obel1x.de

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Du befindest dich hier: start » content » serverbasics » docker-freeipa
Zuletzt angesehen: docker-homeassistant docker-freeipa docker-gitea network-fail2ban docker-tvheadend
content:serverbasics:docker-freeipa

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen der Seite angezeigt.

Link zu der Vergleichsansicht

Beide Seiten, vorherige ÜberarbeitungVorherige Überarbeitung
Nächste Überarbeitung		Vorherige Überarbeitung
content:serverbasics:docker-freeipa [2025/12/07 10:46] – [Next Steps] obel1xcontent:serverbasics:docker-freeipa [2026/03/06 16:39] (aktuell) – [Setup Sudoers with FreeIPA/SSSD] obel1x
Zeile 690: Zeile 690:
  
 This is quite a cool feature to have client admin- users managed by putting them in an IPA- group. When Loggin in with SSSD they will get added to the sudoers, making them admin on the given machines. Check this out: [[https://www.howtoforge.de/anleitung/wie-integriere-ich-sudoers-in-den-freeipa-server/|https://www.howtoforge.de/anleitung/wie-integriere-ich-sudoers-in-den-freeipa-server/]] This is quite a cool feature to have client admin- users managed by putting them in an IPA- group. When Loggin in with SSSD they will get added to the sudoers, making them admin on the given machines. Check this out: [[https://www.howtoforge.de/anleitung/wie-integriere-ich-sudoers-in-den-freeipa-server/|https://www.howtoforge.de/anleitung/wie-integriere-ich-sudoers-in-den-freeipa-server/]]
 +
 +==== Additional Groups ====
 +
 +You can also add System- Groups in IPA, that the client may have. E.g. a very nice group to have, would be a group named "wheel". That group enables all users in it to install Software without beeing asked for a password.
 +
 +You can add the clientadmins- group to the wheel- group so all users of the clientadmins group will be in wheel to (check in IPA with the "indirect members" view, if wheel has all users, which clientsadmins has as "direct members" to make it work !).
 +
  
 ===== Next Steps ===== ===== Next Steps =====
Zeile 705: Zeile 712:
 Here are a few special files and users to pay attention to: Here are a few special files and users to pay attention to:
  
-**DNSSEC**: # ls -lZ /etc/dirsrv/ds.keytab\\ +User Dirsrv 
--rw-------. dirsrv dirsrv system_u:object_r:dirsrv_config_t:s0 /etc/dirsrv/ds.keytab+ 
 +<code> 
 +# chgrp named /data/etc/named.conf 
 +# chown named:named /etc/named.keytab 
 +# chown root:named -R -h -L /data/etc/named 
 +# chown named:named -R -h -L /data/var/named 
 + 
 +# chown dirsrv:dirsrv -R -h -L /data/var/lib/dirsrv 
 +# chown dirsrv:dirsrv -R -h -L /data/var/log/dirsrv 
 +# chown dirsrv:dirsrv -R -h -L /data/etc/dirsrv 
 + 
 +# chown root:pkiuser /data/var/lib/ipa/pki-ca/publish -h -L 
 +# chown pkiuser:pkiuser /data/var/lib/ipa/pki-ca/publish/-h -L 
 +# chown pkiuser:pkiuser /data/etc/sysconfig/pki-tomcat -h -L -R 
 +# chown pkiuser:pkiuser /data/etc/sysconfig/pki/tomcat/pki-tomcat -h -L -R 
 +# chown pkiuser:pkiuser /data/etc/pki/pki-tomcat -h -L -R 
 +# chown pkiuser:pkiuser /data/etc/pki/pki-tomcat -h -L -R 
 +# chown pkiuser:pkiuser /data/var/lib/pki/pki-tomcat -h -L -R 
 +# chown pkiuser:pkiuser /data/var/log/pki/pki-tomcat -h -L -R 
 + 
 +# chown root:named -h -L /etc/rndc.key 
 + 
 +# chown root:ipaapi /data/var/lib/ipa/ra-agent.-h -L 
 + 
 +</code> 
 + 
 +so e.g.: 
 + 
 +<code> 
 +# ls -lZ /etc/dirsrv/ds.keytab 
 +-rw——-. dirsrv dirsrv system_u:object_r:dirsrv_config_t:s0 /etc/dirsrv/ds.keytab 
 + 
 +</code>
  
  
content/serverbasics/docker-freeipa.1765100800.txt.gz · Zuletzt geändert: von obel1x
Falls nicht anders bezeichnet, ist der Inhalt dieses Wikis unter der folgenden Lizenz veröffentlicht: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki