305.2 FreeIPA Entity Management (weight: 4)

Tech Tutorial: 305.2 FreeIPA Entity Management (weight: 4) #

Introduction #

FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments. A FreeIPA server provides centralized authentication, authorization, and account information by storing data about user, groups, hosts, and other objects necessary to manage the security aspects of a network of computers. In this tutorial, we will focus on how to manage users, hosts, and services in a FreeIPA domain, covering the essential commands and procedures.

Key Knowledge Areas: #

  • User management
  • Host management
  • Service management
  • Use of FreeIPA command-line utilities

Utilities: #

  • ipa user-*
  • ipa host-*
  • ipa service-*

Step-by-Step Guide #

1. Managing Users #

FreeIPA provides a robust set of command-line utilities to manage users within the domain. Here are common tasks you might need to perform:

Adding a New User #

ipa user-add jdoe --first=John --last=Doe --email=jdoe@example.com --password

This command adds a new user with a username jdoe. It prompts you to enter a password for the user.

Modifying a User #

ipa user-mod jdoe --shell=/bin/bash

This modifies the user jdoe to change their login shell to /bin/bash.

Finding Users #

ipa user-find --last=Doe

This searches for users with the last name “Doe”.

Deleting a User #

ipa user-del jdoe

This command deletes the user jdoe from the FreeIPA database.

2. Managing Hosts #

Managing hosts involves adding, modifying, and deleting host entries in the FreeIPA domain.

Adding a New Host #

ipa host-add server01.example.com --ip-address=192.168.1.100 --password

This adds a new host server01.example.com with the specified IP address.

Modifying a Host #

ipa host-mod server01.example.com --description="New server"

This command updates the description of the host server01.example.com.

Finding Hosts #

ipa host-find --ip-address=192.168.1.100

Searches for hosts with the specific IP address.

Deleting a Host #

ipa host-del server01.example.com

Deletes the host server01.example.com.

3. Managing Services #

Services in FreeIPA are often used in the context of service principals for Kerberos.

Adding a Service #

ipa service-add HTTP/server01.example.com

This command creates a new service principal for HTTP on server01.example.com.

Modifying a Service #

ipa service-mod HTTP/server01.example.com --addattr=description="Web service"

Modifies the service principal to add a description.

Finding Services #

ipa service-find HTTP

Finds all services with the “HTTP” in their name.

Deleting a Service #

ipa service-del HTTP/server01.example.com

Deletes the specified service principal.

Conclusion #

This tutorial covered the basic operations for managing users, hosts, and services in a FreeIPA domain using various ipa command-line utilities. Mastering these commands is crucial for effective administration of FreeIPA in enterprise environments. Regular practice and usage will help in solidifying your understanding and efficiency in managing FreeIPA entities.