ipa-ext.conf |
| - | ... | + | |
| - | include "/data/etc/named/cert-manager.key"; | + | [root@freeipa-server ~]# named-checkconf -z |
| [root@freeipa-server ~]# rndc reload | [root@freeipa-server ~]# rndc reload | ||
| Line 287: | Line 289: | ||
| send | send | ||
| </code> | </code> | ||
| + | ===== Работа с LDAP ===== | ||
| + | * [[Авторизация с использованием LDAP сервера]] | ||
| ===== Отладка ===== | ===== Отладка ===== | ||
решение_freeipa.1771503284.txt.gz · Last modified: 2026/02/19 15:14 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
