После создания IPA-домена и создания резервного контроллера домена мы наконец то можем добавить рабочую станцию РЕД ОС в созданный домен.

Настройка DNS-серверов

В качестве DNS-серверов указываем адреса наших контроллеров домена IPA. Проще всего использовать утилиту nmtui.

# nmtui

Ввод рабочей станции в IPA-домен

Устанавливаем пакет ipa-client.

# dnf install ipa-client

Запускаем мастер настройки подключения к домену.

# ipa-client-install --enable-dns-updates --mkhomedir --hostname=srv-rain-redos-01.ipa.sngp.com

Настройка ввода в домен аналогична созданию дополнительного контроллера домена и так-же потребуется учетная запись администратора домена.

This program will set up IPA client.
Version 4.12.2

Discovery was successful!
Do you want to configure chrony with NTP server or pool address? [no]: 
Client hostname: srv-rain-redos-01.ipa.sngp.com
Realm: IPA.SNGP.COM
DNS Domain: ipa.sngp.com
IPA Server: srv-rain-redos-02.ipa.sngp.com
BaseDN: dc=ipa,dc=sngp,dc=com

Continue to configure the system with these values? [no]: yes
Synchronizing time
No SRV records of NTP servers found and no NTP server or pool address was provided.
Using default chrony configuration.
Attempting to sync time with chronyc.
Time synchronization was successful.
User authorized to enroll computers: admin
Password for admin@IPA.SNGP.COM: 
Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=IPA.SNGP.COM
    Issuer:      CN=Certificate Authority,O=IPA.SNGP.COM
    Valid From:  2025-12-02 05:57:20+00:00
    Valid Until: 2045-12-02 05:57:20+00:00

Enrolled in IPA realm IPA.SNGP.COM
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Systemwide CA database updated.
Extra A/AAAA record(s) for host srv-rain-redos-01.ipa.sngp.com: fe80::5054:ff:fecb:1a4b.
Incorrect reverse record(s):
10.213.7.2 is pointing to srv-rain-redos-01. instead of srv-rain-redos-01.ipa.sngp.com.
10.213.7.2 is pointing to srv-rain-redos-01.local. instead of srv-rain-redos-01.ipa.sngp.com.
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
SSSD enabled
Configured /etc/openldap/ldap.conf
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config.d/04-ipa.conf
Configuring ipa.sngp.com as NIS domain.
Configured /etc/krb5.conf for IPA realm IPA.SNGP.COM
Client configuration complete.
The ipa-client-install command was successful

Перезагружаем компьютер и можем авторизоваться с учетной записью пользователя IPA-домена.