1.先下载必须包
yum install -y ipa-server bind bind-dyndb-ldap
2.初始化ipa基本配置
ipa-server-install
* Configure a stand-alone CA (dogtag) for certificate management
* Configure the Network Time Daemon (ntpd)
* Create and configure an instance of Directory Server
* Create and configure a Kerberos Key Distribution Center (KDC)
* Configure Apache (httpd)
Do you want to configure integrated DNS (BIND)? [no]: yes
Existing BIND configuration detected, overwrite? [no]: yes
Server host name [server1.example.com]:回车
Please confirm the domain name [example.com]:回车
Please provide a realm name [EXAMPLE.COM]:
Directory Manager password:
IPA admin password:
Do you want to configure DNS forwarders? [yes]:
Enter IP address for a DNS forwarder:(填写本地DNS服务器IP)
Do you want to configure the reverse zone? [yes]:
Continue to configure the system with these values? [no]: yes
3.登录浏览器管理页面,添加用户
https://server1.example.com
4.需要登录验证的客户端(注:此服务严重依赖DNS解析,必要时修改本地/etc/resolv.conf文件)
yum install -y ipa-client
5.初始化客户端用户家目录
ipa-client-install --mkhomedir
6.也可以使用命令管理ipa
kinit admin
kinit list
等等