document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-03-21 02:10:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #29418 from geekpi/translating

Browse Source 
translating
This commit is contained in:
geekpi 2023-05-19 08:45:43 +08:00 committed by GitHub
commit 2a48df81f3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 190 additions and 173 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

173
sources/tech/20230416.0 ⭐️⭐️ How to Configure FreeIPA Client on Ubuntu 22.04 20.04.md
View File

@ -1,173 +0,0 @@
[#]: subject: "How to Configure FreeIPA Client on Ubuntu 22.04 / 20.04"
[#]: via: "https://www.linuxtechi.com/configure-freeipa-client-on-ubuntu/"
[#]: author: "Pradeep Kumar https://www.linuxtechi.com/author/pradeep/"
[#]: collector: "lkxed"
[#]: translator: "geekpi"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
How to Configure FreeIPA Client on Ubuntu 22.04 / 20.04
======
FreeIPA is a powerful open-source identity management system that provides centralized authentication, authorization, and accounting services. In this post, we will walk through the steps to configure FreeIPA client on Ubuntu 22.04 / 20.04. After configuring the freeipa client then we will try to login with the user created on FreeIPA server.
In our previous post, we had already discussed FreeIPA Server installation steps on RHEL8/Rokcy Linux 8/ AlmaLinux 8.
Also Read: How to Install FreeIPA Server on RHEL 8 | Rocky Linux 8 | AlmaLinux 8
##### Creating User on FreeIPA Server for Centralization Authentication
Login to your freeipa server and create a user with name “sysadm”, run the following commands
```
$ sudo kinit admin
Password for [email protected]:
$
$ sudo ipa config-mod --defaultshell=/bin/bash
$ sudo ipa user-add sysadm --first=System --last=Admin --password
Password:
Enter Password again to verify:
-------------------
Added user "sysadm"
-------------------
User login: sysadm
First name: System
Last name: Admin
Full name: System Admin
Display name: System Admin
Initials: SA
Home directory: /home/sysadm
GECOS: System Admin
Login shell: /bin/bash
Principal name: [email protected]
Principal alias: [email protected]
User password expiration: 20230415073041Z
Email address: [email protected]
UID: 464600003
GID: 464600003
Password: True
Member of groups: ipausers
Kerberos keys available: True
$
```
First command is to get Kerberoscredentials and second command to set default login shell for all users as “/bin/bash”and third command used for creating the user with name “sysadm”
### Steps to configure FreeIPA Client on Ubuntu 22.04 /20.04
Perform the following steps to configure FreeIPA client for centralize authentication.
##### 1) Add DNS record of Ubuntu System on FreeIPA Server
Login to your FreeIPA Server and run the beneath command to add dns record for FreeIPA client (i.e Ubuntu 22.04/20.04)
```
$ sudo ipa dnsrecord-add linuxtechi.lan app01.linuxtechi.lan --a-rec 192.168.1.106
  Record name: app01.linuxtechi.lan
  A record: 192.168.1.106
$
```
In the above command app01.linuxtechi.lan is my Ubuntu system with IP address 192.168.1.106.
Note: Make sure your FreeIPA Server and Clients are on the same timezone and getting the time from NTP Servers.
##### 2) Install FreeIPA client Package
Run the below command from your Ubuntu system to install freeipa-client along with the dependencies,
```
$ sudo apt install freeipa-client oddjob-mkhomedir -y
```
While installing freeipa-client, we will get following screen, Choose OK and hit enter
In the next screen, Hit enter to skip,
##### 3) Add FreeIPA Server IP & hostname in hosts file
Add below entries of your FreeIPA Server in /etc/hosts file
```
$ echo "192.168.1.102 ipa.linuxtechi.lan ipa" | sudo tee -a /etc/hosts
$ echo "192.168.1.106 app01.linuxtechi.lan app01" | sudo tee -a /etc/hosts
```
Change IP address and hostname that suits to your setup.
##### 4) Configure FreeIPA client using ipa-client-install
Now run following “ipa-client-install” command to configure freeipa-client on your Ubuntu system,
```
$ sudo ipa-client-install --hostname=`hostname -f` --mkhomedir --server=ipa.linuxtechi.lan --domain linuxtechi.lan --realm LINUXTECHI.LAN
```
Change the FreeIPA Server address, domain name and realm that suits to your setup.
Output of above command would be something like below :
Perfect, output above confirms that ipa-client installation was successful.
Now allow users home directory to be created automatically when they first time authenticated with FreeIPA Server.
Append the following line in the file “/usr/share/pam-configs/mkhomedir”
required pam_mkhomedir.so umask=0022 skel=/etc/skel
```
$ echo "required pam_mkhomedir.so umask=0022 skel=/etc/skel" | sudo tee -a /usr/share/pam-configs/mkhomedir
```
To make above changes into affect, run following command
```
$ sudo pam-auth-update
```
Select OK and then hit enter.
##### 5) Try to Login to your Ubuntu System with sysadm user
Try to ssh or login to your Ubuntu system using the sysadm user,
```
$ ssh [email protected]
```
As you can see above, when we first time to login, it says password expired. It will prompt us to set new password and will disconnect the session.
After updating the password, try to ssh ubuntu system and this time we should able to login.
```
$ ssh [email protected]
```
Output,
Great, output above confirms that we have successfully login to our Ubuntu system using a centralize user. This also shows that we have successfully configured FreeIPA client.
In case, you want to uninstall freeipa from your ubuntu system then run following set of commands,
```
$ sudo ipa-client-install --uninstall
$ sudo  rm -rf /var/lib/sss/db/*
$ sudo systemctl restart sssd.service
```
Thats all from this post, I believe you have found it informative. Kindly do  post your queries and feedback in below comments section.
--------------------------------------------------------------------------------
via: https://www.linuxtechi.com/configure-freeipa-client-on-ubuntu/
作者:[Pradeep Kumar][a]
选题:[lkxed][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.linuxtechi.com/author/pradeep/
[b]: https://github.com/lkxed/

190
translated/tech/20230416.0 ⭐️⭐️ How to Configure FreeIPA Client on Ubuntu 22.04 20.04.md Normal file
View File

@ -0,0 +1,190 @@
[#]: subject: "How to Configure FreeIPA Client on Ubuntu 22.04 / 20.04"
[#]: via: "https://www.linuxtechi.com/configure-freeipa-client-on-ubuntu/"
[#]: author: "Pradeep Kumar https://www.linuxtechi.com/author/pradeep/"
[#]: collector: "lkxed"
[#]: translator: "geekpi"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
如何在 Ubuntu 22.04 / 20.04 上配置 FreeIPA 客户端
======
FreeIPA 是一个强大的开源身份管理系统,提供集中的身份验证、授权和计费服务。在本文中,我们将逐步介绍在 Ubuntu 22.04 / 20.04 上配置 FreeIPA 客户端的步骤。配置 FreeIPA 客户端后,我们将尝试使用在 FreeIPA 服务器上创建的用户登录。
在我们之前的帖子中,我们已经讨论了 FreeIPA Server 在 RHEL8/Rokcy Linux 8/ AlmaLinux 8 上的安装步骤。
##### 在 FreeIPA 服务器上创建用户进行集中认证
登录到你的 FreeIPA 服务器并创建一个名为 “sysadm” 的用户,运行以下命令:
```
$ sudo kinit admin
Password for admin@LINUXTECHI.LAN:
$
$ sudo ipa config-mod --defaultshell=/bin/bash
$ sudo ipa user-add sysadm --first=System --last=Admin --password
Password:
Enter Password again to verify:
-------------------
Added user "sysadm"
-------------------
User login: sysadm
First name: System
Last name: Admin
Full name: System Admin
Display name: System Admin
Initials: SA
Home directory: /home/sysadm
GECOS: System Admin
Login shell: /bin/bash
Principal name: sysadm@LINUXTECHI.LAN
Principal alias: sysadm@LINUXTECHI.LAN
User password expiration: 20230415073041Z
Email address: sysadm@linuxtechi.lan
UID: 464600003
GID: 464600003
Password: True
Member of groups: ipausers
Kerberos keys available: True
$
```
第一个命令是获取 Kerberos 凭证,第二个命令将所有用户的默认登录 shell 设置为 “/bin/bash”第三个命令用于创建名为 “sysadm” 的用户。
### 在 Ubuntu 22.04 /20.04 上配置 FreeIPA 客户端的步骤
执行以下步骤来配置 FreeIPA 客户端以进行集中身份验证。
##### 1在 FreeIPA 服务器上添加 Ubuntu 系统的 DNS 记录
登录到你的 FreeIPA 服务器并运行以下命令为 FreeIPA 客户端(即 Ubuntu 22.04/20.04)添加 dns 记录:
```
$ sudo ipa dnsrecord-add linuxtechi.lan app01.linuxtechi.lan --a-rec 192.168.1.106
Record name: app01.linuxtechi.lan
A record: 192.168.1.106
$
```
在上面的命令中app01.linuxtechi.lan 是我的 Ubuntu 系统IP 地址为 192.168.1.106。
注意:确保你的 FreeIPA 服务器和客户端处于同一时区并从 NTP 服务器获取时间。
##### 2安装 FreeIPA 客户端包
从你的 Ubuntu 系统运行以下命令以安装 freeipa-client 以及依赖项:
```
$ sudo apt install freeipa-client oddjob-mkhomedir -y
```
在安装 freeipa-client 时,我们将看到以下页面,选择确定并回车。
![][1]
在下一个屏幕中,按回车键跳过。
![][2]
##### 3) 在主机文件中添加 FreeIPA 服务器 IP 和主机名
在 /etc/hosts 文件中添加以下 FreeIPA 服务器条目:
```
$ echo "192.168.1.102 ipa.linuxtechi.lan ipa" | sudo tee -a /etc/hosts
$ echo "192.168.1.106 app01.linuxtechi.lan app01" | sudo tee -a /etc/hosts
```
更改适合你的设置的 IP 地址和主机名。
##### 4) 使用 ipa-client-install 配置 FreeIPA 客户端
现在运行以下 “ipa-client-install” 命令在你的 Ubuntu 系统上配置 freeipa-client:
```
$ sudo ipa-client-install --hostname=`hostname -f` --mkhomedir --server=ipa.linuxtechi.lan --domain linuxtechi.lan --realm LINUXTECHI.LAN
```
更改适合你设置的 FreeIPA 服务器地址、域名和 realm。
上述命令的输出如下所示:
![][3]
完美,上面的输出确认 ipa-client 安装成功。
现在允许在用户首次使用 FreeIPA Server 进行身份验证时自动创建用户的主目录。
在文件 “/usr/share/pam-configs/mkhomedir” 中添加以下行:
required pam_mkhomedir.so umask=0022 skel=/etc/skel
```
$ echo "required pam_mkhomedir.so umask=0022 skel=/etc/skel" | sudo tee -a /usr/share/pam-configs/mkhomedir
```
要使上述更改生效,请运行以下命令:
```
$ sudo pam-auth-update
```
![][4]
选择确定,然后按回车键。
##### 5) 尝试使用 sysadm 用户登录到你的 Ubuntu 系统
尝试使用 sysadm 用户通过 ssh 或登录到你的 Ubuntu 系统,
```
$ ssh sysadm@192.168.1.106
```
![][5]
正如你在上面看到的,当我们第一次登录时,它说密码已过期。它将提示我们设置新密码并断开会话。
更新密码后,尝试 ssh 登录 ubuntu 系统,这次我们应该可以登录了。
```
$ ssh sysadm@192.168.1.106
```
输出:
![][6]
太好了,上面的输出确认我们已经使用集中用户成功登录到我们的 Ubuntu 系统。这也说明我们已经成功配置了 FreeIPA 客户端。
如果你想从 ubuntu 系统中卸载 FreeIPA然后运行以下命令集
```
$ sudo ipa-client-install --uninstall
$ sudo rm -rf /var/lib/sss/db/*
$ sudo systemctl restart sssd.service
```
以上就是这篇文章的全部内容,我相信你已经发现它提供了很多信息。请在下面发表你的疑问和反馈。
--------------------------------------------------------------------------------
via: https://www.linuxtechi.com/configure-freeipa-client-on-ubuntu/
作者:[Pradeep Kumar][a]
选题:[lkxed][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.linuxtechi.com/author/pradeep/
[b]: https://github.com/lkxed/
[1]: https://www.linuxtechi.com/wp-content/uploads/2018/12/FreeIPA-Client-Kerberos-Auth-Ubuntu-Linux.png
[2]: https://www.linuxtechi.com/wp-content/uploads/2018/12/Skip-Kerberos-auth-freeipa-client-ubuntu.png
[3]: https://www.linuxtechi.com/wp-content/uploads/2018/12/ipa-client-install-ubuntu-linux.png
[4]: https://www.linuxtechi.com/wp-content/uploads/2018/12/Choose-Create-Home-Directory-on-login-Ubuntu-Pam.png
[5]: https://www.linuxtechi.com/wp-content/uploads/2018/12/Set-New-Password-After-Expiry-FreeIPA-Client-Ubuntu-Linux.png
[6]: https://www.linuxtechi.com/wp-content/uploads/2018/12/Centralize-Login-FreeIPA-Client-Ubuntu.png