To be able to configure a FreeIPA client, you need to set up a FreeIPA server first.
In this tutorial, we assume that the FreeIPA server is called ipaserver.example.com and the FreeIPA client named ipaclient.example.com. If no DNS server working (not advisable), update the /etc/hosts file of the two machines accordingly.
Install the FreeIPA client packages:
# yum install -y ipa-client ipa-admintools
Execute the client installation script:
# ipa-client-install --force-ntpd DNS discovery failed to determine your DNS domain Provide the domain name of your IPA server (ex: example.com): example.com Provide your IPA server name (ex: ipa.example.com): ipaserver.example.com The failure to use DNS to find your IPA server indicates that your resolv.conf file is not properly configured. Autodiscovery of servers for failover cannot work with this configuration. If you proceed with the installation, services will be configured to always access the discovered server for all operations and will not fail over to other servers in case of failure. Proceed with fixed values and no DNS discovery? [no]: yes Hostname: ipaclient.example.com Realm: EXAMPLE.COM DNS Domain: example.com IPA Server: ipaserver.example.com BaseDN: dc=example,dc=com Continue to configure the system with these values? [no]: yes User authorized to enroll computers: admin Synchronizing time with KDC... Password for admin@EXAMPLE.COM:
adminipaSuccessfully retrieved CA cert Subject: CN=Certificate Authority,O=EXAMPLE.COM Issuer: CN=Certificate Authority,O=EXAMPLE.COM Valid From: Tue Sep 09 14:37:07 2014 UTC Valid Until: Sat Sep 09 14:37:07 2034 UTC Enrolled in IPA realm EXAMPLE.COM Created /etc/ipa/default.conf New SSSD config will be created Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm EXAMPLE.COM trying https://ipaserver.example.com/ipa/xml Forwarding 'ping' to server 'https://ipaserver.example.com/ipa/xml' Forwarding 'env' to server 'https://ipaserver.example.com/ipa/xml' Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub Forwarding 'host_mod' to server 'https://ipaserver.example.com/ipa/xml' Could not update DNS SSHFP records. SSSD enabled Configured /etc/openldap/ldap.conf NTP enabled Configured /etc/ssh/ssh_config Configured /etc/ssh/sshd_config Client configuration complete.
Note: You can safely ignore the messages in italic: to avoid these messages, additional configuration on the DNS server is required.
Check the configuration:
# getent passwd admin admin:*:1118400000:1118400000:Administrator:/home/admin:/bin/bash # getent group admins admins:*:1118400000:admin