Примечание
--keytab, используется только для аутентификации при запуске регистрации. После успешной регистрации FreeIPA создаёт новый keytab для клиента.
# ipa-client-install --keytab /tmp/krb5.keytab -U
This program will set up IPA client.
Version 4.12.4
Discovery was successful!
Client hostname: comp01.example.test
Realm: EXAMPLE.TEST
DNS Domain: example.test
IPA Server: ipa.example.test
BaseDN: dc=example,dc=test
Attempting to sync time with CHRONY
It may take a few seconds
Time successfully synchronized with IPA server
Successfully retrieved CA cert
Subject: CN=Certificate Authority,O=EXAMPLE.TEST
Issuer: CN=Certificate Authority,O=EXAMPLE.TEST
Valid From: 2025-09-15 18:53:49+00:00
Valid Until: 2045-09-15 18:53:49+00:00
Enrolled in IPA realm EXAMPLE.TEST
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Systemwide CA database updated.
Adding SSH public key from /etc/openssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/openssh/ssh_host_ed25519_key.pub
Adding SSH public key from /etc/openssh/ssh_host_rsa_key.pub
Configured passwd in /etc/nsswitch.conf
Configured group in /etc/nsswitch.conf
Configured netgroup in /etc/nsswitch.conf
Configured automount in /etc/nsswitch.conf
Configured services in /etc/nsswitch.conf
Configured sudoers in /etc/nsswitch.conf
SSSD enabled
Configured /etc/openldap/ldap.conf
Principal is not set when enrolling with OTP or PKINIT; using principal 'admin@example.test' for 'getent passwd'.
Configured /etc/openssh/ssh_config
Configured /etc/openssh/sshd_config
Configuring example.test as NIS domain.
Configured /etc/krb5.conf for IPA realm EXAMPLE.TEST
Client configuration complete.
The ipa-client-install command was successful