====== Instalação da réplica ======
===== Instalação do pacotes necessários =====
<code bash>
dnf module list idm
dnf module info idm:DL1
dnf module enable idm:DL1
dnf distro-sync
dnf install ipa-server ipa-server-dns
</code>

===== Configuração de rede =====

<code bash>
nmcli con mod ens192 ipv6.method manual ipv6.addresses 2804:694:3000:8000::3/64 ipv6.gateway 2804:694:3000:8000::
nmcli con mod ens192 ipv6.dns "2804:694:4c00:4001::6"
nmcli connection down ens192 ; nmcli c up ens192

hostnamectl set-hostname sp-spo-ipa.juntotelecom.com.br
echo "2804:694:3000:8000::3 pa-mba-ipa.juntotelecom.com.br pa-mba-ipa" | tee -a /etc/hosts
</code>

===== Ingressando o cliente ao FreeIPA principal =====
<code bash>
[root@pa-mba-ipa ~]# ipa-client-install --mkhomedir
This program will set up IPA client.
Version 4.8.7

Discovery was successful!
Do you want to configure chrony with NTP server or pool address? [no]:
Client hostname: pa-mba-ipa.juntotelecom.com.br
Realm: JUNTOTELECOM.COM.BR
DNS Domain: juntotelecom.com.br
IPA Server: sp-spo-ipa.juntotelecom.com.br
BaseDN: dc=juntotelecom,dc=com,dc=br

Continue to configure the system with these values? [no]: yes
Synchronizing time
No SRV records of NTP servers found and no NTP server or pool address was provided.
Using default chrony configuration.
Attempting to sync time with chronyc.
Process chronyc waitsync failed to sync time!
Unable to sync time with chrony server, assuming the time is in sync. Please check that 123 UDP port is opened, and any time server is on network.
User authorized to enroll computers: admin
Password for admin@JUNTOTELECOM.COM.BR:
Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=JUNTOTELECOM.COM.BR
    Issuer:      CN=Certificate Authority,O=JUNTOTELECOM.COM.BR
    Valid From:  2020-12-17 13:29:31
    Valid Until: 2040-12-17 13:29:31

Enrolled in IPA realm JUNTOTELECOM.COM.BR
Created /etc/ipa/default.conf
Configured sudoers in /etc/authselect/user-nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm JUNTOTELECOM.COM.BR
Systemwide CA database updated.
Hostname (pa-mba-ipa.juntotelecom.com.br) does not have A/AAAA record.
Missing reverse record(s) for address(es): 2804:694:3000:8000::3.
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
SSSD enabled
Configured /etc/openldap/ldap.conf
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring juntotelecom.com.br as NIS domain.
Client configuration complete.
The ipa-client-install command was successful
</code>

===== Entrada DNS para a replica =====

==== Servidor principal ====
<code bash>
[root@sp-spo-ipa ~]# ipa dnszone-add 0.0.0.8.0.0.0.3.4.9.6.0.4.0.8.2.ip6.arpa.
  Zone name: 0.0.0.8.0.0.0.3.4.9.6.0.4.0.8.2.ip6.arpa.
  Active zone: TRUE
  Authoritative nameserver: sp-spo-ipa.juntotelecom.com.br.
  Administrator e-mail address: hostmaster
  SOA serial: 1608216892
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  BIND update policy: grant JUNTOTELECOM.COM.BR krb5-subdomain 0.0.0.8.0.0.0.3.4.9.6.0.4.0.8.2.ip6.arpa. PTR;
  Dynamic update: FALSE
  Allow query: any;
  Allow transfer: none;
</code>

<code bash>
[root@sp-spo-ipa ~]# ipa dnsrecord-add 0.0.0.8.0.0.0.3.4.9.6.0.4.0.8.2.ip6.arpa. 3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 --ptr-rec pa-mba-ipa.juntotelecom.com.br.
  Record name: 3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0
  PTR record: pa-mba-ipa.juntotelecom.com.br.
</code>


<code bash>
[root@sp-spo-ipa ~]# ipa dnszone-add 1.0.0.4.0.0.c.4.4.9.6.0.4.0.8.2.ip6.arpa.
  Zone name: 1.0.0.4.0.0.c.4.4.9.6.0.4.0.8.2.ip6.arpa.
  Active zone: TRUE
  Authoritative nameserver: sp-spo-ipa.juntotelecom.com.br.
  Administrator e-mail address: hostmaster
  SOA serial: 1608217160
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  BIND update policy: grant JUNTOTELECOM.COM.BR krb5-subdomain 1.0.0.4.0.0.c.4.4.9.6.0.4.0.8.2.ip6.arpa. PTR;
  Dynamic update: FALSE
  Allow query: any;
  Allow transfer: none;
</code>

<code bash>
[root@sp-spo-ipa ~]# ipa dnsrecord-add 1.0.0.4.0.0.c.4.4.9.6.0.4.0.8.2.ip6.arpa. 6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 --ptr-rec sp-spo-ipa.juntotelecom.com.br.
  Record name: 6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0
  PTR record: sp-spo-ipa.juntotelecom.com.br.
</code>

===== Instalação da réplica =====

<code bash>
[root@pa-mba-ipa ~]# firewall-cmd --permanent --add-service={freeipa-4,dns,ntp}
[root@pa-mba-ipa ~]# firewall-cmd --reload
</code>