Project Stellar Access

Christopher Ortiz AldanaChristopher Ortiz Aldana
3 min read

Table of contents

Welcome to Project Stellar Access! In this project we will get familiar with how DHCP, DNS, and FreeIPA works. The following configurations will be done on a Rocky Linux 9.4 machine.

  • DHCP server (192.168.1.2)

  • BIND9 server (192.168.1.3)

  • FreeIPA server (192.168.1.4)

Configuring ISC-DHCP

Set Hostname

hostnamectl set-hostname dhcp1.stellar.access

Configure A Static IP

nmcli con add con-name static ifname eth0 type ethernet ipv4.method manual ip4 192.168.1.2/24 
gw4 192.168.1.1 ipv4.dns 192.168.1.3 +ipv4.dns 1.1.1.1

Install Package

dnf install dhcp-server

Configure DHCP

vim /etc/dhcp/dhcpd.conf 

subnet 192.168.1.0 netmask 255.255.255.0 {    
    range 192.168.1.10 192.168.1.254;         
    option subnet-mask 255.255.255.0;         
    option routers 192.168.1.1;              
    option domain-name-servers 192.168.1.3, 1.1.1.1; 
    option domain-search "stellar.access";    
}

Check Configuration

dhcpd configtest

Firewall Configuration

firewall-cmd --add-service dhcp --permanent
firewall-cmd --reload

Enable Service

systemctl enable dhcpd --now

Configuring BIND9

Set Hostname

hostnamectl set-hostname ns1.stellar.access

Configure Static IP

dnf install bind bind-utils 

nmcli con add con-name static ifname eth0 type ethernet ipv4.method manual ip4 192.162.1.3/24 
gw4 192.168.1.1 ipv4.dns 192.168.1.3 +ipv4.dns 1.1.1.1

Install Packages

dnf install bind bind-utils

Configure BIND9

vim /etc/named.conf

listen-on port 53 { 127.0.0.1; 192.168.1.3; };
allow-query { localhost; 192.168.1.0/24; };
allow-recursions { localhost; 192.168.1.0/24; };
forwarders { 1.1.1.1; };
zone "stellar.access" { type master; file "/var/named/stellar.access.dns"; };
zone "1.168.192.in-addr.arpa" { type master; file "/var/named/1.168.192.arpa.dns"; };

Check Configuration

named-checkconf

Configure Forward Zone

vim /var/named/stellar.access.dns 


$TTL 1w
@ IN SOA  ns1.stellar.access. admin.stellar.access. ( 
                    1;     Serial Number
                    1w;    Refresh
                    1d;    Retry
                    28d;   Expire
                    1h;    Minimum TTL
)

@                               IN           NS    ns1.stellar.access.
dhcp1.stellar.access.           IN           A     192.168.1.2
ns1.stellar.access.                IN             A       192.168.1.3
ipa1.stellar.access.            IN              A       192.168.1.4

Check Forward Zone

named-checkzone stellar.access /var/named/stellar.access.dns

Assign Permissions To Forward

chmod 640 stellar.access.dns

chgrp named stellar.access.dns

Configure Reverse Zone

vim /var/named/1.168.192.arpa.dns 


$TTL 1w
@ IN SOA ns1.stellar.access. admin.stellar.access. (
                    1;     Serial Number
                    1w;    Refresh
                    1d;    Retry
                    28d;   Expire
                    1h;    Minimum TTL
)

@            IN    NS    ns1.stellar.access.
2            IN     PTR    dhcp1.stellar.access.
3            IN    PTR    ns1.stellar.access.
4            IN    PTR    ipa1.stellar.access.

Check Reverse Zone

named-checkzone 1.168.192.in-addr.arpa /var/named/1.168.192.arpa.dns

Assign Permission To Reverse Zone

chmod 640 stellar.access.dns

chgrp named 1.168.192.arpa.dns

Firewall Configuration

firewall-cmd --add-service dns --permanent
firewall-cmd --reload

Enable Service

systemctl enable named --now

Test DNS

dig ipa1.stellar.access

Configuring FreeIPA

Set Hostname

hostnamectl set-hostname ipa1.stellar.access

Configure Static IP

nmcli con add con-name static ifname eth0 type ethernet ipv4.method manual ip4 192.162.1.4/24 
gw4 192.168.1.1 ipv4.dns 192.168.1.3 +ipv4.dns 1.1.1.1

Install Package


dnf install ipa-server

Configure IPA

ipa-server-install

Back Up Certificate

Copy Record To the Forward Zone

cat /tmp/ipa.system.records (Copy records to forward zone file)

Firewall Configuration

for i in http https ldap ldaps kerberos kpasswd ntp; do firewall-cmd --permanent
--add-service "$i"; done

firewall-cmd --reload

Kerberos

kinit admin

Creating User

ipa user-add chrisortiz.aldana --first=Christopher --last="Ortiz Aldana" 
--homedir=/home/chrisortiz.aldana --email=chrisortiz.aldana@stellar.access
ipa passwd chrisortiz.aldana

Set Client Hostname

hostnamectl set-hostname pc1.stellar.access

Installing IPA Client Package

dnf install ipa-client

Join Client Machine To Domain

ipa-client-install --mkhomedir
0
Subscribe to my newsletter

Read articles from Christopher Ortiz Aldana directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Open SourceLinuxidentity-managementKerberosbind9dnsredhatdhcpfreeipa

Written by

Christopher Ortiz Aldana
Christopher Ortiz Aldana

Welcome, my name is Christopher Ortiz Aldana, I am a RHCSA certified Data Center Technician who enjoys working withing Linux. On my Hashnode blog, I will be sharing my Linux projects that I've deployed which are written in a way that others can also implement. I will also be sharing Linux tutorials where you can learn and follow along so you can become a Linux pro.