How To Install FreeIPA on CentOS 7

Install FreeIPA on CentOS 7

In this tutorial, we will show you how to install FreeIPA on CentOS 7 server. For those of you who didn’t know, FreeIPA is an open-source identity management system for Linux/Unix environments that provides centralized account management and authentication, like Microsoft Active Directory or LDAP.

FreeIPA has many components, including Kerberos, NTP, DNS, and Dogtag (a certificate system) in order to provide security on your CentOS 7 server. The full FreeIPA package essentially provides Linux systems with the abilities for centralized authentication, authorization, and account information by storing data about users, groups, hosts, and all the other objects that are needed to manage security for networks.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step install FreeIPA open source identity management system on CentOS 7 server.

Install FreeIPA on CentOS 7

Step 1. First, let’s start by ensuring your system is up-to-date.

yum clean all
yum -y update

Step 2. Installing FreeIPA.

The first thing that we are going to do is to prepare the CentOS 7 server to run FreeIPA. In order to do this, we are going to set the IP address on the system, In our case, the host IP is 192.168.1.2/24:

hostnamectl set-hostname ipa.idroot.us
echo "192.168.1.2 ipa.idroot.local ipa" >> /etc/hosts

Next, Install the package dependencies required for our setup with the following commands if they are not already installed:

yum install bind-dyndb-ldap ipa-server-dns sssd-client sssd-common sssd-common-pac sssd-ldap sssd-proxy python-sssdconfig authconfig authconfig-gtk

Then, install FreeIPA using the following command:

yum install ipa-server -y

Step 3. Configuring FreeIPA.

The setup process for FreeIPA can take a long time to complete depending on the server specifications. Begin the setup process with the following command:

ipa-server-install --setup-dns

Here is how this configuration will look by running the previous command:

[root@idroot.us ~]# ipa-server-install --setup-dns

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will set up the IPA Server.

This includes:
* Configure a stand-alone CA (dogtag) for certificate management
* Configure the Network Time Daemon (ntpd)
* Create and configure an instance of Directory Server
* Create and configure a Kerberos Key Distribution Center (KDC)
* Configure Apache (httpd)
* Configure DNS (bind)

To accept the default shown in brackets, press the Enter key.

Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: master.example.com.


Server host name [ipa.idroot.local]: [ENTER]

Warning: skipping DNS resolution of host ipa.idroot.local
The domain name has been determined based on the host name.

Please confirm the domain name [idroot.local]:[ENTER]
The kerberos protocol requires a Realm name to be defined.
This is typically the domain name converted to uppercase.

Please provide a realm name [IDROOT.LOCAL]: [ENTER]
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and has full access
to the Directory for system management tasks and will be added to the
instance of directory server created for IPA.
The password must be at least 8 characters long.

Directory Manager password: [ENTER PASSWORD]
Password (confirm): [ENTER PASSWORD]

 . . . . .

After the FreeIPA installation, authenticate to the Kerberos realm to ensure that the administrator is configured correctly:

kinit admin

Next, we are going to use authconfig to guarantee that the user directories are created and enable sssd:

authconfig --enablemkhomedir --update
chkconfig sssd on

Step 4. Configure firewall for FreeIPA.

These commands are used to allow FreeIPA services in the case the security daemon Firewalld is running on your system:

firewall-cmd --permanent --add-service={ntp,http,https,ldap,ldaps,kerberos,kpasswd,dns}
firewall-cmd --reload

Step 5. Accessing FreeIPA.

FreeIPA will be available on HTTP port 80 by default. Open your favorite browser and navigate to https://ipa.idroot.local/ and complete the required steps to finish the installation.

Congratulations! You have successfully installed FreeIPA. Thanks for using this tutorial for installing FreeIPA open source identity management on CentOS 7 systems. For additional help or useful information, we recommend you to check the official FreeIPA website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!