IPA 基本命令
server
查看服务状态
| Bash |
|---|
| # ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: RUNNING
httpd Service: RUNNING
ipa-custodia Service: RUNNING
ntpd Service: RUNNING
pki-tomcatd Service: RUNNING
ipa-otpd Service: RUNNING
ipa-dnskeysyncd Service: RUNNING
ipa: INFO: The ipactl command was successful
# ipactl --help
Usage: ipactl start|stop|restart|status
Options:
-h, --help show this help message and exit
-d, --debug Display debugging information
-f, --force Force IPA to start. Combine options --skip-version-
check and --ignore-service-failures
--ignore-service-failures
If any service start fails, do not rollback the
services, continue with the operation
--skip-version-check skip version check
|
管理员认证
| Bash |
|---|
| root@pts/0 # kinit admin # 认证admin
Password for admin@IPA.VIP: # 输入管理员密码
root@pts/0 # klist # 查看凭据
Ticket cache: KEYRING:persistent:0:krb_ccache_4wTipGN
Default principal: admin@IPA.VIP
Valid starting Expires Service principal
2025-07-15T17:48:42 2025-07-16T17:48:34 krbtgt/IPA.TEST@IPA.TEST
root@pts/0 # kdestroy # 删除当前默认认证,一般退出时删除凭据
|
通过认证后,可以使用ipa 基础命令,可以参考FreeIPA API
| Bash |
|---|
| root@pts/0 # ipa user_find
-------
已匹配2个用户
-------
用户登录名: admin
姓: Administrator
主目录: /home/admin
登录shell: /bin/bash
主体别名: admin@IPA.TEST
UID: 1283600000
GID: 1283600000
禁用账户: False
用户登录名: chaichuan
名: 川
姓: 柴
主目录: /home/chaichuan
登录shell: /bin/sh
主机名: chaichuan@IPA.TEST
主体别名: chaichuan@IPA.TEST
邮件地址: chaichuan@ipa.test
UID: 1283600001
GID: 1283600001
禁用账户: False
--------
返回的条目数 2
--------
root@pts/0 # ipa help commands # 查看所有命令帮助,便于撰写脚本
|