基于CentOS6.5进行IPA服务的搭建――客户端配置

前面介绍了IPA服务端的配置，IPA服务可以为Linux系统提供用户的集中化管理服务。下面我们看一下客户端的具体配置。
操作步骤：
（1）在另外一台主机上安装CentOS6.5操作系统，作为IPA客户端主机
（2）配置客户端网络参数（配置完成后重启系统）

[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=00:0C:29:F4:B0:3A
TYPE=Ethernet
UUID=7a646205-4bcd-4c58-a425-e6e0735f9e2e
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.0.200
NETMASK=255.255.255.0
DNS1=192.168.0.100
[root@localhost ~]# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=client.example.com

（3）安装软件包

[root@client ~]# yum -y install ipa-client

（4）安装客户端

[root@client ~]# ipa-client-install --mkhomedir -p admin
Discovery was successful!
Hostname: client.example.com
Realm: EXAMPLE.COM
DNS Domain: example.com
IPA Server: ipa.example.com
BaseDN: dc=example,dc=com
Continue to configure the system with these values? [no]: yes
Synchronizing time with KDC...
Password for admin@EXAMPLE.COM:
Successfully retrieved CA cert
Subject:     CN=Certificate Authority,O=EXAMPLE.COM
Issuer:      CN=Certificate Authority,O=EXAMPLE.COM
Valid From:  Sat May 17 10:32:32 2014 UTC
Valid Until: Wed May 17 10:32:32 2034 UTC
Enrolled in IPA realm EXAMPLE.COM
Created /etc/ipa/default.conf
New SSSD config will be created
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm EXAMPLE.COM
trying https://ipa.example.com/ipa/xml Forwarding 'env' to server u'https://ipa.example.com/ipa/xml'
Hostname (client.example.com) not found in DNS
DNS server record set to: client.example.com -> 192.168.0.200
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Forwarding 'host_mod' to server u'https://ipa.example.com/ipa/xml'
SSSD enabled
Configured /etc/openldap/ldap.conf
NTP enabled
/etc/ssh/ssh_config not found, skipping configuration
Configured /etc/ssh/sshd_config
Client configuration complete.

到此为止，客户端配置完成。

客户端测试：

[root@client ~]# su - user01
[user01@client ~]$ id
uid=1682400001(user01) gid=1682400001(user01) groups=1682400001(user01) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[user01@client ~]$ pwd
/home/user01
[user01@client ~]$ su - user02
Password:
[user02@client ~]$ id
uid=1682400003(user02) gid=1682400003(user02) groups=1682400003(user02) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[user02@client ~]$ pwd
/home/user02

本文出自 “BlkArt” 博客，请务必保留此出处http://blkart.blog.51cto.com/1142352/1413125