Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
| Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
| content:serverbasics:docker-freeipa [2025/04/07 11:00] – Daniel | content:serverbasics:docker-freeipa [2025/04/09 15:24] (aktuell) – [Setup your Browser to trust your IPA-Server] Daniel | ||
|---|---|---|---|
| Zeile 567: | Zeile 567: | ||
| ==== Install Kerberos-Client and enroll your PC to the Domain ==== | ==== Install Kerberos-Client and enroll your PC to the Domain ==== | ||
| + | |||
| + | Currently unfortunatelly i was not able to get Leap 15.6 working with freeipa-client (which worked for 15.5). So i switched to fedora (the KDE- Spin is very nice) | ||
| + | |||
| + | On Fedora, you can archive the Installation like this (Docs at [[https:// | ||
| + | < | ||
| + | |||
| + | #:> sudo yum install ipa-client | ||
| + | |||
| + | </ | ||
| + | |||
| + | After that, go on with the next chapter https:// | ||
| + | |||
| + | ---- | ||
| + | |||
| + | Using Ferdora, skip this! | ||
| After a fresh Install of OpenSUSE, you frist need to get the Package freeipa-client. | After a fresh Install of OpenSUSE, you frist need to get the Package freeipa-client. | ||
| Zeile 597: | Zeile 612: | ||
| </ | </ | ||
| + | |||
| + | |||
| + | === Integrate to the Domain === | ||
| After that, you need to setup your Client maybe with this small script, called ipa_register_host.sh which you can put to /root: | After that, you need to setup your Client maybe with this small script, called ipa_register_host.sh which you can put to /root: | ||
| Zeile 616: | Zeile 634: | ||
| echo " | echo " | ||
| fi | fi | ||
| - | INSTCMD=" | + | INSTCMD=" |
| echo ${INSTCMD} | echo ${INSTCMD} | ||
| ${INSTCMD} | ${INSTCMD} | ||
| Zeile 631: | Zeile 649: | ||
| You should frist check on non-graphical terminal if this will work, because errors will be shown there. Good Luck. | You should frist check on non-graphical terminal if this will work, because errors will be shown there. Good Luck. | ||
| + | |||
| ==== Setup your Browser to trust your IPA-Server ==== | ==== Setup your Browser to trust your IPA-Server ==== | ||
| Zeile 638: | Zeile 657: | ||
| Go to your IPAs ipa.domain.tld/ | Go to your IPAs ipa.domain.tld/ | ||
| - | For me, the Button '' | + | For me, the Button '' |
| Than open Firefox settings, Privacy and Security, Authorities- Tab and select Import. Use the downloaded file and select all Checkboxes. This installs your IPA- Authority to your Browser as trusted CA. | Than open Firefox settings, Privacy and Security, Authorities- Tab and select Import. Use the downloaded file and select all Checkboxes. This installs your IPA- Authority to your Browser as trusted CA. | ||
| Zeile 647: | Zeile 666: | ||
| If not, check if your klist shows some vaild Tickets. Otherwise inspect if this works: | If not, check if your klist shows some vaild Tickets. Otherwise inspect if this works: | ||
| - | < | ||
| + | < | ||
| HOSTNAME:~ # kinit admin | HOSTNAME:~ # kinit admin | ||
| Password for admin@DOMAIN.TLD: | Password for admin@DOMAIN.TLD: | ||
| Zeile 661: | Zeile 680: | ||
| This should be all needed to work for Firefox. | This should be all needed to work for Firefox. | ||
| + | |||
| + | ==== Setup Sudoers with FreeIPA/ | ||
| + | |||
| + | This is quite a cool feature to have client admin- users managed by putting them in an IPA- group. When Loggin in with SSSD they will get added to the sudoers, making them admin on the given machines. Check this out: [[https:// | ||
| + | |||
| ===== Next Steps ===== | ===== Next Steps ===== | ||
