Черноусов Антон
После создания IPA-домена и создания резервного контроллера домена мы наконец то можем добавить рабочую станцию РЕД ОС в созданный домен.
Настройка DNS-серверов
В качестве DNS-серверов указываем адреса наших контроллеров домена IPA. Проще всего использовать утилиту nmtui.
# nmtui
Ввод рабочей станции в IPA-домен
Устанавливаем пакет ipa-client.
# dnf install ipa-clientЗапускаем мастер настройки подключения к домену.
# ipa-client-install --enable-dns-updates --mkhomedir --hostname=srv-rain-redos-01.ipa.sngp.comНастройка ввода в домен аналогична созданию дополнительного контроллера домена и так-же потребуется учетная запись администратора домена.
This program will set up IPA client.
Version 4.12.2
Discovery was successful!
Do you want to configure chrony with NTP server or pool address? [no]:
Client hostname: srv-rain-redos-01.ipa.sngp.com
Realm: IPA.SNGP.COM
DNS Domain: ipa.sngp.com
IPA Server: srv-rain-redos-02.ipa.sngp.com
BaseDN: dc=ipa,dc=sngp,dc=com
Continue to configure the system with these values? [no]: yes
Synchronizing time
No SRV records of NTP servers found and no NTP server or pool address was provided.
Using default chrony configuration.
Attempting to sync time with chronyc.
Time synchronization was successful.
User authorized to enroll computers: admin
Password for admin@IPA.SNGP.COM:
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=IPA.SNGP.COM
Issuer: CN=Certificate Authority,O=IPA.SNGP.COM
Valid From: 2025-12-02 05:57:20+00:00
Valid Until: 2045-12-02 05:57:20+00:00
Enrolled in IPA realm IPA.SNGP.COM
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Systemwide CA database updated.
Extra A/AAAA record(s) for host srv-rain-redos-01.ipa.sngp.com: fe80::5054:ff:fecb:1a4b.
Incorrect reverse record(s):
10.213.7.2 is pointing to srv-rain-redos-01. instead of srv-rain-redos-01.ipa.sngp.com.
10.213.7.2 is pointing to srv-rain-redos-01.local. instead of srv-rain-redos-01.ipa.sngp.com.
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
SSSD enabled
Configured /etc/openldap/ldap.conf
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config.d/04-ipa.conf
Configuring ipa.sngp.com as NIS domain.
Configured /etc/krb5.conf for IPA realm IPA.SNGP.COM
Client configuration complete.
The ipa-client-install command was successfulПерезагружаем компьютер и можем авторизоваться с учетной записью пользователя IPA-домена.
