Apa itu Freeipa?
FreeIPA adalah solusi manajemen informasi keamanan terintegrasi yang menggabungkan Linux (Fedora), Server Direktori 389, MIT Kerberos, NTP, DNS, Dogtag (Sistem Sertifikat). Dan Ini terdiri dari antarmuka web dan alat administrasi baris perintah.
FreeIPA adalah solusi Identitas dan Otentikasi terintegrasi untuk lingkungan jaringan Linux/UNIX. Server FreeIPA menyediakan otentikasi terpusat, otorisasi, dan informasi akun dengan menyimpan data tentang pengguna, grup, host, dan objek lain yang diperlukan untuk mengelola aspek keamanan jaringan komputer. FreeIPA dibangun di atas komponen Open Source dan protokol standar yang terkenal dengan fokus yang sangat kuat pada kemudahan manajemen dan otomatisasi tugas instalasi dan konfigurasi.(packops(dot)dev)
Persiapan:
1. Tentukan ip address dan hostname untuk server FreeIPA
2. install docker + docker compose
3. buat config docker-compose.yml
contoh docker-compose.yml dibawah:
---
version: '3.7'
services:
freeipa:
image: freeipa/freeipa-server:centos-8
restart: unless-stopped
hostname: freeipa.abangher.local
environment:
IPA_SERVER_HOSTNAME: freeipa.abangher.local
TZ: "Asia/Tehran"
tty: true
stdin_open: true
cap_add:
- NET_ADMIN
volumes:
- /etc/localtime:/etc/localtime:ro
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- freeipavol:/data
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
- net.ipv6.conf.lo.disable_ipv6=0
security_opt:
- "seccomp:unconfined"
command:
- -U
- --domain=abangher.us
- --realm=abangher.local
- --http-pin=YOURPASSWORD
- --dirsrv-pin=YOURPASSWORDe
- --ds-password=YOURPASSWORD
- --admin-password=YOURPASSWORD
- --no-host-dns
- --unattended
ports:
- "80:80"
- "443:443"
- "389:389"
- "636:636"
- "88:88"
- "464:464"
- "88:88/udp"
- "464:464/udp"
- "123:123/udp"
- "7389:7389"
- "9443:9443"
- "9444:9444"
- "9445:9445"
volumes:
freeipabangher: setelah itu jalankan perintah dibawha ini:
docker-compose up -d
Akses web UI https://freeipa.abangher.local/ipa/ui
Client Setup :
Install Freeipa and join it toYour Freeipa Server
apt-get install freeipa-client chrony -y hostnamectl set-hostname node-02.example.local ipa-client-install --hostname=`hostname -f` \ --mkhomedir \ --server=freeipa.example.local \ --domain example.local \ --realm EXAMPLE.LOCAL
Continue to configure the system with these values? [no]: yes
Synchronizing time
No SRV records of NTP servers found and no NTP server or pool address was provided.
Using default chrony configuration.
Attempting to sync time with chronyc.
Time synchronization was successful.
User authorized to enroll computers: admin
Password for admin@EXAMPLE.LOCAL:
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=MABNADP.LOCAL
Issuer: CN=Certificate Authority,O=MABNADP.LOCAL
Valid From: 2021-11-22 11:33:00
Valid Until: 2041-11-22 11:33:00
Enrolled in IPA realm MABNADP.LOCAL
Created /etc/ipa/default.conf
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm MABNADP.LOCAL
Systemwide CA database updated.
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Could not update DNS SSHFP records.
SSSD enabled
Configured /etc/openldap/ldap.conf
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring mabnadp.local as NIS domain.
Client configuration complete.joining client sukses, selamat mencoba.
Tidak ada komentar:
Posting Komentar
Thanks for comment, menunggu approve admin blog