Este conteúdo não está disponível no idioma selecionado.

Chapter 14. Installing an IdM client with Kickstart


A Kickstart enrollment automatically adds a new system to the Identity Management (IdM) domain at the time Red Hat Enterprise Linux is installed.

14.1. Installing a client with Kickstart

Follow this procedure to use a Kickstart file to install an Identity Management (IdM) client.

Prerequisites

  • Do not start the sshd service prior to the kickstart enrollment. Starting sshd before enrolling the client generates the SSH keys automatically, but the Kickstart file in Section 14.2, “Kickstart file for client installation” uses a script for the same purpose, which is the preferred solution.

Procedure

  1. Pre-create the host entry on the IdM server, and set a temporary password for the entry:

    $ ipa host-add client.example.com --password=secret

    The password is used by Kickstart to authenticate during the client installation and expires after the first authentication attempt. After the client is successfully installed, it authenticates using its keytab.

  2. Create a Kickstart file with the contents described in Section 14.2, “Kickstart file for client installation”. Make sure that network is configured properly in the Kickstart file using the network command.
  3. Use the Kickstart file to install the IdM client.

14.2. Kickstart file for client installation

You can use a Kickstart file to install an Identity Management (IdM) client. The contents of the Kickstart file must meet certain requirements as outlined here.

The ipa-client package in the list of packages to install

Add the ipa-client package to the %packages section of the Kickstart file. For example:

%packages
...
ipa-client
...
Post-installation instructions for the IdM client

The post-installation instructions must include:

  • An instruction for ensuring SSH keys are generated before enrollment
  • An instruction to run the ipa-client-install utility, while specifying:

For example, the post-installation instructions for a Kickstart installation that uses a one-time password and retrieves the required options from the command line rather than via DNS can look like this:

%post --log=/root/ks-post.log

# Generate SSH keys; ipa-client-install uploads them to the IdM server by default
/usr/libexec/openssh/sshd-keygen rsa

# Run the client install script
/usr/sbin/ipa-client-install --hostname=client.example.com --domain=EXAMPLE.COM --enable-dns-updates --mkhomedir -w secret --realm=EXAMPLE.COM --server=server.example.com

Optionally, you can also include other options in the Kickstart file, such as:

  • For a non-interactive installation, add the --unattended option to ipa-client-install.
  • To let the client installation script request a certificate for the machine:

    • Add the --request-cert option to ipa-client-install.
    • Set the system bus address to /dev/null for both the getcert and ipa-client-install utility in the Kickstart chroot environment. To do this, add these lines to the post-installation instructions in the Kickstart file before the ipa-client-install instruction:

      # env DBUS_SYSTEM_BUS_ADDRESS=unix:path=/dev/null getcert list
      # env DBUS_SYSTEM_BUS_ADDRESS=unix:path=/dev/null ipa-client-install

14.3. Testing an IdM client

The command-line interface informs you that the ipa-client-install was successful, but you can also do your own test.

To test that the Identity Management (IdM) client can obtain information about users defined on the server, check that you are able to resolve a user defined on the server. For example, to check the default admin user:

[user@client ~]$ id admin
uid=1254400000(admin) gid=1254400000(admins) groups=1254400000(admins)

To test that authentication works correctly, su to a root user from a non-root user:

[user@client ~]$ su -
Last login: Thu Oct 18 18:39:11 CEST 2018 from 192.168.122.1 on pts/0
[root@client ~]#
Red Hat logoGithubRedditYoutubeTwitter

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Ajudamos os usuários da Red Hat a inovar e atingir seus objetivos com nossos produtos e serviços com conteúdo em que podem confiar.

Tornando o open source mais inclusivo

A Red Hat está comprometida em substituir a linguagem problemática em nosso código, documentação e propriedades da web. Para mais detalhes veja oBlog da Red Hat.

Sobre a Red Hat

Fornecemos soluções robustas que facilitam o trabalho das empresas em plataformas e ambientes, desde o data center principal até a borda da rede.

© 2024 Red Hat, Inc.