I was going through the article "Implementing FreeIPA in a mixed
Environment (Windows/Linux) - Step by step" published at
https://www.freeipa.org/page/Implementing_FreeIPA_in_a_mixed_Environment_...
I stumbled upon some commands and eventually completed setup referring to another
article.
Over the versions and years, some commands have changed and they need to reflect in the
article.
Below are the changes needed to the article.
> "# ipa-server-install --setup-bind"
"# ipa-server-install --setup-dns"
> "# ipa-finduser admin"
"# ipa user-show admin"
> "# ipa-addservice host/bmdata01.example.com"
Here adding from IPA UI was used.
"ipa host-add --ip-address=192.168.9.120 test-host.example.com"
This may work, but it failed to create reverse dns entry.
> "# ipa-getkeytab -s
ds.example.com -p
host/bmdata01.example.com -e des-cbc-crc
-k krb5.keytab.txt -P"
"# ipa-getkeytab -s
ds.example.com -p
host/bmdata01.example.com -e arcfour-hmac -k
krb5.keytab.txt -P"
The des-cbc-crc had given me error.
> "C:> ksetup /setmachpassword <password> (the same password you have set
in IPA server)"
"ksetup /setcomputerpassword <password> (the same password you have set in IPA
server)"
Wow. This was written 10 years ago for IPA v1.2 (on Fedora 10). I'm glad
it has stood up over time but I don't think we would recommend this
route today. I'd be more inclined to mark the page as deprecated in some
way or to more clearly mark the version it targeted.
rob