Server Idm - Identity Manager
prerequisites :
- repository configured
- NTP synchronize
- check config DHCP/DNS
- hostname -f == hostname
- acces to webui IDM : https://idm01.idm.ad-support.local/ipa/ui/
1yum install -y ipa-server ipa-server-dns
2
3ipa-server-install \
4 --domain=example.com \
5 --realm=EXAMPLE.COM \
6 --ds-password=password \
7 --admin-password=password \
8 --hostname=classroom.example.com \
9 --ip-address=172.25.0.254 \
10 --reverse-zone=0.25.172.in-addr.arpa. \
11 --forwarder=208.67.222.222 \
12 --allow-zone-overlap \
13 --setup-dns \
14 --unattended
Client link to IDM
1yum install -y ipa-client
2
3ipa-client-install --mkhomedir --enable-dns-updates --force-ntpd -p admin@EXAMPLE.COM --password='password' --force-join -U
4
5# Test login
6echo -n 'password' | kinit admin
Script if DNS config is right for a IDM server
1sudo sh -c "cat <<EOF > ~/IdmZoneCheck.sh
2#!/bin/bash
3### IdM zone check ###
4# Check if the zone name is provided as a parameter #
5if [ -z "$1" ];
6then
7 echo -e "Provide the zone name to be checked as a parameter!\n(ex: IdmZoneCheck.sh domain.local)"
8 exit
9fi
10clear
11echo -e "### IDM / TCP ###\n\n"
12echo -e "TCP / kerberos-master (SRV)"
13dig +short _kerberos-master._tcp.$1. SRV
14echo -e "_TCP / kerberos (SRV)"
15dig +short _kerberos._tcp.$1. SRV
16echo -e "_TCP / kpasswd (SRV)"
17dig +short _kpasswd._tcp.$1. SRV
18echo -e "_TCP / ldap (SRV)"
19dig +short _ldap._tcp.$1. SRV
20echo -e "\n### IDM / UDP ###\n\n"
21echo -e "_UDP / kerberos-master (SRV)"
22dig +short _kerberos-master._udp.$1. SRV
23echo -e "_UDP / kerberos (SRV)"
24dig +short _kerberos._udp.$1. SRV
25echo -e "_UCP / kpasswd (SRV)"
26dig +short _kpasswd._udp.$1. SRV
27echo -e "\n### IDM / MSDCS DC TCP ###\n\n"
28echo -e "_MSDCS / TCP / kerberos (SRV)"
29dig +short _kerberos._tcp.dc._msdcs.$1. SRV
30echo -e "_MSDCS / TCP / ldap (SRV)"
31dig +short _ldap._tcp.dc._msdcs.$1. SRV
32echo -e "\n### IDM / MSDCS DC UDP ###\n\n"
33echo -e "_MSDCS / UDP / kerberos (SRV)"
34dig +short _kerberos._udp.dc._msdcs.$1. SRV
35echo -e "\n### IDM / REALM ###\n\n"
36echo -e "REALM (TXT)"
37dig +short _kerberos.$1. TXT
38echo -e "\n### IDM / CA ###\n\n"
39echo -e "A / ipa-ca"
40dig +short ipa-ca.$1. A
41echo -e "\n### IDM / A ###\n\n"
42echo -e "A / $HOSTNAME"
43dig +short $HOSTNAME. A
44EOF
- Script usage :
1./IdmZoneCheck.sh idm.ad-support.local
Comments