{"id":11131,"date":"2020-05-06T13:05:58","date_gmt":"2020-05-06T04:05:58","guid":{"rendered":"http:\/\/mini.jellypo.pe.kr\/wp\/?p=11131"},"modified":"2020-05-06T13:06:00","modified_gmt":"2020-05-06T04:06:00","slug":"idm-%ec%9c%bc%eb%a1%9c-id-%ed%86%b5%ed%95%a9-%ea%b4%80%eb%a6%ac","status":"publish","type":"post","link":"https:\/\/mini.jellypo.pe.kr\/wp\/?p=11131","title":{"rendered":"IdM \uc73c\ub85c ID \ud1b5\ud569 \uad00\ub9ac"},"content":{"rendered":"\n<p><a href=\"https:\/\/access.redhat.com\/documentation\/en-us\/red_hat_enterprise_linux\/7\/html\/7.4_release_notes\/chap-red_hat_enterprise_linux-7.4_release_notes-deprecated_functionality_in_rhel7\">Red Hat Enterprise Linux 7 \ub9b4\ub9ac\uc988 \ub178\ud2b8<\/a>\ub97c \ubcf4\uba74 \uc778\uc99d \uad00\ub828 \ud328\ud0a4\uc9c0\ub4e4\uc774 \ub300\uccb4 \ub418\uc5c8\uace0, OpenLDAP \uc740 IdM \uc744 \uc0ac\uc6a9\ud558\ub77c\uace0 \ub418\uc5b4 \uc788\ub2e4(IdM \uc740 FreeIPA, 389-DS \uae30\ubc18 \ud328\ud0a4\uc9c0\uc784).<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"654\" height=\"342\" src=\"https:\/\/mini.jellypo.pe.kr\/wp\/wp-content\/uploads\/2020\/05\/image.png\" alt=\"\" class=\"wp-image-11132\" srcset=\"https:\/\/mini.jellypo.pe.kr\/wp\/wp-content\/uploads\/2020\/05\/image.png 654w, https:\/\/mini.jellypo.pe.kr\/wp\/wp-content\/uploads\/2020\/05\/image-300x157.png 300w\" sizes=\"auto, (max-width: 654px) 100vw, 654px\" \/><figcaption>Red Hat Enterprise Linux 7 \ub9b4\ub9ac\uc988 \ub178\ud2b8 \uc911 Deprecated Packages<\/figcaption><\/figure>\n\n\n\n<p>\ucc38\uace0\ub85c <a href=\"https:\/\/www.freeipa.org\/\">FreeIPA <\/a>\uad00\ub828 \ud328\ud0a4\uc9c0\ub294 RedHat(Fedora, RHEL, CentOS), Debian \uacc4\uc5f4\ub9cc \uc0ac\uc6a9 \uac00\ub2a5\ud558\ub2e4. ~300 \uc5ec\uac1c \uac1c\ubcc4 \ud328\ud0a4\uc9c0\ub97c \ud1b5\ud569 \uad00\ub9ac\ud574\uc57c \ud558\ub294\ub370 \uc601\uc138\ud55c \ub9ac\ub205\uc2a4 \ubc30\ud3ec\ud310\uc740 \uc804\ub2f4 \uad00\ub9ac \ud300\uc774 \uc5c6\uc5b4\uc11c(<a href=\"https:\/\/serverfault.com\/questions\/894736\/how-to-set-up-a-freeipa-server-on-arch-linux\">How to set up a FreeIPA server on Arch Linux?<\/a>&#8230;) \uc9c0\uc6d0 \ubabb\ud558\uace0 \uc788\ub2e4\uace0. \uc774 \uacbd\uc6b0\ub294 OpenLDAP, sssd \ud65c\uc6a9\ud574\uc57c \ud558\ub294 \ubaa8\uc591.<\/p>\n\n\n\n<p>\ucc38\uace0\uae00 <a href=\"https:\/\/www.itzgeek.com\/how-tos\/linux\/centos-how-tos\/configure-freeipa-server-on-centos-7-rhel-7-debian-9-fedora-27.html\">Configure FreeIPA server On CentOS 7 \/ RHEL 7 \u2013 A Identity Management System<\/a><\/p>\n\n\n\n<figure class=\"wp-block-embed-wordpress wp-block-embed is-type-wp-embed is-provider-hatena-blog\"><div class=\"wp-block-embed__wrapper\">\n<iframe class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" title=\"IdM\u306b\u3088\u308bID\u306e\u4e00\u5143\u7ba1\u7406 - \u3042\u309d\u3001\u3081\u3093\u3069\u304f\u3055\u3044\" src=\"https:\/\/hatenablog-parts.com\/embed?url=http%3A%2F%2Fhiroys.hatenablog.jp%2Fentry%2F2017%2F10%2F04%2F224421#?secret=63DeB5s9gd\" data-secret=\"63DeB5s9gd\" scrolling=\"no\" frameborder=\"0\"><\/iframe>\n<\/div><figcaption>IdM \uc73c\ub85c ID \ud1b5\ud569\uad00\ub9ac<\/figcaption><\/figure>\n\n\n\n<p>\uc774\ud558\ub294 \uac80\uc0c9 \uc911 \ubc1c\uacac\ud55c \uc77c\uc5b4 \ud398\uc774\uc9c0 \ubc88\uc5ed<\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p>&#8220;\uadf8\uc57c, \ud55c \ubc88\uc5d0 \ubaa8\ub4e0 \uc11c\ubc84\uc5d0\uc11c \uacc4\uc815 \uc0ad\uc81c \uac00\ub2a5\ud558\uba74 \ud3b8\ud558\uaca0\ub124\uc694.&#8221;<\/p>\n\n\n\n<p>\ud1f4\uc9c1\uc790 \uacc4\uc815 \uc0ad\uc81c\ub294 \ubcf4\ud1b5 \uc77c\uc774 \uc544\ub2c8\ub2e4. \uc11c\ubc84\uac00 \ud55c\ub300\ub77c\uba74 \ubab0\ub77c\ub3c4, \ubaa8\ub450 \uba4b\ub300\ub85c \uc774\ucabd\uc800\ucabd\uc5d0 \uacc4\uc815\uc744 \ub9cc\ub4e4\uc5b4\ub300\ub2c8&#8230; \uc9c0\uc6cc\uc11c \uc6d0\ubcf5\ud574\uc57c \ud55c\ub2e4.<\/p>\n\n\n\n<p>&#8220;\uadf8\ub798, \uacc4\uc815 \uc77c\uad04 \uad00\ub9ac \ud558\uc790. \uc790\ub124\uac00 \ub9cc\ub4e4\uc5b4\ubd10&#8221;<\/p>\n\n\n\n<p>\uc5e5? \uadf8\uac70 Active Directory \ub098 OpenLDAP \uc73c\ub85c \uacc4\uc815 \uad00\ub9ac\ud558\uace0 \ud1b5\ud569\uc778\uc99d \ud558\uc790\ub294\uac70\uc8e0? Windows \ub294 \uc798 \ubaa8\ub974\uaca0\uace0, OpenLDAP \uc740 \uc124\uc815\uc774 \uc5b4\ub824\uc6b0\ub2c8 \uc2eb\uc740\ub370.<\/p>\n\n\n\n<p>&#8220;OpenLDAP \uc740 CentOS 7.4 \ubd80\ud130 \uc0ac\uc6a9 \uc911\uc9c0 \ud328\ud0a4\uc9c0\uac00 \ub410\ub2e4\uace0.&#8221;<\/p>\n\n\n\n<p>\ubb50.\ub77c.\uace0.\uc694?<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. IdM \uc774\ub780 \uc120\ud0dd\uc9c0<\/h3>\n\n\n\n<p>Red Hat \uc0ac\uc774\ud2b8\ub97c \ucc3e\uc544\ubcf4\ub2c8 &#8216;\uc7a5\ub798 \uc81c\uac70&#8217; \uac00 \uc788\ub2e4.<\/p>\n\n\n\n<p><a href=\"https:\/\/access.redhat.com\/documentation\/ja-jp\/red_hat_enterprise_linux\/7\/html\/7.4_release_notes\/chap-red_hat_enterprise_linux-7.4_release_notes-deprecated_functionality\">\u7b2c39\u7ae0 \u975e\u63a8\u5968\u306e\u6a5f\u80fd<\/a> \/ <a href=\"https:\/\/access.redhat.com\/documentation\/en-us\/red_hat_enterprise_linux\/7\/html\/7.4_release_notes\/chap-red_hat_enterprise_linux-7.4_release_notes-deprecated_functionality_in_rhel7\">Deprecated Functionality<\/a><\/p>\n\n\n\n<p>\uc5d0 \uc758\ud558\uba74, 7.x \uc778 \ub3d9\uc548 \uc9c0\uc6d0\ub418\uc9c0\ub9cc, \uc801\uadf9\uc801\uc778 \uc218\uc815 \ub4f1\uc740 \uae30\ub300\ud560 \uc218\uc5c6\ub2e4. \ubb50 \uc6b0\ub9ac\ub294 CentOS \uc774\ubbc0\ub85c \uc9c0\uc6d0\ub3c4 \ubb63\ub3c4 \uc5c6\uc9c0\ub9cc.<\/p>\n\n\n\n<p>\ub300\uc2e0 6.x \ub54c\ubd80\ud130 \uc0ac\uc6a9\uc790 \uc778\uc99d\uc740 IdM \ub77c\ub294 \uac83\uc774 \uc900\ube44\ub418\uc5b4\uc788\ub2e4. Identity Manager \uc57d\uc5b4\uc774\uba70, FreeIPA\ub77c\ub294 \ud504\ub85c\uc81d\ud2b8\uc758 \uacb0\uacfc\ubb3c\uc5d0 Red Hat Enterprise Linux \uc5d0\uc11c \uc0ac\uc6a9\uc790, \ud638\uc2a4\ud2b8, \uc11c\ube44\uc2a4 \uad00\ub9ac \ud558\ub294 \uac83. \ubb3c\ub860 CentOS \uc5d0\ub3c4 \ub4e4\uc5b4\uc788\ub2e4. LDAP \ubc0f Kerberos, BIND \ub530\uc704\ub97c \uc0ac\uc6a9\ud558\uc5ec ID \uad00\ub9ac\ub97c\ud558\uae30 \ub54c\ubb38\uc5d0 \uc77c\ubc18\uc801\uc778 Linux \uc11c\ubc84\ub77c\uba74 \uc774\uc81c IdM \ud558\ub098\ub85c \uad00\ub9ac \ud560 \uc218\uc788\uc744 \uac83 \uac19\ub2e4. Web \uad00\ub9ac \ud654\uba74\ub3c4 \uc788\ub2e4.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. \uc778\uc99d \uc11c\ubc84 \uc124\uce58<\/h3>\n\n\n\n<p>\ubc14\ub85c \uc11c\ubc84 \uc900\ube44\ub97c\ud55c\ub2e4. DNS \uc758 \uae30\ub2a5\uc774 \ud1b5\ud569\ub418\uc5b4 \uc788\uae30\uc5d0 \uae30\uc874 \ub124\ud2b8\uc6cc\ud06c\uc5d0 \uad6c\ucd95\ud558\uace0 \uc870\uae08\uc529 \uc774\ub3d9\ud558\ub824\uace0 \ud558\ub2e4\ubcf4\uba74 \uae30\uc874\uc758 <a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/DNS&amp;usg=ALkJrhgeMbDWA2jiPBtf_LOzEZWszJsZSg\">DNS<\/a> \uc640 \uad00\ub9ac \uc601\uc5ed\uc744 \uacc2\uce58\uac70\ub098 \ud574\uc11c \uc870\uae08 \uadc0\ucc2e\ub2e4. \ud558\uc9c0\ub9cc \uc5b4\ub5bb\uac8c\ub4e0 \ud55c\ub2e4.<\/p>\n\n\n\n<p>\uba3c\uc800 \uc778\uc99d \uc11c\ubc84\uc5d0<a href=\"https:\/\/papago.naver.net\/apis\/site\/proxy?data=%7B%22url%22%3A%22http%3A%2F%2Fd.hatena.ne.jp%2Fkeyword%2FCentOS%22%7D\"> CentOS<\/a> 7.4\ub97c \ub123\uace0<a href=\"https:\/\/papago.naver.net\/apis\/site\/proxy?data=%7B%22url%22%3A%22http%3A%2F%2Fd.hatena.ne.jp%2Fkeyword%2Fyum%22%7D\"> yum<\/a> update, FreeIPA\uc758 \uc124\uce58.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@ipa ~]# yum -y install ipa-server ipa-server-dns bind bind-dyndb-ldap<\/code><\/pre>\n\n\n\n<p>\uc124\uce58\uac00 \uc644\ub8cc\ub418\uba74 \uc124\uc815\uc744 \ud558\ub294\ub370,  \uc9c0\uae08\ubd80\ud130 \uc124\uc815\ud558\ub824\ub294 <a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/DNS&amp;usg=ALkJrhgeMbDWA2jiPBtf_LOzEZWszJsZSg\">DNS<\/a> \uc601\uc5ed(Zone)\uc774 \uc774\ubbf8 \ub124\ud2b8\uc6cc\ud06c\uc758 <a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/DNS&amp;usg=ALkJrhgeMbDWA2jiPBtf_LOzEZWszJsZSg\">DNS<\/a> \uc5d0 \uc788\ub2e4\uba74 \uc124\uce58\uac00 \uc2e4\ud328\ud558\uae30 \ub54c\ubb38\uc5d0 \uc124\uc815 \uc911\uc5d4 \/etc\/resolv.conf \uc744 \ub2e4\uc74c\uacfc \uac19\uc774 \uc218\uc815\ud55c\ub2e4.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@ipa ~]# vi \/etc\/resolv.conf\nnameserver 127.0.0.1<\/code><\/pre>\n\n\n\n<p>\ub610\ud55c <a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/DNS&amp;usg=ALkJrhgeMbDWA2jiPBtf_LOzEZWszJsZSg\">DNS<\/a> \ub97c \ubcf4\ub7ec \uac00\uc9c0 \uc54a\uc744 \ub54c \uc790\uc2e0\uc758 <a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/IP%25A5%25A2%25A5%25C9%25A5%25EC%25A5%25B9&amp;usg=ALkJrhgQmjY2jg7BV-CaB_pgcMwsenRfYQ\">IP \uc8fc\uc18c<\/a> \ub97c \uc54c \uc218 \uc5c6\uc73c\ubbc0\ub85c \/etc\/hosts\uc5d0 \uc790\uc2e0\uc758 <a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/IP%25A5%25A2%25A5%25C9%25A5%25EC%25A5%25B9&amp;usg=ALkJrhgQmjY2jg7BV-CaB_pgcMwsenRfYQ\">IP \uc8fc\uc18c<\/a> \ub97c \ub4f1\ub85d \ud574 \ub454\ub2e4.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@ipa ~]# vi \/etc\/hosts\n172.16.10.100 ipa.example.jp<\/code><\/pre>\n\n\n\n<p>\uc124\uce58 \uc2dc\uc791<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@ipa ~]# ipa-server-install\nExisting BIND configuration detected, overwrite? &#91;no]: yes\u21a9\ufe0f\n\nServer host name &#91;ipa.example.jp]: \u21a9\ufe0f\n\nPlease confirm the domain name &#91;example.jp]: \u21a9\ufe0f\n\nPlease provide a realm name &#91;EXAMPLE.JP]: \u21a9\ufe0f<\/code><\/pre>\n\n\n\n<p>Directory Manager ( <a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/LDAP&amp;usg=ALkJrhhLN07yNRoc_2bPLwXRTQDkcgS1AA\">LDAP<\/a> \uc5d0\uc11c \ub9d0\ud558\ub294 root dn \uac19\uc740 \uac83) \uc554\ud638<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Directory Manager password: ********\u21a9\ufe0f\nPassword (confirm): ********\u21a9\ufe0f<\/code><\/pre>\n\n\n\n<p><a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/IPA&amp;usg=ALkJrhh68N4dr_gqlm3ZJUmTLel6U_nxDg\">IPA<\/a> ADMIN ( <a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/IPA&amp;usg=ALkJrhh68N4dr_gqlm3ZJUmTLel6U_nxDg\">IPA<\/a> admin \uacc4\uc815 \uc554\ud638 \uc124\uc815) \uc554\ud638<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>IPA admin password: ********\u21a9\ufe0f\nPassword (confirm): ********\u21a9\ufe0f<\/code><\/pre>\n\n\n\n<p>Forwarders\ud558\uc9c0\ub9cc \uc9c0\uae08 \ubcf4\ub7ec \uc0b4\ub9b4\ud558\uba74 \uadc0\ucc2e\uc740 \uc77c\uc774\ub418\uae30 \ub54c\ubb38\uc5d0 \uc124\uc815\uc740 \ud558\uc9c0 \uc54a\ub294\ub2e4. \ub098\uc911\uc5d0 \uc124\uc815\uc744 \ud55c\ub2e4.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Do you want to configure DNS forwarders? &#91;yes]: no\u21a9\ufe0f<\/code><\/pre>\n\n\n\n<p>\uc5ed\ubc29\ud5a5 \uc601\uc5ed\uc758 \uc124\uc815\uc740 \uba54\uc77c \uc11c\ubc84 \ub77c\ub4e0\uc9c0 \uc0ac\uc6a9\ud55c\ub2e4\uba74 \uc788\uc744\uc9c0\ub3c4.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Do you want to configure the reverse zone? &#91;yes]: \u21a9\ufe0f\nPlease specify the reverse zone name &#91;10.16.172.in-addr.arpa.]:<\/code><\/pre>\n\n\n\n<p>\uc124\uc815\uc758 \ud655\uc778\uc744 \uad6c\ud560 \uc218\uc788\ub2e4.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>The IPA Master Server will be configured with:\nHostname:      ipa.example.jp\nIP address:    172.16.10.100\nDomain name:   example.jp\nRealm name:    EXAMPLE.JP\n\nContinue to configure the system with these values? &#91;no]: yes \u21a9\ufe0f<\/code><\/pre>\n\n\n\n<p>\uadf8\ub7ec\uba74 \ub2e4\uc591\ud55c \uc124\uc815\ub418\uc5b4 \ub9c8\uc9c0\ub9c9\uc73c\ub85c Firewall \uc124\uc815\uacfc <a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/IPA&amp;usg=ALkJrhh68N4dr_gqlm3ZJUmTLel6U_nxDg\">IPA<\/a> \uc5d0 \ub85c\uadf8\uc778\uc744 \uad6c\ud560 \uc218\uc788\ub2e4.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Setup complete\n\nNext steps:\n        1. You must make sure these network ports are open:\n                TCP Ports:\n                  * 80, 443: HTTP\/HTTPS\n                  * 389, 636: LDAP\/LDAPS\n                  * 88, 464: kerberos\n                UDP Ports:\n                  * 88, 464: kerberos\n                  * 123: ntp\n\n        2. You can now obtain a kerberos ticket using the command: 'kinit admin'\n           This ticket will allow you to use the IPA tools (e.g., ipa user-add)\n           and the web user interface.\n<\/code><\/pre>\n\n\n\n<p>\uc6b0\uc120 Firewall\uc744 \uc5f0\ub2e4. <a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/dns&amp;usg=ALkJrhjho_4037Zr0462j0s3rWIgVA08gg\">dns<\/a> \uc544\uae4c \ubaa9\ub85d\uc5d0\ub294 \uc5c6\uc5c8\uc9c0\ub9cc, <a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/DNS&amp;usg=ALkJrhgeMbDWA2jiPBtf_LOzEZWszJsZSg\">DNS<\/a> \ub3c4 \uc0ac\uc6a9\ud558\ubbc0\ub85c \uc5f0\ub2e4.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@ipa ~]# firewall-cmd --permanent --zone=public --add-service=http --add-service=https --add-service=ldap --add-service=ldaps --add-service=kerberos --add-service=freeipa-ldap --add-service=dns --add-service=ntp\n&#91;root@ipa ~]# firewall-cmd --reload\n<\/code><\/pre>\n\n\n\n<p>\uc5ec\uae30\uae4c\uc9c0 \uc900\ub2e4\uba74 \/etc\/resolv.conf \uc124\uc815\uc744 \ucde8\uc18c\ud569\ub2c8\ub2e4.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@ipa ~]# vi \/etc\/resolv.conf\nnameserver 192.168.0.2\nnameserver 192.168.0.3\n<\/code><\/pre>\n\n\n\n<p><a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/DNS&amp;usg=ALkJrhgeMbDWA2jiPBtf_LOzEZWszJsZSg\">DNS<\/a> \uc5d0 Forwarders\ub97c \uc124\uc815\ud55c\ub2e4.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@ipa ~]# vi \/etc\/named.conf\noption {\n\t...\n\tforwarders {\n\t\t192.168.0.2;\n\t\t192.168.0.3;\n\t};\n};\n<\/code><\/pre>\n\n\n\n<p>\ubcf4\ud1b5\uc774\ub77c\uba74 \uc5ec\uae30\uc11c named\ub97c \uc7ac\uc2dc\uc791\ud558\ub294\ub370, named\uac00 mask\ub77c\ub294 \uc0c1\ud0dc\uac00\ub418\uc5b4 \uc7ac\ubd80\ud305\uc744 \ud5c8\uc6a9\ud558\uc9c0 \uc54a\uc2b5\ub2c8\ub2e4. \uc2dc\uc2a4\ud15c\ub9c8\ub2e4 \uc7ac\ubd80\ud305 \ud574 \ub454\ub2e4.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@ipa ~]# systemctl reboot<\/code><\/pre>\n\n\n\n<p>\ub2e4\uc74c\uc740 <a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/IPA&amp;usg=ALkJrhh68N4dr_gqlm3ZJUmTLel6U_nxDg\">IPA<\/a> \uc5d0 \ub85c\uadf8\uc778\ud558\uc5ec Kerberos \ud2f0\ucf13\uc744 \uc5bb\uc2b5\ub2c8\ub2e4. \uc774 \uc0c1\ud0dc\uc5d0\uc11c ID \uad00\ub9ac \ud560 \uc218\uc788\uac8c\ub41c\ub2e4.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@ipa ~]# kinit admin\nPassword for admin@EXAMPLE.JP: &#91;IPA admin\u3067\u5165\u308c\u305f\u30d1\u30b9\u30ef\u30fc\u30c9]<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">3.ID \ucd94\uac00<\/h3>\n\n\n\n<p>\uc0ac\uc6a9\uc790\uc758 \ucd94\uac00 \uba85\ub839\ud55c\ub2e4. \ub2e4\uc74c\uc5d0 \uc18c\uac1c\ud558\ub294 Web \ud654\uba74\uc5d0\uc11c \uc218\ub3c4 \uc788\uc9c0\ub9cc, \uc5ec\uae30\uac00 \uac04\ub2e8\ud569\ub2c8\ub2e4. \ub610\ud55c \uad00\ub9ac\uc790\uac00 \uc124\uc815 \ud55c \uc554\ud638\ub294 \uc0ac\uc6a9\uc790\uac00 \ucc98\uc74c \ub85c\uadf8\uc778 \ud560 \ub54c \uac15\uc81c\ub85c \ubcc0\uacbd\uc744 \uc694\uad6c\ud558\ub294 \ubcf4\uc548\ub9cc\uc774 \ub2e4.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@ipa ~]# ipa user-add &#91;\u30e6\u30fc\u30b6ID] --first=&#91;\u540d] --last=&#91;\u59d3] --password=********<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>-------------------\nAdded user \"fhoge\"\n-------------------\n  User login: fhoge\n  First name: fuga\n  Last name: hoge\n  Full name: fuga hoge\n  Display name: fuga hoge\n  Initials: fh\n  Home directory: \/home\/fhoge\n  GECOS field: fuga hoge\n  Login shell: \/bin\/bash\n  Kerberos principal: fhoge@EXAMPLE.JP\n  Email address: fhoge@example.jp\n  UID: 1113400020\n  GID: 1113400020\n  Password: True\n  Kerberos keys available: True<\/code><\/pre>\n\n\n\n<p>\uc5b4\uca50\uc9c0 UID \/ <a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/GID&amp;usg=ALkJrhgp0QX9-9RJ8JhJ780c4LeAMVP4qA\">GID<\/a> \uac00 \uc6d4\ub4f1\ud558\uac8c \ud06c\ub2e4 \ub370\uc694. . . .<\/p>\n\n\n\n<p>\ub610\ud55c \ud638\uc2a4\ud2b8\ub3c4 \ub4f1\ub85d \ud560 \uc218\uc788\ub2e4. \uc774\uac83\uc740 \ud074\ub77c\uc774\uc5b8\ud2b8\uc758 \uc124\uc815\uc744\ud558\uae30 \uc804\uc5d0 \ub300\uc0c1 \ud638\uc2a4\ud2b8\ub97c \ub4f1\ub85d\ud558\ub294 \uac83\uc774.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@ipa ~]# ipa dnsrecord-add &#91;domain\u540d] &#91;host\u540d] --a-rec &#91;IP\u30a2\u30c9\u30ec\u30b9]\nRecord name: dev1\nA record: 172.16.10.41<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">4. \ud074\ub77c\uc774\uc5b8\ud2b8 \uc124\uce58<\/h3>\n\n\n\n<p>\ud074\ub77c\uc774\uc5b8\ud2b8\ub294 \uae30\uc874 \uc11c\ubc84\ub97c \ub9c8\uc774\uadf8\ub808\uc774\uc158\ud558\ub294\ub370 \uba3c\uc800 <a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/DNS&amp;usg=ALkJrhgeMbDWA2jiPBtf_LOzEZWszJsZSg\">DNS<\/a> \uc758 \ucc38\uc870\ub97c <a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/IPA&amp;usg=ALkJrhh68N4dr_gqlm3ZJUmTLel6U_nxDg\">IPA<\/a> \uc11c\ubc84\ub85c \ubcc0\uacbd\ud55c\ub2e4.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@dev1 ~]# nmcli c modify ens192 ipv4.dns 172.16.10.100\n&#91;root@dev1 ~]# systemctl restart NetworkManager<\/code><\/pre>\n\n\n\n<p>\ud074\ub77c\uc774\uc5b8\ud2b8 \uc18c\ud504\ud2b8\uc6e8\uc5b4\ub97c \ub123\ub294\ub2e4.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@dev1 ~]# yum -y install ipa-client\nDiscovery was successful!\nHostname: dev1.example.jp\nRealm: EXAMPLE.JP\nDNS Domain: example.jp\nIPA Server: ipa.example.jp\nBaseDN: dc=example,dc=jp\n\nContinue to configure the system with these values? &#91;no]: yes \u21a9\ufe0f\nUser authorized to enroll computers: admin \u21a9\ufe0f\nPassword for admin@EXAMPLE.JP: ******** \u21a9\ufe0f\n.....\nClient configuration complete.<\/code><\/pre>\n\n\n\n<p>\ub610\ud55c \ub85c\uceec \uc0ac\uc6a9\uc790\ub97c \ub9cc\ub4dc\ub294 \uacbd\uc6b0\uc640 \ub2ec\ub9ac \ud648 <a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/%25A5%25C7%25A5%25A3%25A5%25EC%25A5%25AF%25A5%25C8&amp;usg=ALkJrhi7G2Ew2c9jwe6cODEQ4ME519fVjQ\">\ub514\ub809\ud1a0\ub9ac<\/a> \ub9ac\ub294 \uc790\ub3d9\uc73c\ub85c \uc0dd\uc131\ub418\uc9c0 \uc54a\uae30 \ub54c\ubb38\uc5d0 \uc124\uc815\uc744 \ud574 \ub454\ub2e4.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@dev1 ~]# authconfig --enablemkhomedir --update<\/code><\/pre>\n\n\n\n<p>\uc5ec\uae30\uc5d0\uc11c\uc774 \uadc0\ucc2e\uc740 \uac83\uc774\uc9c0\ub9cc, UID \ubc0f <a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/GID&amp;usg=ALkJrhgp0QX9-9RJ8JhJ780c4LeAMVP4qA\">GID<\/a> \uac00 \ubc14\ub00c\uc5b4 \ubc84\ub9ac\uae30 \ub54c\ubb38\uc5d0 \uae30\uc874\uc758 \ud648 <a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/%25A5%25C7%25A5%25A3%25A5%25EC%25A5%25AF%25A5%25C8&amp;usg=ALkJrhi7G2Ew2c9jwe6cODEQ4ME519fVjQ\">\ub514\ub809\ud1a0\ub9ac<\/a> \ub9ac\uc758 \uc18c\uc720\uc790\uac00 \ubc14\ub00c\uc5b4 \ubc84\ub9b0\ub2e4. \uadf8\ub798\uc11c \ubbf8\ub9ac chown \uba85\ub839\uc73c\ub85c \ud648 <a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/%25A5%25C7%25A5%25A3%25A5%25EC%25A5%25AF%25A5%25C8&amp;usg=ALkJrhi7G2Ew2c9jwe6cODEQ4ME519fVjQ\">\ub514\ub809\ud1a0\ub9ac<\/a> \ub9ac\uc758 \uc18c\uc720\uc790\ub97c \uc804\uc6d0 \ubd84 \ubc14\uafd4 \ub458 \ud544\uc694\uac00\uc788\ub2e4. \uadf8\uac83\uc774 \uc2eb\uc740 \uacbd\uc6b0 Web \ud654\uba74\uc5d0\uc11c UID \ubc0f <a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/GID&amp;usg=ALkJrhgp0QX9-9RJ8JhJ780c4LeAMVP4qA\">GID<\/a> \ub97c \uc885\ub798\uc640 \uac19\uc740 \uac83\uc73c\ub85c \ubc14\uafb8\uc5b4 \ub193\ub294\ub2e4.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@dev1 ~]# chown -R fhoge:fhoge fhoge<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">5. Web \ud654\uba74<\/h3>\n\n\n\n<p><a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/IPA&amp;usg=ALkJrhh68N4dr_gqlm3ZJUmTLel6U_nxDg\">IPA<\/a> \uc758 <a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/IP%25A5%25A2%25A5%25C9%25A5%25EC%25A5%25B9&amp;usg=ALkJrhgQmjY2jg7BV-CaB_pgcMwsenRfYQ\">IP \uc8fc\uc18c<\/a> \uc5d0 <a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/https&amp;usg=ALkJrhj5z-8JbeYFsCOl7rZGhhFLKqYUiA\">https<\/a> \ub85c \uc811\uc18d\ud558\uba74 Web \uad00\ub9ac \ud654\uba74\uc774 \ud45c\uc2dc\ub429\ub2c8\ub2e4. sudo \ub4f1 \uc138\uc138\ud55c \uc124\uc815\uc740 \uc5ec\uae30\uc5d0\uc11c\ud558\ub294 \uac83\uc774 \ud3b8\ud560 \uac83\uc774\ub2e4 (\ud6c4\ub7b5).<\/p>\n\n\n\n<p>\uc911\uc559 \uad00\ub9ac\ub77c\uace0\ud558\uba74 \uc18c\ub9ac\ub294 \uc88b\uc9c0\ub9cc, \uae30\uc874\uc758 \ud658\uacbd\uc5d0\uc11c \ub9c8\uc774\uadf8\ub808\uc774\uc158 \ud560 \ub54c \ud074\ub77c\uc774\uc5b8\ud2b8 \uce21\uc758 \uc124\uc815 \uc2dc\uac04\uc774 \uc5b4\uc9c0\ub7fd\uac8c \ub290\uaf08\ub2e4. \uc774\ud6c4 \ud074\ub77c\uc774\uc5b8\ud2b8\uc758 \uad6c\ucd95\uc740 \uad6c\uc131 \uad00\ub9ac \ub3c4\uad6c \ub4f1\uc73c\ub85c \ubbf8\ub9ac <a href=\"https:\/\/translate.googleusercontent.com\/translate_c?depth=1&amp;pto=aue&amp;rurl=translate.google.com&amp;sl=auto&amp;sp=nmt4&amp;tl=ko&amp;u=http:\/\/d.hatena.ne.jp\/keyword\/IdM&amp;usg=ALkJrhg118_MvJQpUBZsZIv05ZiTNvdQOQ\">IdM<\/a> \uc5d0 \ub300\uc751\uc2dc\ucf1c \ub450\ub294 \uac83\uc774 \uc88b\uc744 \uac83\uc774\ub2e4.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Red Hat Enterprise Linux 7 \ub9b4\ub9ac\uc988 \ub178\ud2b8\ub97c \ubcf4\uba74 \uc778\uc99d \uad00\ub828 \ud328\ud0a4\uc9c0\ub4e4\uc774 \ub300\uccb4 \ub418\uc5c8\uace0, OpenLDAP \uc740 IdM \uc744 \uc0ac\uc6a9\ud558\ub77c\uace0 \ub418\uc5b4 \uc788\ub2e4(IdM \uc740 FreeIPA, 389-DS \uae30\ubc18 \ud328\ud0a4\uc9c0\uc784). \ucc38\uace0\ub85c FreeIPA \uad00\ub828 \ud328\ud0a4\uc9c0\ub294 RedHat(Fedora, RHEL, CentOS), Debian \uacc4\uc5f4\ub9cc \uc0ac\uc6a9 \uac00\ub2a5\ud558\ub2e4. ~300 \uc5ec\uac1c \uac1c\ubcc4 \ud328\ud0a4\uc9c0\ub97c \ud1b5\ud569 \uad00\ub9ac\ud574\uc57c \ud558\ub294\ub370 \uc601\uc138\ud55c \ub9ac\ub205\uc2a4 \ubc30\ud3ec\ud310\uc740 \uc804\ub2f4 \uad00\ub9ac \ud300\uc774 \uc5c6\uc5b4\uc11c(How to set up a FreeIPA [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[86],"class_list":["post-11131","post","type-post","status-publish","format-standard","hentry","tag-gnu-linux"],"_links":{"self":[{"href":"https:\/\/mini.jellypo.pe.kr\/wp\/index.php?rest_route=\/wp\/v2\/posts\/11131","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mini.jellypo.pe.kr\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mini.jellypo.pe.kr\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mini.jellypo.pe.kr\/wp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mini.jellypo.pe.kr\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11131"}],"version-history":[{"count":7,"href":"https:\/\/mini.jellypo.pe.kr\/wp\/index.php?rest_route=\/wp\/v2\/posts\/11131\/revisions"}],"predecessor-version":[{"id":11348,"href":"https:\/\/mini.jellypo.pe.kr\/wp\/index.php?rest_route=\/wp\/v2\/posts\/11131\/revisions\/11348"}],"wp:attachment":[{"href":"https:\/\/mini.jellypo.pe.kr\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11131"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mini.jellypo.pe.kr\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11131"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mini.jellypo.pe.kr\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11131"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}