Install Free Ipa
Installing FreeIPA is simple on a Linux system. However, there are a few things needed. This installation is being performed on a fully updated CentOS 7.0 system. An entry in the /etc/hosts matching the server ip and hostname is useful. FreeIPA Server Installation. Now that the container is running we need to configure the actual server. Here is how I responded to the installation prompts: Do you want to configure integrated DNS (BIND)?: no Enter the fully qualified domain name of the computer on which you're setting up server software.
For more information on Red Hat's FreeIPA, visit freeipa.org
Description:
FreeIPA is an integrated security information management solution combiningLinux (Fedora), 389 Directory Server, MIT Kerberos, NTP, DNS, Dogtag (Certificate System).It consists of a web interface and command-line administration tools, andprovides centralized authentication, authorization and account information by storingdata about user, groups, hosts and other objects necessary to manage computers on the network.
Pre-Requisites:
1. OS:
These instructions can be performed on
- CentOS 6-7
- RHEL 6-7
- Debian Jessie (8) and later.
- Ubuntu 15.04 and later.
2. Set host file entry:
Set host file entry so that the ipa client can resolve itself by its FQDN. This should be the first entry.
Set the host file in /etc/hosts
3. Set the hostname to an FQDN:
Ensure that the hostname is set to a Fully Qualified Domain Name.
There are 2 steps to ensuring that the hostname is set correctly:
The first is editing the /etc/hostname file,
the second is by setting the hostname using hostnamectl.
4. Set up proper DNS resolvers:
Next you will need to ensure that the client is resolving DNS from the IPA server.To do this, either the adapter config can be set to include the DNS address of theIPA server, or by modifying the /etc/resolv.conf file and adding the IPAserver IP as the primary nameserver.
RHEL & CentOS Installations:
In CentOS/RHEL, the network adapter can be found in /etc/sysconfig/network-scripts/ifcfg-enoxxxxxEdit the file, and add the following line, substituting 1.2.3.4 for the IP addressof your IPA server.
Debian & Ubuntu Installations:
In Debian Jessie/Ubuntu > 15.04, the network adapter can be found in /etc/network/interfacesEdit the file, and add the following line, substituting 1.2.3.4 for the IP addressof your IPA server in the eth0 ip block.
Manually Edit resolv.conf:
In order to set the nameserver manually, edit the /etc/resolv.conf file, andadd the proper nameserver line, substituting 1.2.3.4 for the IP addressof your IPA server. Ensure that the nameserver entries defining your IPA serversare the first in the nameserver list.
Install the IPA Client:
Install RHEL / CentOS Client:
1. Install Epel:
2. Install the ipa client:
3. Register the client:
Install Debian / Ubuntu Client:
1. Install the numeezy repository:
The team over at numeezy already maintains a freeipa client for Debian/ubuntu,so instead of rolling our own, we are going to use theirs.
2. Install the ipa client:
3. Create certificate directory:
4. Create an empty certificate directory:
5. Create IPA root directory:
6. Remove Existing Client Configure:
7. Register the client:
8. Enable LDAP folder creation:
9. Setup nsswitch.conf to use IPA:
Edit the /etc/nsswitch.conf file and change the following lines
Reboot:
Reboot the server
Post Requisites:
None