Saturday 6 April 2013

IPA installation on RHEL6

References

Instructions

• Single user mode.
chkconfig NetworkManager off; service NetworkManager stop
• chkconfig NetworkManagerDispatcher off; service NetworkManagerDispatcher stop
• Configure networking with static IP
[root@deploy network-scripts]# cat ifcfg-eth0
DEVICE=eth0
HWADDR=a1:b1:c1:d1:e1:f1
TYPE=Ethernet
UUID=aaaaaaaaaaaaaaaaaaaaaaaaa
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=none
IPADDR=192.168.122.2
NETMASK=255.255.255.0

[root@deploy network-scripts]# cat ifcfg-eth1
DEVICE=eth1
HWADDR=a2:b2:c2:d2:e2:f2
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=none
IPADDR=192.168.100.2
NETMASK=255.255.255.0

• Configure the /etc/hosts file to list the FQDN for the IdM server before any aliases. Also ensure that the hostname is not part of the localhost entry.
• Configure the default gateway in /etc/sysconfig/network
• Configure the nameserver in /etc/resolv.conf
rhn_register
yum update
yum install ipa-server bind bind-dyndb-ldap
• The follwoing is run in interactive mode so that the passwords are not entered as parameters and stored in history:
 ipa-server-install --hostname=ipa.spud.net -n spud.net -r SPUD --forwarder=8.8.8.8 --setup-dns
for p in 88 464 53 123; do iptables -A INPUT -p udp -m state --state NEW -m udp --dport $p -j ACCEPT; done
for p in 80 443 389 636 88 464 53; do iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport $p -j ACCEPT; done
service iptables save
service sshd restart
kinit admin
ipa user-find admin
• Firefox https://<ipaserver>/ -- login in as the Admin user. Add a user. Add a DNS host to the correct DNS Zone.

Output messages at the end of running the ipa-server-install command

Global DNS configuration in LDAP server is empty
You can use 'dnsconfig-mod' command to set global DNS options that
would override settings in local named.conf files

Restarting the web server
==============================================================================
Setup complete

Next steps:
1. You must make sure these network ports are open:
TCP Ports:
* 80, 443: HTTP/HTTPS
* 389, 636: LDAP/LDAPS
* 88, 464: kerberos
* 53: bind
UDP Ports:
* 88, 464: kerberos
* 53: bind
* 123: ntp

2. You can now obtain a kerberos ticket using the command: 'kinit admin'
This ticket will allow you to use the IPA tools (e.g., ipa user-add)
and the web user interface.

Be sure to back up the CA certificate stored in /root/cacert.p12
This file is required to create replicas. The password for this
file is the Directory Manager password

Posted by at No comments:
Subscribe to: Posts (Atom)