Tech Tutorial: 305.1 FreeIPA Installation and Maintenance #
Introduction #
FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments. A FreeIPA server provides centralized authentication, authorization, and account information by storing data about user, groups, hosts, and other objects necessary to manage the security aspects of a network of computers. In this tutorial, we will cover the setup and management of a FreeIPA domain, including replication and client integration.
Key Knowledge Areas: #
- Installation of FreeIPA server
- Configuration of FreeIPA server
- Managing FreeIPA services
- Setting up replication
- Joining clients to the domain
Utilities: #
ipa-server-install
ipa-replica-install
ipa-client-install
ipa
ipa-replica-manage
ipa-csreplica-manage
Step-by-Step Guide #
1. Installation of FreeIPA Server #
To begin with, you need a CentOS or RHEL-based system. Make sure your system is updated and has a proper hostname.
sudo yum update -y
sudo hostnamectl set-hostname ipa.example.com
Install the FreeIPA server package:
sudo yum install ipa-server -y
Now, install the FreeIPA server with an integrated DNS. This step requires some interactive configuration such as specifying the domain name and setting up an administrative password.
sudo ipa-server-install --setup-dns --forwarder=8.8.8.8 --no-forwarders
During the installation, you will be prompted for various settings like domain, realm, DNS forwarder, and the Directory Manager’s password.
2. Managing FreeIPA Services #
After installation, you can manage FreeIPA services using the ipa
command-line utility. Start by checking the status of all services:
ipa service-status
You can start, stop, or restart services using this utility:
ipa service-restart
ipa service-stop
ipa service-start
3. Setting Up Replication #
Setting up replication involves installing a replica of your primary FreeIPA server on another server. First, install the necessary packages on the replica server:
sudo yum install ipa-server -y
Run the replica installation command:
sudo ipa-replica-install --principal admin --admin-password <AdminPassword>
You will need to provide the principal and admin password used in the primary server during the setup.
4. Joining Clients to the Domain #
To join a client to the FreeIPA domain, install the FreeIPA client package:
sudo yum install ipa-client -y
Now, join the client to the domain:
sudo ipa-client-install --principal admin --password <AdminPassword> --mkhomedir
This command requires an administrative principal and password. It also creates home directories for users upon their first login.
Detailed Code Examples #
Let’s go through more detailed usage of the ipa
command.
Adding a User:
ipa user-add jdoe --first=John --last=Doe --password
Adding a Host:
ipa host-add host1.example.com
Modifying a User:
ipa user-mod jdoe --shell=/bin/bash
Finding a User:
ipa user-find jdoe
Deleting a User:
ipa user-del jdoe
Conclusion #
In this tutorial, we have gone through the installation and basic management of a FreeIPA server, including how to set up replication and join clients to the domain. FreeIPA is a powerful tool for managing identities and policies in a networked environment, providing a centralized platform that simplifies user and host management. By following this guide, you should be able to establish a robust identity management system using FreeIPA.