Alexander Bokovoy abbra
abbra
/ gist:5d461964f3e2f06fc9152d877717a5d5
Created
September 8, 2023 11:43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Using Ansible SSH transport with GSSAPI in FreeIPA. | |
| ``` | |
| [root@master ~]# cat my-hosts | |
| [mymachines] | |
| master.ipa.test | |
| [root@master ~]# id ansible | |
| id: ‘ansible’: no such user | |
| [root@master ~]# kinit admin | |
| Password for admin@IPA.TEST: |
abbra
/ set-dns-resolvers.yml
Created
December 9, 2019 19:49
A task to configure DNS resolvers to look at IPA master before deploying replicas and clients
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - name: "Set DNS to IPA master" | |
| hosts: | |
| - ipareplicas | |
| - ipaclients | |
| tasks: | |
| - name: determine resolvers | |
| set_fact: | |
| resolvers: "{{ resolvers|default([]) + [hostvars[item].ansible_default_ipv4.address] }}" | |
| with_items: "{{ groups.ipaserver }}" | |
| - debug: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from ipaserver.install import replication | |
| def check_ids_in_modified_range(ldap, old_base, old_size, new_base, new_size): | |
| from ipalib import errors | |
| if new_base is None and new_size is None: | |
| # nothing to check | |
| return (0, []) | |
| if new_base is None: | |
| new_base = old_base |
abbra
/ FreeRadius + FreeIPA
Last active
June 6, 2024 10:00
— forked from tiran/FreeRadius + FreeIPA
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Assuming that HOSTNAME is enrolled to IPA realm already, | |
| # run the following on HOSTNAME where RADIUS server will be deployed | |
| # In FreeIPA 4.6+ host principal has permissions to create own services | |
| kinit -k | |
| ipa service-add 'radius/HOSTNAME' | |
| # create keytab for radius user | |
| ipa-getkeytab -p 'radius/HOSTNAME' -k /etc/raddb/radius.keytab | |
| chown root:radiusd /etc/raddb/radius.keytab | |
| chmod 640 /etc/raddb/radius.keytab |