Set minimal install, hostname, ip address dan ignore ipv6 di
setup awal, matikan kdump
konfigurasi awal pada
LDAP1 ip address dns primary 172.16.1.21/24 gw 172.16.1.1
dns 172.16.1.21, 8.8.8.8
LDAP2 ip address dns primary 172.16.1.22/24 gw 172.16.1.1
dns 172.16.1.21, 8.8.8.8
IPA Host server
yum –y update
yum -y install ipa-server ipa-server-dns bind
bind-dyndb-ldap
vi /etc/hosts
172.16.1.21
ldap1.ancol.local ldap1
ipa-server-install --setup-dns --forwarder=8.8.8.8
kinit admin
klist
firewall-cmd --add-service={dns,freeipa-ldap,freeipa-ldaps,freeipa-replication}
--permanent
firewall-cmd –reload
ipa dnsrecord-add ancol.local ldap2 --a-rec 172.16..1.22
Di Replica server
yum –y update
yum -y install ipa-server ipa-server-dns bind
bind-dyndb-ldap
firewall-cmd --add-service={dns,freeipa-ldap,freeipa-ldaps,freeipa-replication}
--permanent
firewall-cmd –reload
ipa-client-install --domain=ancol.local --realm=ANCOL.LOCAL
--server=ldap1.ancol.local
ipa-replica-install
--setup-ca –setup-dns –forwarder=8.8.8.8
Install Freeradius
(both servers)
yum install freeradius-ldap freeradius-utils
vi /etc/raddb/sites-enabled/default
buang - pada -ldap bagian authorize
-ldap
Menjadi
ldap
ln -s /etc/raddb/mods-available/ldap
/etc/raddb/mods-enabled/
vi /etc/raddb/mods-enabled/ldap
server = 'ldap1.ancol.local' (pada radius server 2 server ldap2)
identity =
"cn=Directory Manager"
password = password
base_dn = "cn=users,cn=accounts,dc=ancol,dc=local"
vi /etc/raddb/clients.conf
client sophos {
ipaddr = 192.168.11.1/32
secret = ancol123
}
systemctl enable radiusd
systemctl start radiusd.service
firewall-cmd --add-service=radius --permanent
firewall-cmd --reload