30 Jul 2021

Install FreeIPA Client pada varian Redhat

Pada artikel kali ini saya akan membahas bagaimana cara melakukan instalasi FreeIPA client pada sistem operasi varian redhat versi 7 dan versi 8.

adapun kebutuhan yang telah terinstall di FreeIPA server adalah :

  1. DNS dengan zone linux.server
  2. domain FreeIPA server adalah ipa.linux.server
  3. Realm adalah LINUX.SERVER

Sebelum menginstall freeipa client pada server, pastikan semua domain sever yang akan di install sudah di tambahkan di DNS server. dalam kasus ini pada zone linux.server

Kemudian pastikan server yang akan di install freeipa-client sudah terupdate. 

yum -y update

Kemudian setting hostname server sesuai dengan domain zone freeipa

hostnamectl set-hostname jinbe.linux.server

setting pada /etc/hosts

echo "192.168.122.198 jinbe.linux.server" | sudo tee -a /etc/hosts

hostname jinbe.linux.server

 

Untuk versi 7 lakukan perintah di bawah ini :

yum -y install ipa-client

 

Untuk versi 8 lakukan perintah di bawah ini :

yum module list idm


Last metadata expiration check: 2:17:44 ago on Fri 30 Jul 2021 05:03:19 AM WIB.
AlmaLinux 8 - AppStream
Name Stream Profiles Summary
idm DL1 adtrust, client, common [d] The Red Hat Enterprise Linux Identity Management
, dns, server system module
idm client [d] common [d] RHEL IdM long term support client module

Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled

 

Pengecekan informasi modul

yum module info idm:client

Last metadata expiration check: 2:18:24 ago on Fri 30 Jul 2021 05:03:19 AM WIB.
Name : idm
Stream : client [d][a]
Version : 8040020210519110642
Context : b7d99be9
Architecture : x86_64
Profiles : common [d]
Default profiles : common
Repo : appstream
Summary : RHEL IdM long term support client module
Description : RHEL IdM is an integrated solution to provide centrally managed Identity (users, hosts, services), Authentication (SSO, 2FA), and Authorization (host access control, SELinux user roles, services). The solution provides features for further integration with Linux based clients (SUDO, automount) and integration with Active Directory based infrastructures (Trusts).
: This module stream supports only client side of RHEL IdM solution
Requires : platform:[el8]
Artifacts : ipa-0:4.9.2-3.module_el8.4.0+2333+a92f1bfa.alma.src
: ipa-client-0:4.9.2-3.module_el8.4.0+2333+a92f1bfa.alma.x86_64
: ipa-client-common-0:4.9.2-3.module_el8.4.0+2333+a92f1bfa.alma.noarch
: ipa-client-debuginfo-0:4.9.2-3.module_el8.4.0+2333+a92f1bfa.alma.x86_64
: ipa-client-epn-0:4.9.2-3.module_el8.4.0+2333+a92f1bfa.alma.x86_64
: ipa-client-samba-0:4.9.2-3.module_el8.4.0+2333+a92f1bfa.alma.x86_64
: ipa-common-0:4.9.2-3.module_el8.4.0+2333+a92f1bfa.alma.noarch
: ipa-debuginfo-0:4.9.2-3.module_el8.4.0+2333+a92f1bfa.alma.x86_64
: ipa-debugsource-0:4.9.2-3.module_el8.4.0+2333+a92f1bfa.alma.x86_64
: ipa-healthcheck-0:0.7-3.module_el8.4.0+2333+a92f1bfa.src
: ipa-healthcheck-core-0:0.7-3.module_el8.4.0+2333+a92f1bfa.noarch
: ipa-python-compat-0:4.9.2-3.module_el8.4.0+2333+a92f1bfa.alma.noarch
: ipa-selinux-0:4.9.2-3.module_el8.4.0+2333+a92f1bfa.alma.noarch
: python-jwcrypto-0:0.5.0-1.module_el8.3.0+2036+6212645f.src
: python-qrcode-0:5.1-12.module_el8.3.0+2036+6212645f.src
: python-yubico-0:1.3.2-9.module_el8.3.0+2036+6212645f.src
: python3-ipaclient-0:4.9.2-3.module_el8.4.0+2333+a92f1bfa.alma.noarch
: python3-ipalib-0:4.9.2-3.module_el8.4.0+2333+a92f1bfa.alma.noarch
: python3-jwcrypto-0:0.5.0-1.module_el8.3.0+2036+6212645f.noarch
: python3-pyusb-0:1.0.0-9.module_el8.3.0+2036+6212645f.noarch
: python3-qrcode-0:5.1-12.module_el8.3.0+2036+6212645f.noarch
: python3-qrcode-core-0:5.1-12.module_el8.3.0+2036+6212645f.noarch
: python3-yubico-0:1.3.2-9.module_el8.3.0+2036+6212645f.noarch
: pyusb-0:1.0.0-9.module_el8.3.0+2036+6212645f.src

Install Package FreeIPA Client

yum -y install @idm:client

Untuk melakukan pengecekan versi dapat dilakukan dengan cara :

rpm -qi ipa-client

Name : ipa-client
Version : 4.9.2
Release : 3.module_el8.4.0+2333+a92f1bfa.alma
Architecture: x86_64
Install Date: Fri 30 Jul 2021 07:24:57 AM WIB
Group : Unspecified
Size : 266076
License : GPLv3+
Signature : RSA/SHA256, Thu 20 May 2021 01:47:10 PM WIB, Key ID 51d6647ec21ad6ea
Source RPM : ipa-4.9.2-3.module_el8.4.0+2333+a92f1bfa.alma.src.rpm
Build Date : Wed 19 May 2021 09:41:39 PM WIB
Build Host : buildfarm-one-60a51537c67d8fa9277d5345.build.cloudlinux.com
Relocations : (not relocatable)
Packager : AlmaLinux Packaging Team <[email protected]>
Vendor : AlmaLinux
URL : http://www.freeipa.org/
Summary : IPA authentication for use on clients
Description :
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If your network uses IPA for authentication, this package should be
installed on every client machine.
This package provides command-line tools for IPA administrators

Untuk Sistem Operasi Ubuntu

sudo apt-get install freeipa-client oddjob-mkhomedir -y

Selanjutnya pada semua versi lakukan perintah di bawah ini .

Konfigurasi ipa client

export HNAME=nama_server.linux.server
ipa-client-install --hostname=$HNAME --mkhomedir --server=ipa.linux.server --domain linux.server --realm LINUX.SERVER

 

Autodiscovery of servers for failover cannot work with this configuration.
If you proceed with the installation, services will be configured to always access the discovered server for all operations and will not fail over to other servers in case of failure.
Proceed with fixed values and no DNS discovery? [no]: yes

jika kamu punya ntp server sendiri ketik yes

Do you want to configure chrony with NTP server or pool address? [no]:yes

Enter NTP source server addresses separated by comma, or press Enter to skip: ntp.hanangpriambodo.com

Enter a NTP source pool address, or press Enter to skip:

Realm: LINUX.SERVER
DNS Domain: linux.server
IPA Server: ipa.linux.server
BaseDN: dc=linux,dc=server
NTP server: ntp.hanangpriambodo.com

Continue to configure the system with these values? [no]: yes

Masukan user dan password untuk membuka web admin freeipa-server

User authorized to enroll computers: admin
Password for [email protected]:
Client configuration complete.

configurasi selesai, testing login ke server

Instalasi telah selesai. Saya melakukan ujicoba ini pada sistem operasi centos7, centos8, almalinux8, dan oracle linux 7.

Terima kasih

— HP —

Leave a Reply