FreeIPA Client 调试安装速记
### 客户端初始化安装
dnf install -y freeipa-client sssd sssd-tools oddjob oddjob-mkhomedir authselect sssd-kcm certmonger
authselect select sssd with-mkhomedir --force
touch /etc/authselect/user-nsswitch.conf
grep -qE '^\s*hosts:' /etc/authselect/user-nsswitch.conf \
|| echo 'hosts: files dns myhostname' >> /etc/authselect/user-nsswitch.conf
authselect apply-changes
chmod 600 /etc/sssd/sssd.conf 2>/dev/null || true
systemctl enable --now sssd oddjobd
systemctl enable --now sssd-kcm
systemctl enable --now certmonger
### 处理IPA证书
mkdir -p /etc/pki/ca-trust/source/anchors
install -m 0644 /etc/ipa/ca.crt \
/etc/pki/ca-trust/source/anchors/ipa-TEST-CA.crt
update-ca-trust extract
### 各个节点加入
ipa-client-install --mkhomedir \
--server=ipa.test.com \
--domain=test.com \
--realm=TEST.COM \
--hostname="$(hostname -f)" \
--principal=admin \
--password='Ttbigdata@2026' \
--unattended \
--force-join \
--force-ntpd
### 如果之前已经加入,需要重新加入
ipa-client-install --uninstall
###
kinit admin
输入密码:Ttbigdata@2026
### 节点入域
ipa dnsrecord-add test.com dev1 --a-rec=192.168.3.235
ipa service-add HTTP/dev1.test.com
ipa dnsrecord-add test.com dev2 --a-rec=192.168.3.236
ipa service-add HTTP/dev2.test.com
ipa dnsrecord-add test.com dev3 --a-rec=192.168.3.237
ipa service-add HTTP/dev3.test.com
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
- 03
- Ranger Admin 证书快速导入脚本02-15