TT Bigdata
JaneTTR
2025-10-31

FreeIPA Client 调试安装速记

### 客户端初始化安装
dnf install -y freeipa-client sssd sssd-tools oddjob oddjob-mkhomedir authselect sssd-kcm certmonger
authselect select sssd with-mkhomedir --force
touch /etc/authselect/user-nsswitch.conf
grep -qE '^\s*hosts:' /etc/authselect/user-nsswitch.conf \
  || echo 'hosts:      files dns myhostname' >> /etc/authselect/user-nsswitch.conf
authselect apply-changes
chmod 600 /etc/sssd/sssd.conf 2>/dev/null || true
systemctl enable --now sssd oddjobd
systemctl enable --now sssd-kcm
systemctl enable --now certmonger

### 处理IPA证书
mkdir -p /etc/pki/ca-trust/source/anchors
install -m 0644 /etc/ipa/ca.crt \
/etc/pki/ca-trust/source/anchors/ipa-TEST-CA.crt
update-ca-trust extract




### 各个节点加入

ipa-client-install --mkhomedir \
  --server=ipa.test.com \
  --domain=test.com \
  --realm=TEST.COM \
  --hostname="$(hostname -f)" \
  --principal=admin \
  --password='Ttbigdata@2026' \
  --unattended \
  --force-join \
  --force-ntpd
  
### 如果之前已经加入,需要重新加入

ipa-client-install --uninstall



### 
kinit admin
输入密码:Ttbigdata@2026


### 节点入域

ipa dnsrecord-add test.com dev1 --a-rec=192.168.3.235
ipa service-add HTTP/dev1.test.com

ipa dnsrecord-add test.com dev2 --a-rec=192.168.3.236
ipa service-add HTTP/dev2.test.com

ipa dnsrecord-add test.com dev3 --a-rec=192.168.3.237
ipa service-add HTTP/dev3.test.com
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#Ambari#Kerberos#KDC#安全认证#集群部署#大数据安全
Ambari Server 启动失败:no valid keystore
Ambari Server 证书调试安装速记

Ambari Server 证书调试安装速记

最近更新
01
Ranger Admin LDAP 认证报 Bad credentials 分析
02-15
02
Ranger Admin LDAP 认证报 Bad credentials 处理
02-15
03
Ranger Admin 证书快速导入脚本
02-15
更多文章>
Theme by Vdoing | Copyright © 2017-2026 JaneTTR | MIT License