document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-26 21:30:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #29222 from geekpi/translating

Browse Source 
translated
This commit is contained in:
geekpi 2023-04-25 08:54:36 +08:00 committed by GitHub
commit f7a630760f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 198 additions and 178 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
sources/tech/20230415.0 ⭐️⭐️ How to Install FreeIPA Server on RHEL 8 Rocky Linux 8 AlmaLinux 8.md
View File

@ -1,178 +0,0 @@
[#]: subject: "How to Install FreeIPA Server on RHEL 8 | Rocky Linux 8 | AlmaLinux 8"
[#]: via: "https://www.linuxtechi.com/install-freeipa-rhel-rocky-almalinux/"
[#]: author: "Pradeep Kumar https://www.linuxtechi.com/author/pradeep/"
[#]: collector: "lkxed"
[#]: translator: "geekpi"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
How to Install FreeIPA Server on RHEL 8 | Rocky Linux 8 | AlmaLinux 8
======
Are you looking for an easy guide on how to install FreeIPA server on Linux ?
The step-by-step guide on this page will show how to install FreeIPA server on RHEL 8 , Rocky Linux 8 and AlmaLinux 8.
[FreeIPA][1]is a free and open source centralized identity and access management tool for Linux-based systems, it is the upstream project for Red Hat identity manager. Using FreeIPA, we can easily manage centralized authentication along with account management, policy (host-based access control) and audit.
FreeIPA is based on the following Open Source projects,
- LDAP Server based on the 389 project
- KDC based on MIT Kerberos implementation
- PKI based on Dogtag project
- Samba libraries for Active Directory integration
- DNS Server based on BIND and the Bind-DynDB-LDAP plugin
- NTP
##### Prerequisites
- Pre Installed RHEL 8 or Rocky Linux 8 or AlmaLinux 8
- Sudo User with admin rights
- RAM = 2 GB
- CPU =2 vCPU
- Disk = 12 GB free space on /
- Internet connectivity
##### Lab Details for FreeIPA
- IP Address = 192.168.1.102
- Hostanme = ipa.linuxtechi.lan
- OS: RHEL 8 or Rocky Linux 8 or AlmaLinux 8
Without further ado, lets deep dive into FreeIPA installation steps,
### 1) Set Hostname and Install Updates
Open the terminal of your server and set the hostname using hostnamectlcommand,
```
$ sudo hostnamectl set-hostname "ipa.linuxtechi.lan"
$ exec bash
```
Install updates using yum/dnf command and then reboot it
```
$ sudo dnf update -y
$ sudo reboot
```
### 2) Update the hosts file & Set SELinux as Permissive
Run the below tee command to update /etc/hosts file, replace the ip address and hostname as per your setup.
```
$ echo -e "192.168.1.102\tipa.linuxtechi.lan\t ipa" | sudo tee -a /etc/hosts
```
Set the selinux as permissive, run following commands,
```
$ sudo setenforce 0
$ sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config
]$ getenforce
Permissive
$
```
### 3) Install FreeIPA and its Components
FreeIPA packages and its dependencies are available in the Appstream package repositories. As we are planning to install integrated DNS of FreeIPA, so we will also install “ipa-server-dns & bind-dyndb-ldap”
Run the below command to install FreeIPA and its dependencies
```
$ sudo dnf -y install @idm:DL1
$ sudo dnf install freeipa-server ipa-server-dns bind-dyndb-ldap -y
```
### 4) Start FreeIPA Installation
Once FreeIPA package and its dependencies are installed successfully then use the below command to start the freeipa installation setup,
It will prompt couple of things like to configure Integrated DNS, Host name, Domain Name and Realm Name.
```
$ sudo ipa-server-install
```
Output of above command would be something like below
After pressing yes in above window, it will take some time to configure your FreeIPA server and once it has been setup successfully then we will get output something like below,
Above output confirms that FreeIPA has been installed successfully.
### 5) Allow FreeIPA ports in Firewall
In case OS firewall is running on your server then run beneath firewall-cmd commands to allow FreeIPA ports,
```
$ sudo firewall-cmd --add-service={http,https,dns,ntp,freeipa-ldap,freeipa-ldaps} --permanent
$ sudo firewall-cmd --reload
```
### 6) Access FreeIPA admin portal
Execute the below ipactl command to check whether all services of FreeIPA are running or not
```
[[email protected] ~]$ ipactl status
You must be root to run ipactl.
[[email protected] ~]$ sudo ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
ipa: INFO: The ipactl command was successful
[[email protected] ~]$
```
Lets verify whether admin user will get token via Kerberos using the kinit command, use the same password of admin user that we supplied during FreeIPA installation.
```
$ kinit admin
$ klist
```
Output of above commands,
Perfect, output above confirms that admin gets the token. Now, try to access FreeIPA Web Console, type following url on web browser,
https://ipa.linuxtechi.lan/ipa/ui
or
https://<Server-IPAddress>/ipa/ui
Use the user name as admin and the password that we specify during the installation.
For FreeIPA web console, self-signed ssl certificates are used thats why we got this window, so click on “Accept the Risk and Continue”
After entering the credentials, click on Log in
This confirms that we have successfully setup FreeIPA on RHEL 8/Rocky Linux 8 / AlmaLinux8.
Thats all from this, I hope you have found it informative. Kindly do post your queries and feedback in below comments section.
Read Also : How to Configure FreeIPA Client on Ubuntu 18.04 / CentOS 7 for Centralize Authentication
--------------------------------------------------------------------------------
via: https://www.linuxtechi.com/install-freeipa-rhel-rocky-almalinux/
作者:[Pradeep Kumar][a]
选题:[lkxed][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.linuxtechi.com/author/pradeep/
[b]: https://github.com/lkxed/
[1]: https://www.freeipa.org/page/Main_Page

198
translated/tech/20230415.0 ⭐️⭐️ How to Install FreeIPA Server on RHEL 8 Rocky Linux 8 AlmaLinux 8.md Normal file
View File

@ -0,0 +1,198 @@
[#]: subject: "How to Install FreeIPA Server on RHEL 8 | Rocky Linux 8 | AlmaLinux 8"
[#]: via: "https://www.linuxtechi.com/install-freeipa-rhel-rocky-almalinux/"
[#]: author: "Pradeep Kumar https://www.linuxtechi.com/author/pradeep/"
[#]: collector: "lkxed"
[#]: translator: "geekpi"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
如何在 RHEL 8 | Rocky Linux 8 | AlmaLinux 8 上安装 FreeIPA 服务器
======
你是否正在寻找有关如何在 Linux 上安装 FreeIPA 服务器的简单指南?
此页面上的分步指南将展示如何在 RHEL 8、Rocky Linux 8 和 AlmaLinux 8 上安装 FreeIPA 服务器。
[FreeIPA][1] 是一个免费开源的基于 Linux 系统的集中式身份和访问管理工具,它是 Red Hat 身份管理器的上游项目。使用 FreeIPA我们可以轻松地管理集中式身份验证以及帐户管理、策略基于主机的访问控制和审计。
FreeIPA 基于以下开源项目:
- LDAP 服务器 基于 389 项目
- KDC 基于 MIT Kerberos 实现
- 基于 Dogtag 项目的 PKI
- 用于活动目录集成的 Samba 库
- 基于 BIND 和 Bind-DynDB-LDAP 插件的 DNS 服务器
- NTP
##### 先决条件
- 预装 RHEL 8 或 Rocky Linux 8 或 AlmaLinux 8
- 具有管理员权限的 Sudo 用户
- 内存 = 2 GB
- CPU = 2 个 vCPU
- 磁盘 = 根目录有 12GB 可用空间
- 互联网连接
##### FreeIPA 的实验室详细信息
- IP 地址 = 192.168.1.102
- Hostanme = ipa.linuxtechi.lan
- 操作系统RHEL 8 或 Rocky Linux 8 或 AlmaLinux 8
事不宜迟,让我们深入了解 FreeIPA 安装步骤。
### 1) 设置主机名并安装更新
打开服务器的终端并使用 hostnamectl 命令设置主机名:
```
$ sudo hostnamectl set-hostname "ipa.linuxtechi.lan"
$ exec bash
```
使用 yum/dnf 命令安装更新,然后重新启动它:
```
$ sudo dnf update -y
$ sudo reboot
```
### 2) 更新 host 文件并将 SELinux 设置为 Permissive
运行以下 tee 命令更新 /etc/hosts 文件,根据你的设置替换 IP 地址和主机名。
```
$ echo -e "192.168.1.102\tipa.linuxtechi.lan\t ipa" | sudo tee -a /etc/hosts
```
将 selinux 设置为 permissive运行以下命令
```
$ sudo setenforce 0
$ sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config
]$ getenforce
Permissive
$
```
### 3) 安装 FreeIPA 及其组件
Appstream 包仓库中提供了 FreeIPA 包及其依赖项。由于我们计划安装集成 DNS 的 FreeIPA因此我们还将安装 “ipa-server-dns 和 bind-dyndb-ldap”。
运行以下命令安装 FreeIPA 及其依赖项。
```
$ sudo dnf -y install @idm:DL1
$ sudo dnf install freeipa-server ipa-server-dns bind-dyndb-ldap -y
```
### 4开始安装FreeIPA
成功安装 FreeIPA 包及其依赖项后,使用以下命令启动 freeipa 安装设置。
它将提示几件事,例如配置集成 DNS、主机名、域名和 Realm。
```
$ sudo ipa-server-install
```
上述命令的输出如下所示。
![][2]
![][3]
在上面的窗口中按是后,需要一些时间来配置你的 FreeIPA 服务器,设置成功后,我们将得到下面的输出。
![][4]
以上输出确认 FreeIPA 已成功安装。
### 5) 在防火墙中允许 FreeIPA 端口
如果系统防火墙正在你的服务器上运行,那么在 firewall-cmd 命令下运行命令允许 FreeIPA 端口:
```
$ sudo firewall-cmd --add-service={http,https,dns,ntp,freeipa-ldap,freeipa-ldaps} --permanent
$ sudo firewall-cmd --reload
```
### 6) 访问 FreeIPA 管理门户
执行下面的ipactl命令查看FreeIPA的所有服务是否都在运行
```
[[email protected] ~]$ ipactl status
You must be root to run ipactl.
[[email protected] ~]$ sudo ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
ipa: INFO: The ipactl command was successful
[[email protected] ~]$
```
让我们使用 kinit 命令验证管理员用户是否会通过 Kerberos 获取令牌,使用我们在 FreeIPA 安装期间提供的相同管理员用户密码。
```
$ kinit admin
$ klist
```
以上命令的输出。
![][5]
完美,上面的输出确认管理员获得了令牌。现在,尝试访问 FreeIPA Web 控制台,在网络浏览器上输入以下 url
https://ipa.linuxtechi.lan/ipa/ui
或者
https://<Server-IPAddress>/ipa/ui
使用我们在安装过程中指定的用户名 admin 和密码。
![][6]
对于 FreeIPA Web 控制台,使用自签名 ssl 证书,这就是我们看到此窗口的原因,因此单击“接受风险并继续”。
![][7]
输入凭据后,单击“登录”
![][8]
这证实我们已在 RHEL 8/Rocky Linux 8 / AlmaLinux8 上成功设置 FreeIPA。
这就是全部,我希望你觉得它提供了很多信息。请在下面的评论部分中发表你的疑问和反馈。
--------------------------------------------------------------------------------
via: https://www.linuxtechi.com/install-freeipa-rhel-rocky-almalinux/
作者:[Pradeep Kumar][a]
选题:[lkxed][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.linuxtechi.com/author/pradeep/
[b]: https://github.com/lkxed/
[1]: https://www.freeipa.org/page/Main_Page
[2]: https://www.linuxtechi.com/wp-content/uploads/2018/11/IPA-Server-Install-Command-RHEL-RockyLinux-AlmaLinux.png?ezimgfmt=ng:webp/ngcb22
[3]: https://www.linuxtechi.com/wp-content/uploads/2018/11/IPA-Install-Directory-Manager-IPA-Admin-Password.png?ezimgfmt=ng:webp/ngcb22
[4]: https://www.linuxtechi.com/wp-content/uploads/2018/11/IPA-Installation-Successful-Message-RHEL-AlmaLinux-RockyLinux.png?ezimgfmt=ng:webp/ngcb22
[5]: https://www.linuxtechi.com/wp-content/uploads/2018/11/FeeIPA-kinit-admin-token.png
[6]: https://www.linuxtechi.com/wp-content/uploads/2018/11/Accept-Risk-FreeIPA-WebConsole-URL-1024x556.png?ezimgfmt=ng:webp/ngcb22
[7]: https://www.linuxtechi.com/wp-content/uploads/2018/11/FreeIPA-Login-Page-RHEL-RockyLinux-AlmaLinux-1024x586.png?ezimgfmt=ng:webp/ngcb22
[8]: https://www.linuxtechi.com/wp-content/uploads/2018/11/FreeIPA-Dashboard-RHEL-RockyLinux-AlmaLinux-1024x585.png?ezimgfmt=ng:webp/ngcb22