Last active
February 15, 2023 14:52
-
-
Save ruzickap/f7dfc2f68f4e50a1f19f to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "Turn OFF Firewall" | |
| chkconfig firewalld off | |
| service firewalld stop | |
| echo "192.168.122.226 ipa.ec.example.com ipa" >> /etc/hosts | |
| echo "Change DNS server to 192.168.122.247 (ad.example.com)" | |
| cat >> /etc/dhcp/dhclient-eth0.conf << EOF | |
| supersede domain-name-servers 192.168.122.247; | |
| supersede domain-search "ec.example.com"; | |
| EOF | |
| service network restart | |
| echo "Install IPA packages" | |
| yum install -y ipa-server-trust-ad bind bind-dyndb-ldap | |
| echo "Install+Configure IPA" | |
| ipa-server-install --realm=EC.EXAMPLE.COM --domain=ec.example.com --ds-password=admin123 --admin-password=admin123 --mkhomedir --ssh-trust-dns --setup-dns --unattended --forwarder=192.168.122.247 --no-host-dns | |
| echo "Configure IPA server for cross-realm trusts" | |
| ipa-adtrust-install --admin-password=admin123 --netbios-name=EC --add-sids --unattended | |
| echo "Establish and verify cross-realm trust - Add trust with AD domain" | |
| echo -e "admin123\n" | ipa trust-add --type=ad example.com --admin Administrator --password | |
| echo "Check trusted domain" | |
| ipa trustdomain-find example.com | |
| echo "Add new server" | |
| ipa host-add centos7-client.ec.example.com --password=secret --ip-address=192.168.122.46 --os="CentOS 7" --platform="VMware" --location="My lab" --locality="Brno" --desc="Test server" | |
| #Enable kerberos in Firefox | |
| # about:config -> network.negotiate-auth.trusted-uris -> .example.com |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment