0% found this document useful (0 votes)
102 views9 pages

Red Hat System Administration II 8.3 Lab PDF

Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
102 views9 pages

Red Hat System Administration II 8.3 Lab PDF

Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

RED HAT SYSTEM ADMINISTRATION II

8.3. Lab: Connecting to Network-defined Users


and Groups

Document Version: 2016-01-22

Copyright © 2016 Network Development Group, Inc.


www.netdevgroup.com

NETLAB Academy Edition, NETLAB Professional Edition, and NETLAB+ are registered trademarks of Network Development Group, Inc.

“Red Hat,” Red Hat Linux, and the Red Hat “Shadowman” logo are trademarks or registered trademarks of Red Hat, Inc. in the US
and other countries.
8.3. Lab: Connecting to Network-defined Users and Groups

Contents
Introduction ........................................................................................................................ 3
Objective ............................................................................................................................. 3
Lab Topology ....................................................................................................................... 4
Lab Settings ......................................................................................................................... 5
1 Prepare the System for the Lab .................................................................................. 6
2 Setup Desktop1 as an IPA Client ................................................................................. 7
3 Verify that Desktop1 has been Added to the Domain ................................................ 8
4 Grade the Lab .............................................................................................................. 9

1/22/2016 Copyright © 2016 Network Development Group, Inc. www.netdevgroup.com Page 2


8.3. Lab: Connecting to Network-defined Users and Groups

Introduction

In your company's quest for a central user information and authentication system, you
have settled on using an IPA server for central user management. Another department
has already configured an IPA server on the server1 system.

A user has already been configured for you to use for testing. The username is ipauser,
and the password is password. Due to the password policy, this password will need to
be changed on first login. Change this password to redhat123.

Central home directories have not yet been configured, so for now, configure the
system to automatically create a new local home directory when a user first logs in.

This lab provides step-by-step instructions on how to configure the desktop1 system to
become a client of the IPA server running on server1.

Objective

The desktop1 system should use the network users and groups defined by the IPA
server running on server1 for both user information and authentication.

1/22/2016 Copyright © 2016 Network Development Group, Inc. www.netdevgroup.com Page 3


8.3. Lab: Connecting to Network-defined Users and Groups

Lab Topology

1/22/2016 Copyright © 2016 Network Development Group, Inc. www.netdevgroup.com Page 4


8.3. Lab: Connecting to Network-defined Users and Groups

Lab Settings

The information in the tables below will be needed in order to complete the lab. The
task sections below provide details on the use of this information.

Virtual Machine (VM) IP Address Accounts Password Role

student student Student


desktop1.example.com 172.25.1.10
root redhat Client VM

student student Student


server1.example.com 172.25.1.11
root redhat Server VM

Classroom
classroom.example.com 172.25.254.254 No Access No Access
Utility VM

Name Value
Realm SERVER1.EXAMPLE.COM
Domain server1.example.com
Administrative user admin
Administrative Password redhat123
IPA User ipauser
IPA User Password password

1/22/2016 Copyright © 2016 Network Development Group, Inc. www.netdevgroup.com Page 5


8.3. Lab: Connecting to Network-defined Users and Groups

1 Prepare the System for the Lab

The topology includes two virtual machines that are accessible to users. Take care to
perform the tasks as instructed, including using the appropriate virtual machine and
account as directed.

1. Log into the desktop1 and server1 systems as the student user.

2. Open a terminal session on desktop1 and server1 systems.

3. On the server1 system, run the lab ipaclient setup script.

[student@server1 ~]$ lab ipaclient setup

This step will take approximately 15 minutes to complete.

1/22/2016 Copyright © 2016 Network Development Group, Inc. www.netdevgroup.com Page 6


8.3. Lab: Connecting to Network-defined Users and Groups

2 Setup Desktop1 as an IPA Client

1. Install the ipa-client package on the desktop1 machine.

[student@desktop1 ~]$ sudo yum -y install ipa-client

2. Configure the desktop1 system, using ipa-client-install, to use the IPA server
setup for the server1.example.com DNS domain. Home directories should
automatically be created, and NTP should not be configured during this process.

[student@desktop1 ~]$ sudo ipa-client-install --domain=server1.example.com --


no-ntp –-mkhomedir

The following answers will need to be given:

Continue to configure the system with these values? [no]: yes


User authorized to enroll computers: admin
Password for [email protected]: redhat123

The ipa-client-install command finds the correct Realm, DNS, IPA Server and Base
DomainName settings. After accepting these settings, the admin account is used to add
desktop1 to the IPA server. The desktop1 system accepts server1’s certificate, accepts
SSH keys and finally configures ldap, Kerberos, and sssd automatically. At this point
desktop1 has joined the example.com domain on server1.

1/22/2016 Copyright © 2016 Network Development Group, Inc. www.netdevgroup.com Page 7


8.3. Lab: Connecting to Network-defined Users and Groups

3 Verify that Desktop1 has been Added to the Domain

1. Verify that the user ipauser can log into desktop1 by using ssh. The initial
password is password, but this should be changed to redhat123.

[student@desktop1 ~]$ ssh [email protected]

After using ssh to connect to desktop1.example.com (i.e. localhost) the user is


forced to change their password. After the password is updated to redhat123
the ssh connection will close. Finally, ssh is used to connect again; this time the
user is prompted with /bin/sh.

2. Disconnect from the ssh session by typing logout.

-sh-4.2$ logout

1/22/2016 Copyright © 2016 Network Development Group, Inc. www.netdevgroup.com Page 8


8.3. Lab: Connecting to Network-defined Users and Groups

4 Grade the Lab

1. Run the lab ipaclient grade script

[student@desktop1 ~]$ lab ipaclient grade

Feel free to explore the configuration for this lab on server1 and desktop1. It may also
be useful to view things such as ipauser’s home directory, the /etc/passwd file, or the
ssh configuration to gain a better understanding of domain user accounts.

1/22/2016 Copyright © 2016 Network Development Group, Inc. www.netdevgroup.com Page 9

You might also like