ホーム
製品
Red Hat Enterprise Linux
10
Installing Identity Management
14.3. Installing a client by using a one-time password: Interactive installation

14.3. Installing a client by using a one-time password: Interactive installation

Follow this procedure to install an Identity Management (IdM) client interactively by using a one-time password to enroll the system into the domain.

Prerequisites

On a server in the domain, add the future client system as an IdM host. Use the --random option with the ipa host-add command to generate a one-time random password for the enrollment.
注記
The ipa host-add <client_hostname> command requires that the client FQDN is resolvable through DNS. If it is not resolvable, provide the IdM client system’s IP address using the --ip address option or alternatively, use the --force option.
```
$ ipa host-add <client_hostname> --random
 --------------------------------------------------
 Added host "client.example.com"
 --------------------------------------------------
  Host name: client.example.com
  Random password: W5YpARl=7M.n
  Password: True
  Keytab: False
  Managed by: server.example.com
```
注記
The generated password will become invalid after you use it to enroll the machine into the IdM domain. It will be replaced with a proper host keytab after the enrollment is finished.

Procedure

Run the ipa-client-install utility on the system that you want to configure as an IdM client, adding the options that correspond to your use case:
- Use the --password option to provide the one-time random password. Because the password often contains special characters, enclose it in single quotes (').
  # ipa-client-install --mkhomedir --password=<password>
- Consider adding the --enable-dns-updates option to update the DNS records with the IP address of the client system in one of the following situations:
  - Your client has a dynamic IP address issued using the Dynamic Host Configuration Protocol.
  - Your client has a static IP address but it has just been allocated and the IdM server does not know about it.
    IMPORTANT
    Use the --enable-dns-updates option only if your DNS server accepts DNS entry updates with the GSS-TSIG protocol. If your client is going to be enrolled with an IdM server with integrated DNS, this condition is met.
For example:
```
# ipa-client-install --password 'W5YpARl=7M.n' --enable-dns-updates --mkhomedir
```
The installation script attempts to obtain all the required settings, such as DNS records, automatically.
- If the SRV records are set properly in the IdM DNS zone, the script automatically discovers all the other required values and displays them. Enter yes to confirm.
  Client hostname: client.example.com Realm: EXAMPLE.COM DNS Domain: example.com IPA Server: server.example.com BaseDN: dc=example,dc=com Continue to configure the system with these values? [no]: yes
- To install the system with different values, enter no. Then run ipa-client-install again, and specify the required values by adding command-line options to ipa-client-install, for example:
  - --hostname
  - --realm
  - --domain
  - --server
  - --mkhomedir
  重要
  The fully qualified domain name must be a valid DNS name:
  Only numbers, alphabetic characters, and hyphens (-) are allowed. For example, underscores are not allowed and can cause DNS failures.
  The host name must be all lower-case. No capital letters are allowed.
- If the script fails to obtain some settings automatically, it prompts you for the values.
The installation script now configures the client. Wait for the operation to complete.
```
Client configuration complete.
```

14.3. Installing a client by using a one-time password: Interactive installation

詳細情報

試用、購入および販売

コミュニティー

Red Hat ドキュメントについて

多様性を受け入れるオープンソースの強化

会社概要

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links