Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
linux_wiki:setup_a_kdc_server [2018/04/05 23:26] billdozor [Server: Configure the Server] |
linux_wiki:setup_a_kdc_server [2019/05/25 23:50] (current) |
||
|---|---|---|---|
| Line 6: | Line 6: | ||
| The second part is setting up a KDC client with local accounts as well. | The second part is setting up a KDC client with local accounts as well. | ||
| + | |||
| + | ---- | ||
| + | |||
| + | ====== Lab Setup ====== | ||
| + | |||
| + | The following virtual machines will be used: | ||
| + | * server1.example.com (192.168.1.150) -> Kerberos Client | ||
| + | * server2.example.com (192.168.1.151) -> Kerberos KDC | ||
| ---- | ---- | ||
| Line 17: | Line 25: | ||
| ---- | ---- | ||
| - | ====== | + | ====== |
| Install main packages required | Install main packages required | ||
| Line 26: | Line 34: | ||
| ---- | ---- | ||
| - | ====== | + | ====== |
| **KDC Config**: Replace domain with desired domain | **KDC Config**: Replace domain with desired domain | ||
| Line 56: | Line 64: | ||
| [realms] | [realms] | ||
| MYDOMAIN.COM = { | MYDOMAIN.COM = { | ||
| - | kdc = server3.mydomain.comĀ | + | kdc = server2.mydomain.comĀ |
| - | admin_server = server3.mydomain.com | + | admin_server = server2.mydomain.com |
| } | } | ||
| Line 67: | Line 75: | ||
| ---- | ---- | ||
| - | ====== | + | ====== |
| Create the Kerberos database | Create the Kerberos database | ||
| Line 86: | Line 94: | ||
| ---- | ---- | ||
| - | ====== | + | ====== |
| Open the Kerberos admin tool | Open the Kerberos admin tool | ||
| Line 110: | Line 118: | ||
| Add hostname of the KDC server so the kerberos database knows about the server it is installed on | Add hostname of the KDC server so the kerberos database knows about the server it is installed on | ||
| <code bash> | <code bash> | ||
| - | addprinc -randkey host/server3.mydomain.com | + | addprinc -randkey host/server2.mydomain.com |
| </ | </ | ||
| Line 116: | Line 124: | ||
| Add host principal to the local keytab (/ | Add host principal to the local keytab (/ | ||
| <code bash> | <code bash> | ||
| - | ktadd host/server3.mydomain.com | + | ktadd host/server2.mydomain.com |
| </ | </ | ||
| Line 127: | Line 135: | ||
| ---- | ---- | ||
| - | ====== | + | ====== |
| ===== SSH ===== | ===== SSH ===== | ||
| Line 178: | Line 186: | ||
| ---- | ---- | ||
| - | ====== | + | ====== |
| Add a user account | Add a user account | ||
| Line 201: | Line 209: | ||
| SSH to the fully qualified name of the local system | SSH to the fully qualified name of the local system | ||
| <code bash> | <code bash> | ||
| - | ssh server3.mydomain.com | + | ssh server2.mydomain.com |
| </ | </ | ||
| ---- | ---- | ||
| - | ====== Client: Package Install ====== | + | ====== |
| Install the required packages | Install the required packages | ||
| Line 215: | Line 223: | ||
| ---- | ---- | ||
| - | ====== Client: Configure the Kerberos Client ====== | + | ====== |
| Setup the krb5.conf file | Setup the krb5.conf file | ||
| Line 253: | Line 261: | ||
| ---- | ---- | ||
| - | ====== Client: Configure the Client OS Components ====== | + | ====== |
| ===== SSH ===== | ===== SSH ===== | ||
| Line 279: | Line 287: | ||
| ---- | ---- | ||
| - | ====== Client: Test The Client ====== | + | ====== |
| Change to the user | Change to the user | ||
| Line 295: | Line 303: | ||
| SSH to to the KDC server | SSH to to the KDC server | ||
| <code bash> | <code bash> | ||
| - | ssh ipa.example.com | + | ssh server2.example.com |
| </ | </ | ||
| * Should not be prompted for a password due to initializing a kerberos ticket | * Should not be prompted for a password due to initializing a kerberos ticket | ||
| ---- | ---- | ||