Introduction to FreeIPA
FreeIPA is used for authentication at Freeside, FreeIPA provides an all in one system that implementing the LDAP protocol along with Kerberos and CA services. It is advised to familiarise yourself with LDAP and Kerberos before using FreeIPA.
The FreeIPA documentation can also be very useful.
URL for FreeIPA: ipa.freeside.co.uk (22.214.171.124)
Installing a FreeIPA server
Instead of including infomation which will go out of date on the Wiki I shall link to a guide on http://server-world.info Their guides are straight to the point and regulary updated for new Distro updates.
Fedora 27 : FreeIPA : Server World - This is the guide I followed to setup FreeIPA
Installing a FreeIPA Client
First make sure the Client has a FQDN example
fs-importantserver-01.freeside.co.uk localhost in your /etc/host, a corresponding enty should be made on the DNS server hosted on
ipa.freeside.co.uk by editing the
You should also check that the DNS is set on the Client to use the server
126.96.36.199 without this FreeIPA won’t automatically be able to retrieve infomation from kerbros and you will have problems connecting to kerbros down the line.
Setting the DNS requires you to run the following series of commands:
# nmcli con mod <connection> ipv4.dns "188.8.131.52"
# nmcli con down <connection>
# nmcli con up <connection>
<connection> can be found by running
# nmcli con.
Installing a client is a simple as typing the command:
ipa-client-install --server=ipa.freeside.co.uk --domain=freeside.co.uk --fixed-primary --hostname=fs-desktop-04.freeside.co.uk
You’ll now the asked a series of questions. Here are the answers you should use:
Proceed with fixed values and no DNS discovery? [no]: yes Do you want to configure chrony with NTP server or pool address? [no]: yes Enter NTP source server addresses separated by comma, or press Enter to skip: Enter a NTP source pool address, or press Enter to skip: europe.pool.ntp.org Client hostname: fs-desktop-04.freeside.co.uk Realm: FREESIDE.CO.UK DNS Domain: freeside.co.uk IPA Server: ipa.freeside.co.uk BaseDN: dc=freeside,dc=co,dc=uk NTP pool: europe.pool.ntp.org Continue to configure the system with these values? [no]: yes
After this, you’ll be asked to answer a username and password. This should be the username and password of an admin on the FreeIPA server.
Next, add to setup home directory mounting:
sudo ipa-client-automount --location=default --server=ipa.freeside.co.uk
We don’t use server autodiscovery, so you do need to specify the
--server there explicitly. On other networks here you do have FreeIPA server autodiscovery setup, you don’t need to specify the server automatically if you’ve got the DNS server correctly configured.
Configuring a service to use LDAP Authentication:
The ldap Base shoould be
dc=freeside,dc=co,dc=uk on it’s own would work but the application may use the the compat tree which would result in the application not being able to retrieve user infomation such as emails.
The bind DN is
this is a system account which does not have write privilidges. DO NOT USE A BIND WITH WRITE PERMISSION
- Guide how to use the FreeIPA interface