Tech Tutorial: 305.2 FreeIPA Entity Management (weight: 4) #
Introduction #
FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments. A FreeIPA server provides centralized authentication, authorization, and account information by storing data about user, groups, hosts, and other objects necessary to manage the security aspects of a network of computers. In this tutorial, we will focus on how to manage users, hosts, and services in a FreeIPA domain, covering the essential commands and procedures.
Key Knowledge Areas: #
- User management
- Host management
- Service management
- Use of FreeIPA command-line utilities
Utilities: #
ipa user-*
ipa host-*
ipa service-*
Step-by-Step Guide #
1. Managing Users #
FreeIPA provides a robust set of command-line utilities to manage users within the domain. Here are common tasks you might need to perform:
Adding a New User #
ipa user-add jdoe --first=John --last=Doe --email=jdoe@example.com --password
This command adds a new user with a username jdoe
. It prompts you to enter a password for the user.
Modifying a User #
ipa user-mod jdoe --shell=/bin/bash
This modifies the user jdoe
to change their login shell to /bin/bash
.
Finding Users #
ipa user-find --last=Doe
This searches for users with the last name “Doe”.
Deleting a User #
ipa user-del jdoe
This command deletes the user jdoe
from the FreeIPA database.
2. Managing Hosts #
Managing hosts involves adding, modifying, and deleting host entries in the FreeIPA domain.
Adding a New Host #
ipa host-add server01.example.com --ip-address=192.168.1.100 --password
This adds a new host server01.example.com
with the specified IP address.
Modifying a Host #
ipa host-mod server01.example.com --description="New server"
This command updates the description of the host server01.example.com
.
Finding Hosts #
ipa host-find --ip-address=192.168.1.100
Searches for hosts with the specific IP address.
Deleting a Host #
ipa host-del server01.example.com
Deletes the host server01.example.com
.
3. Managing Services #
Services in FreeIPA are often used in the context of service principals for Kerberos.
Adding a Service #
ipa service-add HTTP/server01.example.com
This command creates a new service principal for HTTP on server01.example.com
.
Modifying a Service #
ipa service-mod HTTP/server01.example.com --addattr=description="Web service"
Modifies the service principal to add a description.
Finding Services #
ipa service-find HTTP
Finds all services with the “HTTP” in their name.
Deleting a Service #
ipa service-del HTTP/server01.example.com
Deletes the specified service principal.
Conclusion #
This tutorial covered the basic operations for managing users, hosts, and services in a FreeIPA domain using various ipa
command-line utilities. Mastering these commands is crucial for effective administration of FreeIPA in enterprise environments. Regular practice and usage will help in solidifying your understanding and efficiency in managing FreeIPA entities.