FreeIPA をテンプレートにして作成
[
トップ
] [
新規
|
一覧
|
検索
|
最終更新
|
ヘルプ
|
ログイン
]
開始行:
LDAPとして[[openLDAL>LDAP]]もいいのだが、アカウント管理が...
基本 samba-active directory のようにディレクトリ管理で DN...
ですが、ここではDNSは[[dnsmasq]]、NTPは chrony に任せて基...
FreeIPAの本家様 [[https://www.freeipa.org/page/Main_Page>...
環境は RockyLinux 9.6 です. ホスト名関係は下記のようにな...
ipアドレスは [[dnsmasq]] から頂いていてホスト自身にip設定...
#code(nonumber){{
[root@freeipa ~]# cat /etc/redhat-release
Rocky Linux release 9.6 (Blue Onyx)
[root@freeipa ~]# hostname
freeipa
[root@freeipa ~]# hostname -f
freeipa.sybyl.local
[root@freeipa ~]# cat /etc/hostname
<-- 空です.
[root@freeipa ~]#
[root@freeipa ~]# echo `hostname -i` `hostname -f` `hostn...
[root@freeipa ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 lo...
::1 localhost localhost.localdomain localhost6 lo...
192.168.0.146 freeipa.sybyl.local freeipa
[root@freeipa ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search sybyl.local
nameserver 192.168.0.3
[root@freeipa ~]#
}}
***準備(ipaのインストール) [#r61975d1]
samba-adとは違ってdnfで操作するだけです.
#code(nonumber){{
[root@freeipa ~]# dnf info ipa-server
Last metadata expiration check: 0:08:18 ago on Sun 28 Sep...
Available Packages
Name : ipa-server
Version : 4.12.2
Release : 14.el9_6.3
:
[root@freeipa ~]#
[root@freeipa ~]# dnf install ipa-server -y
}}
&size(10){このインストールで LDAP の「389-ds-base」、web...
***準備(ntp, chronyの設定) [#p557799b]
chronyを有効にして時計が常に正しいようにしておきます
FreeIPA側の定義ではなく、OS側として初めから有効にしておき...
#code(nonumber){{
[root@freeipa ~]# echo "server c.sybyl.local iburst" > /e...
[root@freeipa ~]# systemctl enable chronyd --now
[root@freeipa ~]# chronyc sources
MS Name/IP address Stratum Poll Reach LastRx Last...
=========================================================...
^* c.sybyl.local 2 6 77 40 -19...
[root@freeipa ~]#
}}
***構築 [#ne1d0b06]
ほぼほぼコマンドベースのウイザード スクリプト「ipa-server...
OS側でchronyを動かして時計合わせを行っているのでオプショ...
作成するアカウントのUID/GIDはこちらで指定できるが、指定範...
っで許可されるその指定範囲の開始点は /etc/login.defs の U...
ただ、「/etc/login.defs」の値は下記のようになっていて
#code(nonumber){{
[root@freeipa ~]# grep -e "^UID_" -e "^GID_" /etc/login.d...
UID_MIN 1000
UID_MAX 60000
GID_MIN 1000
GID_MAX 60000
[root@freeipa ~]#
}}
既に既存のシステム(NFSら)が存在していて、そのUID/GIDを継...
ここではUID/GIDのMAXを1999にして2000からfreeipaの管轄とし...
なのでまずは「/etc/login.defs」を修正します.
#code(nonumber){{
[root@freeipa ~]# vi /etc/login.defs
:
UID_MAX 1999 <-- 修正
:
GID_MAX 1999 <-- 修正
:
[root@freeipa ~]#
}}
それとここではfreeipaにDNSを任せません. 別途のdnsmasqにそ...
&size(10){ただ、そうなるとDNSエントリーのdynamic updateと...
っで構築開始.
#code(nonumber){{
[root@freeipa ~]# ipa-server-install --no-ntp --idstart=2...
The log file for this installation can be found in /var/l...
=========================================================...
This program will set up the IPA Server.
Version 4.12.2
This includes:
* Configure a stand-alone CA (dogtag) for certificate m...
* Create and configure an instance of Directory Server
* Create and configure a Kerberos Key Distribution Cent...
* Configure Apache (httpd)
* Configure SID generation
* Configure the KDC to enable PKINIT
Excluded by options:
* Configure the NTP client (chronyd) ...
To accept the default shown in brackets, press the Enter ...
Do you want to configure integrated DNS (BIND)? [no]: ...
Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: master.example.com
Server host name [freeipa.sybyl.local]: ...
The domain name has been determined based on the host name.
Please confirm the domain name [sybyl.local]: ...
The kerberos protocol requires a Realm name to be defined.
This is typically the domain name converted to uppercase.
Please provide a realm name [SYBYL.LOCAL]: ...
Certain directory server operations require an administra...
This user is referred to as the Directory Manager and has...
to the Directory for system management tasks and will be ...
instance of directory server created for IPA.
The password must be at least 8 characters long.
Directory Manager password: ...
Password (confirm):
The IPA server requires an administrative user, named 'ad...
This user is a regular system account used for IPA server...
IPA admin password: ...
Password (confirm):
Trust is configured but no NetBIOS domain name found, set...
Enter the NetBIOS name for the IPA domain.
Only up to 15 uppercase ASCII letters, digits and dashes ...
Example: EXAMPLE.
NetBIOS domain name [SYBYL]: ...
The IPA Master Server will be configured with:
Hostname: freeipa.sybyl.local
IP address(es): 192.168.0.146
Domain name: sybyl.local
Realm name: SYBYL.LOCAL
The CA will be configured with:
Subject DN: CN=Certificate Authority,O=SYBYL.LOCAL
Subject base: O=SYBYL.LOCAL
Chaining: self-signed
Continue to configure the system with these values? [no]:...
The following operations may take some minutes to complete.
Please wait until the prompt is returned.
:
:
The ipa-client-install command was successful
Please add records in this file to your DNS system: /tmp/...
=========================================================...
Setup complete
Next steps:
1. You must make sure these network ports are open:
TCP Ports:
* 80, 443: HTTP/HTTPS
* 389, 636: LDAP/LDAPS
* 88, 464: kerberos
* 53: bind
UDP Ports:
* 88, 464: kerberos
* 53: bind
2. You can now obtain a kerberos ticket using the...
This ticket will allow you to use the IPA tool...
and the web user interface.
Be sure to back up the CA certificates stored in /root/ca...
These files are required to create replicas. The password...
files is the Directory Manager password
The ipa-server-install command was successful
[root@freeipa ~]#
}}
DNSの53ポートも開けろと表示されますが、DNSサービスは他の...
構築完了とともにサービスが起動します. サービス名称は「ipa...
#code(nonumber){{
[root@freeipa ~]# systemctl status ipa
● ipa.service - Identity, Policy, Audit
Loaded: loaded (/usr/lib/systemd/system/ipa.service;...
Active: active (exited) since Sun 2025-09-28 04:30:4...
Process: 27486 ExecStart=/usr/sbin/ipactl start (code...
Main PID: 27486 (code=exited, status=0/SUCCESS)
CPU: 1.377s
Sep 28 04:30:44 freeipa ipactl[27486]: Assuming stale, cl...
Sep 28 04:30:44 freeipa ipactl[27486]: ipa: INFO: The ipa...
Sep 28 04:30:44 freeipa ipactl[27486]: Starting Directory...
Sep 28 04:30:44 freeipa ipactl[27486]: Starting krb5kdc S...
Sep 28 04:30:44 freeipa ipactl[27486]: Starting kadmin Se...
Sep 28 04:30:44 freeipa ipactl[27486]: Starting httpd Ser...
Sep 28 04:30:44 freeipa ipactl[27486]: Starting ipa-custo...
Sep 28 04:30:44 freeipa ipactl[27486]: Starting pki-tomca...
Sep 28 04:30:44 freeipa ipactl[27486]: Starting ipa-otpd ...
Sep 28 04:30:45 freeipa systemd[1]: Finished Identity, Po...
[root@freeipa ~]#
}}
作った設定を破棄して作り直すなら「ipa-server-install --un...
#code(nonumber){{
[root@freeipa ~]# ipa-server-install --uninstall
}}
***adminにはUID/GIDが振られます [#xff60b44]
構築の途中でアカウント admin を作りましたが、これは「ipa ...
#code(nonumber){{
[root@freeipa ~]# kinit admin
Password for admin@SYBYL.LOCAL: <--- セットアップ時に適...
[root@freeipa ~]# ipa user-show admin --all
dn: uid=admin,cn=users,cn=accounts,dc=sybyl,dc=local
:
UID: 2000
GID: 2000
:
ipantsecurityidentifier: S-1-5-21-2990666224-254911657-...
:
[root@freeipa ~]# id admin
uid=2000(admin) gid=2000(admins) groups=2000(admins)
[root@freeipa ~]# getent passwd admin
admin:*:2000:2000:Administrator:/home/admin:/bin/bash
[root@freeipa ~]#
}}
っとアカウント admin には UID/GID が割り振られてホームデ...
&size(10){freeipaの アカウントadmin はroot(UID/GID:0/0) ...
***dnsmasqに追加のレコードを入れる [#va7f3977]
構築の途中で
「Please add records in this file to your DNS system: /tm...
その中身は下記になります.
#code(nonumber){{
_kerberos-master._tcp.sybyl.local. 3600 IN SRV 0 100 88 f...
_kerberos-master._udp.sybyl.local. 3600 IN SRV 0 100 88 f...
_kerberos._tcp.sybyl.local. 3600 IN SRV 0 100 88 freeipa....
_kerberos._udp.sybyl.local. 3600 IN SRV 0 100 88 freeipa....
_kerberos.sybyl.local. 3600 IN TXT "SYBYL.LOCAL"
_kerberos.sybyl.local. 3600 IN URI 0 100 "krb5srv:m:tcp:f...
_kerberos.sybyl.local. 3600 IN URI 0 100 "krb5srv:m:udp:f...
_kpasswd._tcp.sybyl.local. 3600 IN SRV 0 100 464 freeipa....
_kpasswd._udp.sybyl.local. 3600 IN SRV 0 100 464 freeipa....
_kpasswd.sybyl.local. 3600 IN URI 0 100 "krb5srv:m:tcp:fr...
_kpasswd.sybyl.local. 3600 IN URI 0 100 "krb5srv:m:udp:fr...
_ldap._tcp.sybyl.local. 3600 IN SRV 0 100 389 freeipa.syb...
ipa-ca.sybyl.local. 3600 IN A 192.168.0.146
}}
ここでは dnamasq を DNS として使っているので、上記レコー...
&size(10){「caa-record」対応には、dnsmasq version 2.80 以...
#code(nonumber){{
[root@c ~]# vi /etc/dnsmasq.conf
:
srv-host=_kerberos-master._tcp.sybyl.local,freeipa.sybyl....
srv-host=_kerberos-master._udp.sybyl.local,freeipa.sybyl....
srv-host=_kerberos._tcp.sybyl.local,freeipa.sybyl.local,88
srv-host=_kerberos._udp.sybyl.local,freeipa.sybyl.local,88
txt-record=_kerberos.sybyl.local,"SYBYL.LOCAL"
caa-record=_kerberos.sybyl.local,0,uri,"krb5srv:m:tcp:fre...
caa-record=_kerberos.sybyl.local,0,uri,"krb5srv:m:udp:fre...
srv-host=_kpasswd._tcp.sybyl.local,freeipa.sybyl.local,464
srv-host=_kpasswd._udp.sybyl.local,freeipa.sybyl.local,464
caa-record=_kpasswd.sybyl.local,0,uri,"krb5srv:m:tcp:free...
caa-record=_kpasswd.sybyl.local,0,uri,"krb5srv:m:udp:free...
srv-host=_ldap._tcp.sybyl.local,freeipa.sybyl.local,389
[root@c ~]# vi /etc/hosts
:
192.168.0.146 freeipa
192.168.0.146 ipa-ca
[root@c ~]# systemctl restart dnsmasq
}}
***firewallにfreeipa向けの穴を作る [#id0c4213]
最後に firewall
「/usr/lib/firewalld/services/freeipa-4.xml」にfreeipa向...
#code(nonumber){{
[root@freeipa ~]# firewall-cmd --add-service=freeipa-4 --...
[root@freeipa ~]# firewall-cmd --reload
[root@freeipa ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp6s18
sources:
services: cockpit dhcpv6-client freeipa-4 ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@freeipa ~]#
}}
以上でFreeIPAのサーバ構築は完了.
次に [[FreeIPA/account]]、[[FreeIPA/nfs]]、[[FreeIPA/clie...
終了行:
LDAPとして[[openLDAL>LDAP]]もいいのだが、アカウント管理が...
基本 samba-active directory のようにディレクトリ管理で DN...
ですが、ここではDNSは[[dnsmasq]]、NTPは chrony に任せて基...
FreeIPAの本家様 [[https://www.freeipa.org/page/Main_Page>...
環境は RockyLinux 9.6 です. ホスト名関係は下記のようにな...
ipアドレスは [[dnsmasq]] から頂いていてホスト自身にip設定...
#code(nonumber){{
[root@freeipa ~]# cat /etc/redhat-release
Rocky Linux release 9.6 (Blue Onyx)
[root@freeipa ~]# hostname
freeipa
[root@freeipa ~]# hostname -f
freeipa.sybyl.local
[root@freeipa ~]# cat /etc/hostname
<-- 空です.
[root@freeipa ~]#
[root@freeipa ~]# echo `hostname -i` `hostname -f` `hostn...
[root@freeipa ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 lo...
::1 localhost localhost.localdomain localhost6 lo...
192.168.0.146 freeipa.sybyl.local freeipa
[root@freeipa ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search sybyl.local
nameserver 192.168.0.3
[root@freeipa ~]#
}}
***準備(ipaのインストール) [#r61975d1]
samba-adとは違ってdnfで操作するだけです.
#code(nonumber){{
[root@freeipa ~]# dnf info ipa-server
Last metadata expiration check: 0:08:18 ago on Sun 28 Sep...
Available Packages
Name : ipa-server
Version : 4.12.2
Release : 14.el9_6.3
:
[root@freeipa ~]#
[root@freeipa ~]# dnf install ipa-server -y
}}
&size(10){このインストールで LDAP の「389-ds-base」、web...
***準備(ntp, chronyの設定) [#p557799b]
chronyを有効にして時計が常に正しいようにしておきます
FreeIPA側の定義ではなく、OS側として初めから有効にしておき...
#code(nonumber){{
[root@freeipa ~]# echo "server c.sybyl.local iburst" > /e...
[root@freeipa ~]# systemctl enable chronyd --now
[root@freeipa ~]# chronyc sources
MS Name/IP address Stratum Poll Reach LastRx Last...
=========================================================...
^* c.sybyl.local 2 6 77 40 -19...
[root@freeipa ~]#
}}
***構築 [#ne1d0b06]
ほぼほぼコマンドベースのウイザード スクリプト「ipa-server...
OS側でchronyを動かして時計合わせを行っているのでオプショ...
作成するアカウントのUID/GIDはこちらで指定できるが、指定範...
っで許可されるその指定範囲の開始点は /etc/login.defs の U...
ただ、「/etc/login.defs」の値は下記のようになっていて
#code(nonumber){{
[root@freeipa ~]# grep -e "^UID_" -e "^GID_" /etc/login.d...
UID_MIN 1000
UID_MAX 60000
GID_MIN 1000
GID_MAX 60000
[root@freeipa ~]#
}}
既に既存のシステム(NFSら)が存在していて、そのUID/GIDを継...
ここではUID/GIDのMAXを1999にして2000からfreeipaの管轄とし...
なのでまずは「/etc/login.defs」を修正します.
#code(nonumber){{
[root@freeipa ~]# vi /etc/login.defs
:
UID_MAX 1999 <-- 修正
:
GID_MAX 1999 <-- 修正
:
[root@freeipa ~]#
}}
それとここではfreeipaにDNSを任せません. 別途のdnsmasqにそ...
&size(10){ただ、そうなるとDNSエントリーのdynamic updateと...
っで構築開始.
#code(nonumber){{
[root@freeipa ~]# ipa-server-install --no-ntp --idstart=2...
The log file for this installation can be found in /var/l...
=========================================================...
This program will set up the IPA Server.
Version 4.12.2
This includes:
* Configure a stand-alone CA (dogtag) for certificate m...
* Create and configure an instance of Directory Server
* Create and configure a Kerberos Key Distribution Cent...
* Configure Apache (httpd)
* Configure SID generation
* Configure the KDC to enable PKINIT
Excluded by options:
* Configure the NTP client (chronyd) ...
To accept the default shown in brackets, press the Enter ...
Do you want to configure integrated DNS (BIND)? [no]: ...
Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: master.example.com
Server host name [freeipa.sybyl.local]: ...
The domain name has been determined based on the host name.
Please confirm the domain name [sybyl.local]: ...
The kerberos protocol requires a Realm name to be defined.
This is typically the domain name converted to uppercase.
Please provide a realm name [SYBYL.LOCAL]: ...
Certain directory server operations require an administra...
This user is referred to as the Directory Manager and has...
to the Directory for system management tasks and will be ...
instance of directory server created for IPA.
The password must be at least 8 characters long.
Directory Manager password: ...
Password (confirm):
The IPA server requires an administrative user, named 'ad...
This user is a regular system account used for IPA server...
IPA admin password: ...
Password (confirm):
Trust is configured but no NetBIOS domain name found, set...
Enter the NetBIOS name for the IPA domain.
Only up to 15 uppercase ASCII letters, digits and dashes ...
Example: EXAMPLE.
NetBIOS domain name [SYBYL]: ...
The IPA Master Server will be configured with:
Hostname: freeipa.sybyl.local
IP address(es): 192.168.0.146
Domain name: sybyl.local
Realm name: SYBYL.LOCAL
The CA will be configured with:
Subject DN: CN=Certificate Authority,O=SYBYL.LOCAL
Subject base: O=SYBYL.LOCAL
Chaining: self-signed
Continue to configure the system with these values? [no]:...
The following operations may take some minutes to complete.
Please wait until the prompt is returned.
:
:
The ipa-client-install command was successful
Please add records in this file to your DNS system: /tmp/...
=========================================================...
Setup complete
Next steps:
1. You must make sure these network ports are open:
TCP Ports:
* 80, 443: HTTP/HTTPS
* 389, 636: LDAP/LDAPS
* 88, 464: kerberos
* 53: bind
UDP Ports:
* 88, 464: kerberos
* 53: bind
2. You can now obtain a kerberos ticket using the...
This ticket will allow you to use the IPA tool...
and the web user interface.
Be sure to back up the CA certificates stored in /root/ca...
These files are required to create replicas. The password...
files is the Directory Manager password
The ipa-server-install command was successful
[root@freeipa ~]#
}}
DNSの53ポートも開けろと表示されますが、DNSサービスは他の...
構築完了とともにサービスが起動します. サービス名称は「ipa...
#code(nonumber){{
[root@freeipa ~]# systemctl status ipa
● ipa.service - Identity, Policy, Audit
Loaded: loaded (/usr/lib/systemd/system/ipa.service;...
Active: active (exited) since Sun 2025-09-28 04:30:4...
Process: 27486 ExecStart=/usr/sbin/ipactl start (code...
Main PID: 27486 (code=exited, status=0/SUCCESS)
CPU: 1.377s
Sep 28 04:30:44 freeipa ipactl[27486]: Assuming stale, cl...
Sep 28 04:30:44 freeipa ipactl[27486]: ipa: INFO: The ipa...
Sep 28 04:30:44 freeipa ipactl[27486]: Starting Directory...
Sep 28 04:30:44 freeipa ipactl[27486]: Starting krb5kdc S...
Sep 28 04:30:44 freeipa ipactl[27486]: Starting kadmin Se...
Sep 28 04:30:44 freeipa ipactl[27486]: Starting httpd Ser...
Sep 28 04:30:44 freeipa ipactl[27486]: Starting ipa-custo...
Sep 28 04:30:44 freeipa ipactl[27486]: Starting pki-tomca...
Sep 28 04:30:44 freeipa ipactl[27486]: Starting ipa-otpd ...
Sep 28 04:30:45 freeipa systemd[1]: Finished Identity, Po...
[root@freeipa ~]#
}}
作った設定を破棄して作り直すなら「ipa-server-install --un...
#code(nonumber){{
[root@freeipa ~]# ipa-server-install --uninstall
}}
***adminにはUID/GIDが振られます [#xff60b44]
構築の途中でアカウント admin を作りましたが、これは「ipa ...
#code(nonumber){{
[root@freeipa ~]# kinit admin
Password for admin@SYBYL.LOCAL: <--- セットアップ時に適...
[root@freeipa ~]# ipa user-show admin --all
dn: uid=admin,cn=users,cn=accounts,dc=sybyl,dc=local
:
UID: 2000
GID: 2000
:
ipantsecurityidentifier: S-1-5-21-2990666224-254911657-...
:
[root@freeipa ~]# id admin
uid=2000(admin) gid=2000(admins) groups=2000(admins)
[root@freeipa ~]# getent passwd admin
admin:*:2000:2000:Administrator:/home/admin:/bin/bash
[root@freeipa ~]#
}}
っとアカウント admin には UID/GID が割り振られてホームデ...
&size(10){freeipaの アカウントadmin はroot(UID/GID:0/0) ...
***dnsmasqに追加のレコードを入れる [#va7f3977]
構築の途中で
「Please add records in this file to your DNS system: /tm...
その中身は下記になります.
#code(nonumber){{
_kerberos-master._tcp.sybyl.local. 3600 IN SRV 0 100 88 f...
_kerberos-master._udp.sybyl.local. 3600 IN SRV 0 100 88 f...
_kerberos._tcp.sybyl.local. 3600 IN SRV 0 100 88 freeipa....
_kerberos._udp.sybyl.local. 3600 IN SRV 0 100 88 freeipa....
_kerberos.sybyl.local. 3600 IN TXT "SYBYL.LOCAL"
_kerberos.sybyl.local. 3600 IN URI 0 100 "krb5srv:m:tcp:f...
_kerberos.sybyl.local. 3600 IN URI 0 100 "krb5srv:m:udp:f...
_kpasswd._tcp.sybyl.local. 3600 IN SRV 0 100 464 freeipa....
_kpasswd._udp.sybyl.local. 3600 IN SRV 0 100 464 freeipa....
_kpasswd.sybyl.local. 3600 IN URI 0 100 "krb5srv:m:tcp:fr...
_kpasswd.sybyl.local. 3600 IN URI 0 100 "krb5srv:m:udp:fr...
_ldap._tcp.sybyl.local. 3600 IN SRV 0 100 389 freeipa.syb...
ipa-ca.sybyl.local. 3600 IN A 192.168.0.146
}}
ここでは dnamasq を DNS として使っているので、上記レコー...
&size(10){「caa-record」対応には、dnsmasq version 2.80 以...
#code(nonumber){{
[root@c ~]# vi /etc/dnsmasq.conf
:
srv-host=_kerberos-master._tcp.sybyl.local,freeipa.sybyl....
srv-host=_kerberos-master._udp.sybyl.local,freeipa.sybyl....
srv-host=_kerberos._tcp.sybyl.local,freeipa.sybyl.local,88
srv-host=_kerberos._udp.sybyl.local,freeipa.sybyl.local,88
txt-record=_kerberos.sybyl.local,"SYBYL.LOCAL"
caa-record=_kerberos.sybyl.local,0,uri,"krb5srv:m:tcp:fre...
caa-record=_kerberos.sybyl.local,0,uri,"krb5srv:m:udp:fre...
srv-host=_kpasswd._tcp.sybyl.local,freeipa.sybyl.local,464
srv-host=_kpasswd._udp.sybyl.local,freeipa.sybyl.local,464
caa-record=_kpasswd.sybyl.local,0,uri,"krb5srv:m:tcp:free...
caa-record=_kpasswd.sybyl.local,0,uri,"krb5srv:m:udp:free...
srv-host=_ldap._tcp.sybyl.local,freeipa.sybyl.local,389
[root@c ~]# vi /etc/hosts
:
192.168.0.146 freeipa
192.168.0.146 ipa-ca
[root@c ~]# systemctl restart dnsmasq
}}
***firewallにfreeipa向けの穴を作る [#id0c4213]
最後に firewall
「/usr/lib/firewalld/services/freeipa-4.xml」にfreeipa向...
#code(nonumber){{
[root@freeipa ~]# firewall-cmd --add-service=freeipa-4 --...
[root@freeipa ~]# firewall-cmd --reload
[root@freeipa ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp6s18
sources:
services: cockpit dhcpv6-client freeipa-4 ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@freeipa ~]#
}}
以上でFreeIPAのサーバ構築は完了.
次に [[FreeIPA/account]]、[[FreeIPA/nfs]]、[[FreeIPA/clie...
ページ名:
1
![[PukiWiki]](image/picc.png "[PukiWiki]")
