RH362 - ch04s04

Preface A: Introduction

Section A.1: Red Hat Security: Identity Management and Authentication

Section A.2: Orientation to the Classroom Environment

Section A.3: Performing Lab Exercises

Chapter 1: Identity Management in Red Hat Enterprise Linux

Section 1.1: The IdM Ecosystem

Section 1.2: Quiz: The IdM Ecosystem

Section 1.3: The IdM Infrastructure Topology

Section 1.4: Guided Exercise: The IdM Infrastructure Topology

Section 1.5: The IdM Administrative Interfaces

Section 1.6: Guided Exercise: The IdM Administrative Interfaces

Section 1.7: Quiz: Identity Management in Red Hat Enterprise Linux

Section 1.8: Summary

Chapter 2: Identity Management Core Technologies

Section 2.1: The System Security Services Framework

Section 2.2: Guided Exercise: The System Security Services Framework

Section 2.3: The Kerberos Authentication Protocol

Section 2.4: Guided Exercise: The Kerberos Authentication Protocol

Section 2.5: The Public Key Infrastructure

Section 2.6: Guided Exercise: Managing Certificates

Section 2.7: Lab: Working with Identity Management Core Technologies

Section 2.8: Summary

Chapter 3: Installing Identity Management in Red Hat Enterprise Linux

Section 3.1: Installing an Identity Management Server

Section 3.2: Guided Exercise: Installing an Identity Management Server

Section 3.3: Installing an Identity Management Client

Section 3.4: Guided Exercise: Installing an Identity Management Client

Section 3.5: Installing an Identity Management Replica

Section 3.6: Guided Exercise: Installing an Identity Management Replica

Section 3.7: Automating an Identity Management Installation

Section 3.8: Guided Exercise: Automating an Identity Management Installation

Section 3.9: Lab: Installing Identity Management in Red Hat Enterprise Linux

Section 3.10: Summary

Chapter 4: Implementing an Identity Management Topology

Section 4.1: Establishing Replication Agreements

Section 4.2: Guided Exercise: Establishing Replication Agreements

Section 4.3: Managing the Essential IdM Server Roles

SectionSection 4.4: Guided Exercise: Managing the Essential IdM Server Roles

Section 4.5: Lab: Implementing an Identity Management Topology

Section 4.6: Summary

Chapter 5: Managing the CA and DNS Integrated Services

Section 5.1: Managing the Integrated Certificate Authority

Section 5.2: Guided Exercise: Managing the Integrated Certificate Authority

Section 5.3: Managing the Integrated DNS Service

Section 5.4: Guided Exercise: Managing the Integrated DNS Service

Section 5.5: Lab: Managing the CA and DNS Integrated Services

Section 5.6: Summary

Chapter 6: Managing Users and Configuring User Access

Section 6.1: Managing IdM Users and Hosts

Section 6.2: Guided Exercise: Managing IdM Users and Hosts

Section 6.3: Implementing IdM User Access Control

Section 6.4: Guided Exercise: Managing IdM User Access Control

Section 6.5: Managing Kerberos Principals, Policies, and External Authentication

Section 6.6: Guided Exercise: Managing Kerberos Principals, Policies, and External Authentication

Section 6.7: Configuring Network-shared Home Directories

Section 6.8: Guided Exercise: Configuring Network-shared Home Directories

Section 6.9: Lab: Managing Users and Configuring User Access

Section 6.10: Summary

Chapter 7: Configuring Alternative Authentication Services

Section 7.1: Managing Smart Card Authentication

Section 7.2: Guided Exercise: Managing Smart Card Authentication

Section 7.3: Working with Vaults in Identity Management

Section 7.4: Guided Exercise: Working with Vaults in Identity Management

Section 7.5: Implementing Two-factor Authentication

Section 7.6: Guided Exercise: Implementing Two-factor Authentication

Section 7.7: Lab: Configuring Alternative Authentication Services

Section 7.8: Summary

Chapter 8: Integrating Identity Management with Active Directory

Section 8.1: Establishing a Trust Relationship between IdM and AD

Section 8.2: Guided Exercise: Establishing a Trust Relationship between IdM and AD

Section 8.3: Managing AD User Integration with ID Views

Section 8.4: Guided Exercise: Managing AD User Integration with ID Views

Section 8.5: Quiz: Integrating Identity Management with Active Directory

Section 8.6: Summary

Chapter 9: Integrating Identity Management with Red Hat Utilities

Section 9.1: Implementing Single Sign-on

Section 9.2: Guided Exercise: Implementing Single Sign-on

Section 9.3: Integrating IdM with Red Hat Satellite

Section 9.4: Guided Exercise: Integrating IdM with Red Hat Satellite

Section 9.5: Configuring Automation Controller with IdM Authentication

Section 9.6: Guided Exercise: Configuring Automation Controller with IdM Authentication

Section 9.7: Lab: Integrating Identity Management with Red Hat Utilities

Section 9.8: Summary

Chapter 10: Troubleshooting and Disaster Recovery Planning for IdM

Section 10.1: Recovering IdM with Backups and Replication

Section 10.2: Guided Exercise: Recovering IdM with Backups and Replication

Section 10.3: Troubleshooting IdM

Section 10.4: Guided Exercise: Troubleshooting IdM

Section 10.5: Lab: Troubleshooting and Disaster Recovery Planning for IdM

Section 10.6: Summary

Chapter 11: Comprehensive Review

Section 11.1: Comprehensive Review

Section 11.2: Lab: Building a Multiple Server IdM Topology

Section 11.3: Lab: Working with Identity Management

Section 11.4: Lab: Working with Single Sign-on Technology

Bookmark this page

P 1 2 3 4 5 6 7 8 9 10 11

Guided Exercise: Managing the Essential IdM Server Roles

Configure IdM server roles for recommended placement and availability.

Outcomes

Configure IdM server roles for recommended placement and availability.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command prepares your environment and ensures that all required resources are available.

[student@workstation ~]$ lab start topology-serverroles

Instructions

Review the domain configuration and the enabled roles for the idm, replica1, and replica2 machines.

[student@workstation ~]$ ssh idm
[student@idm ~]$ kinit admin
Password for admin@LAB.EXAMPLE.COM: RedHat123^

Review the current domain configuration.

Verify the roles enabled on the servers.

[student@idm ~]$ ipa config-show
...output omitted...
  IPA masters: idm.lab.example.com, replica1.lab.example.com, replica2.lab.example.com
  IPA master capable of PKINIT: idm.lab.example.com, replica1.lab.example.com, replica2.lab.example.com
  IPA CA servers: idm.lab.example.com
  IPA CA renewal master: idm.lab.example.com
  IPA DNS servers: idm.lab.example.com, replica1.lab.example.com, replica2.lab.example.com

List the server roles on the replica1 machine.

[student@idm ~]$ ipa server-show replica1.lab.example.com
  Server name: replica1.lab.example.com
  Managed suffixes: domain
  Min domain level: 1
  Max domain level: 1
  Enabled server roles: DNS server, IPA master

Enable the CA role on the replica1 machine.

Log out of the idm machine. Log in to the replica1 machine and become the root user.

[student@idm ~]$ exit
logout
Connection to idm closed.
[student@workstation ~]$ ssh replica1
[student@replica1 ~]$ sudo -i
[sudo] password for student: student

Install the IdM CA service.

[root@replica1 ~]# ipa-ca-install
Directory Manager (existing master) password: RedHat123^

Run connection check to master
Connection check OK
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
  [1/28]: creating certificate server db
  [2/28]: setting up initial replication
Starting replication, please wait until this has completed.
Update in progress, 5 seconds elapsed
Update succeeded

  [3/28]: creating ACIs for admin
  [4/28]: creating installation admin user
  [5/28]: configuring certificate server instance
...output omitted...
  [28/28]: deploying ACME service
Done configuring certificate server (pki-tomcatd).
Updating DNS system records

Log out of the replica1 machine and log in to idm. Authenticate to IdM as the admin user.

[root@replica1 ~]# exit
logout
[student@replica1 ~]$ exit
Connection to replica1 closed.
[student@workstation ~]$ ssh idm
[student@idm ~]$ kinit admin
Password for admin@LAB.EXAMPLE.COM: RedHat123^

Review the roles that are enabled for the replica1 machine and identify the servers that have the CA server role enabled.

The replica1 machine now has the CA server role enabled.

[student@idm ~]$ ipa server-show replica1.lab.example.com
  Server name: replica1.lab.example.com
  Managed suffixes: domain, ca
  Min domain level: 1
  Max domain level: 1
  Enabled server roles: CA server, DNS server, IPA master
[student@idm ~]$ ipa server-find --servrole "CA server"
---------------------
2 IPA servers matched
---------------------
  Server name: idm.lab.example.com
  Min domain level: 1
  Max domain level: 1

  Server name: replica1.lab.example.com
  Min domain level: 1
  Max domain level: 1
----------------------------
Number of entries returned 2
----------------------------

Review the ca topology segments.

IdM automatically creates the replication agreement between the idm and replica1 machines.

[student@idm ~]$ ipa topologysegment-find ca
-----------------
1 segment matched
-----------------
  Segment name: idm.lab.example.com-to-replica1.lab.example.com
  Left node: idm.lab.example.com
  Right node: replica1.lab.example.com
  Connectivity: both
----------------------------
Number of entries returned 1
----------------------------

Exit the idm machine.

[student@idm ~]$ exit
logout
Connection to idm closed.

Finish

On the workstation machine, change to the student user home directory and use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish topology-serverroles

Discuss Red Hat Security: Identity Management and Authentication

Go to community

Welcome to the Red Hat Security: Identity Management and Active Directory Integration group!

Syed

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Security: Identity Management and Active Directory Integration! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH362.Read more about Red Hat Security: Identity Management and Active Directory Integration here.

215

Revision: rh362-9.1-4c6fdb8