Configure Kerberos authentication based on FreeIPA via ADCM

Overview

To kerberize a cluster using FreeIPA, follow the steps below:

  1. In ADCM web UI, go to the Clusters page. Select an installed and prepared ADPS cluster, and run the Manage Kerberos action.

    Running Manage Kerberos
    Manage Kerberos
  2. In the pop-up window, turn on the Existing FreeIPA option.

    Kerberos activation options
    Choose the relevant option
  3. Fill in the FreeIPA Kerberos parameters.

    FreeIPA parameters
    FreeIPA Kerberos fields
  4. Click Run, wait for the job to complete and proceed to setting up Kerberos in the cluster.

    Activating Kerberos with FreeIPA
    Run the action

FreeIPA Kerberos parameters

The following parameters are required to kerberize your ADPS cluster with FreeIPA. You can get values for these by running ipa user-find <ipa_admin> on your FreeIPA server, where <ipa_admin> is your IPA Admin user.

Parameter Description

Authentication on WEB UIs

Enables Kerberos authentication on Web UIs

KDC hosts

One or more KDC hosts with running FreeIPA server(s). Only FQDN is acceptable

Realm

A Kerberos realm to connect to the FreeIPA server

Domains

One or more domains associated with FreeIPA

Kadmin server

A host where kadmin is running. Only FQDN is acceptable

Kadmin principal

A principal name used to connect via kadmin, for example admin@RU-CENTRAL1.INTERNAL

Kadmin password

An IPA Admin password

Keytabs directory

Directory of the keytab file that contains one or several principals along with their keys

Additional realms

Additional Kerberos realms

IpaClient No NTP Autoconf

Disables the NTP configuration during the IPA client installation

IpaClient No DNS Lookup

Disables the DNS lookup for FreeIPA server during the IPA client installation

Found a mistake? Seleсt text and press Ctrl+Enter to report it