This shows you the differences between two versions of the page.
Next revisionBoth sides next revision | |||
snippets:linux_quickshotsetups:ipa_server_rhel9 [2024/06/10 05:29] – created chris | snippets:linux_quickshotsetups:ipa_server_rhel9 [2024/06/10 05:40] – chris | ||
---|---|---|---|
Line 39: | Line 39: | ||
ipa user-add $USER --first Test --last User | ipa user-add $USER --first Test --last User | ||
echo " | echo " | ||
- | ldappasswd -D uid=$USER, | + | ldappasswd -D uid=$USER, |
-H ldap:// | -H ldap:// | ||
# to login using the web interface | # to login using the web interface | ||
- | yum -y install firefox xauth | + | dnf -y install firefox xauth |
- | yum -y install $(yum search xorg-x11-font|grep ^xorg-x11-font|sed -e ' | + | dnf -y install $(yum search xorg-x11-font|grep ^xorg-x11-font|sed -e ' |
# log out and log in again, to have xauth properly setup | # log out and log in again, to have xauth properly setup | ||
Line 55: | Line 55: | ||
# verify plain ldap works | # verify plain ldap works | ||
# plain admin | # plain admin | ||
- | ldapsearch -x -b dc=fluxcoil,dc=net -h $(hostname -f) -w redhat12 \ | + | ldapsearch -x -b dc=local,dc=net -h $(hostname -f) -w redhat12 \ |
- | -D uid=admin, | + | -D uid=admin, |
# plain chorn user | # plain chorn user | ||
- | ldapsearch -x -b dc=fluxcoil,dc=net -h $(hostname -f) -w redhat12 \ | + | ldapsearch -x -b dc=local,dc=net -h $(hostname -f) -w redhat12 \ |
- | -D uid=chorn, | + | -D uid=chorn, |
# TLS chorn user | # TLS chorn user | ||
- | ldapsearch -x -b dc=fluxcoil,dc=net -h $(hostname -f) -w redhat12 \ | + | ldapsearch -x -b dc=local,dc=net -h $(hostname -f) -w redhat12 \ |
- | -D uid=chorn, | + | -D uid=chorn, |
# to retrieve the cacert: | # to retrieve the cacert: | ||
- | wget http://rhel8a.fluxcoil.net/ | + | wget http://rhel9u4a.local.net/ |
# using ldapsearch | # using ldapsearch | ||
Line 80: | Line 80: | ||
chmod +x createuser.sh | chmod +x createuser.sh | ||
- | for i in $(seq 2 2000); do | + | for i in $(seq 2 20); do |
./ | ./ | ||
done | done | ||
Line 113: | Line 113: | ||
ipa user-add $USER --first Test --last User | ipa user-add $USER --first Test --last User | ||
echo " | echo " | ||
- | ldappasswd -D uid=$USER, | + | ldappasswd -D uid=$USER, |
- | </ | + | |
- | + | ||
- | ===== creating a IdM replica ===== | + | |
- | * https:// | + | |
- | * https:// | + | |
- | < | + | |
- | replica$ yum module -y enable idm:DL1 | + | |
- | replica$ yum distro-sync -y | + | |
- | replica$ yum module -y install idm: | + | |
- | + | ||
- | replica$ echo ' | + | |
- | replica$ ipa-client-install --enable-dns-updates --force | + | |
- | replica$ ipa-replica-install --setup-ca | + | |
- | + | ||
- | # verify DNS is ok | + | |
- | DOMAIN=fluxcoil.net | + | |
- | NAMESERVER=rhel8u4a.fluxcoil.net | + | |
- | for i in _ldap._tcp _kerberos._tcp _kerberos._udp \ | + | |
- | _kerberos-master._tcp _kerberos-master._udp _ntp._udp; do \ | + | |
- | echo ""; | + | |
- | dig @${NAMESERVER} ${i}.${DOMAIN} srv +nocmd +noquestion \ | + | |
- | | + | |
- | done | egrep -v " | + | |
- | + | ||
- | # ..and on clients ensure they also access the replica for DNS! | + | |
</ | </ |