IdM Client Deployment Guide#

The following instructions are for deploying the IdM client.

Prerequisites#

This guide is written for a Red Hat Enterprise Linux 8 based operating system which is operating within a cluster of systems and the following are the prerequisites:

References#

These instructions were written for FreeIPA 4.9.11

Instructions are based on the following documentation:
https://computingforgeeks.com/install-and-configure-freeipa-server-on-rocky-linux/

Deployment Scripts#

An example bash script of the instructions has been provided: deploy-idm-client.sh

Deployment Steps#

Note

Instructions assume execution using the root account.

  1. Ensure the timezone is properly set:

Important

Replace TIME_ZONE with the real time zone. (ex. America/New_York)

timedatectl set-timezone TIME_ZONE
timedatectl set-local-rtc 0

  1. Verify the hostname’s FQDN resolves to an IPv4 address that is not equal to the loopback (127.0.0.1) address:

Important

Replace HOST_FQDN with the system FQDN. (ex. user01.engwsc.example.com)

dig +short HOST_FQDN A

  1. Verify reverse DNS configuration (PTR records):

Important

Replace IP_ADDRESS with the system IPv4 address (ex. 192.168.1.60) 

dig +short -x IP_ADDRESS

If DNS does not resolve the FQDN:

Option #1, add hostname to /etc/hosts:

Important

Ensure the FQDN name is before any short names.

Replace IP_ADDRESS with the real host IPv4 address (ex. 192.168.1.60)
Replace HOST_FQDN with the real FQDN. (ex. user01.engwsc.example.com)
Replace HOST_SHORTNAME with the host short name. (ex. user01)

IP_ADDRESS HOST_FQDN HOST_SHORTNAME

sh -c 'cat >> /etc/hosts <<EOL

IP_ADDRESS  HOST_FQDN  HOST_SHORTNAME

EOL'

Option #2, Set the hostname using hostnamectl if DNS does not resolve the FQDN:

Important

Replace HOST_FQDN with the real FQDN (ex. user01.engwsc.example.com)

hostnamectl set-hostname HOST_FQDN

  1. Verify IdM module information:

dnf module info idm:DL1

  1. Enable the idm:DL1 stream and sync repositories:

dnf module -y enable idm:DL1
dnf distro-sync

  1. Install IdM client module:

dnf module -y install idm:DL1/client

  1. Install IdM client:

Note

Execute ipa-client-install without switches to walk through the installation questions.

Important

Replace IDM_SERVER with the IdM Server Name. (ex. idm.engwsc.example.com)
Replace DOMAIN_NAME with the IdM Domain Name. (ex. engwsc.example.comm)
Replace ADMIN_PRINCIPAL with the IdM Administrator User Name. (ex. admin)
Replace ADMIN_PASSWORD with the IdM Administrator Password. (Set in IdM Server Deployment Guide) 

sudo ipa-client-install \
  --mkhomedir \
  --server=IDM_SERVER \
  --domain=DOMAIN_NAME \
  --principal=ADMIN_PRINCIPAL \
  --password=ADMIN_PASSWORD \
  --unattended