Red Hat System Administration II 8.3 Lab PDF
Red Hat System Administration II 8.3 Lab PDF
NETLAB Academy Edition, NETLAB Professional Edition, and NETLAB+ are registered trademarks of Network Development Group, Inc.
“Red Hat,” Red Hat Linux, and the Red Hat “Shadowman” logo are trademarks or registered trademarks of Red Hat, Inc. in the US
and other countries.
8.3. Lab: Connecting to Network-defined Users and Groups
Contents
Introduction ........................................................................................................................ 3
Objective ............................................................................................................................. 3
Lab Topology ....................................................................................................................... 4
Lab Settings ......................................................................................................................... 5
1 Prepare the System for the Lab .................................................................................. 6
2 Setup Desktop1 as an IPA Client ................................................................................. 7
3 Verify that Desktop1 has been Added to the Domain ................................................ 8
4 Grade the Lab .............................................................................................................. 9
Introduction
In your company's quest for a central user information and authentication system, you
have settled on using an IPA server for central user management. Another department
has already configured an IPA server on the server1 system.
A user has already been configured for you to use for testing. The username is ipauser,
and the password is password. Due to the password policy, this password will need to
be changed on first login. Change this password to redhat123.
Central home directories have not yet been configured, so for now, configure the
system to automatically create a new local home directory when a user first logs in.
This lab provides step-by-step instructions on how to configure the desktop1 system to
become a client of the IPA server running on server1.
Objective
The desktop1 system should use the network users and groups defined by the IPA
server running on server1 for both user information and authentication.
Lab Topology
Lab Settings
The information in the tables below will be needed in order to complete the lab. The
task sections below provide details on the use of this information.
Classroom
classroom.example.com 172.25.254.254 No Access No Access
Utility VM
Name Value
Realm SERVER1.EXAMPLE.COM
Domain server1.example.com
Administrative user admin
Administrative Password redhat123
IPA User ipauser
IPA User Password password
The topology includes two virtual machines that are accessible to users. Take care to
perform the tasks as instructed, including using the appropriate virtual machine and
account as directed.
1. Log into the desktop1 and server1 systems as the student user.
2. Configure the desktop1 system, using ipa-client-install, to use the IPA server
setup for the server1.example.com DNS domain. Home directories should
automatically be created, and NTP should not be configured during this process.
The ipa-client-install command finds the correct Realm, DNS, IPA Server and Base
DomainName settings. After accepting these settings, the admin account is used to add
desktop1 to the IPA server. The desktop1 system accepts server1’s certificate, accepts
SSH keys and finally configures ldap, Kerberos, and sssd automatically. At this point
desktop1 has joined the example.com domain on server1.
1. Verify that the user ipauser can log into desktop1 by using ssh. The initial
password is password, but this should be changed to redhat123.
-sh-4.2$ logout
Feel free to explore the configuration for this lab on server1 and desktop1. It may also
be useful to view things such as ipauser’s home directory, the /etc/passwd file, or the
ssh configuration to gain a better understanding of domain user accounts.