How To Install FreeIPA on CentOS 7

Install FreeIPA on CentOS 7

In this tutorial, we will show you how to install FreeIPA on CentOS 7 server. For those of you who didn’t know, FreeIPA is an open-source identity management system for Linux/Unix environments that provides centralized account management and authentication, like Microsoft Active Directory or LDAP.

FreeIPA has many components, including Kerberos, NTP, DNS, and Dogtag (a certificate system) in order to provide security on your CentOS 7 server. The full FreeIPA package essentially provides Linux systems with the ability for centralized authentication, authorization, and account information by storing data about users, groups, hosts, and all the other objects that are needed to manage security for networks.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step install FreeIPA open source identity management system on CentOS 7 server.


  • A server running one of the following operating systems: CentOS 7.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install FreeIPA on CentOS 7

Step 1. First, let’s start by ensuring your system is up-to-date.

yum clean all
yum -y update

Step 2. Installing FreeIPA.

The first thing that we are going to do is to prepare the CentOS 7 server to run FreeIPA. In order to do this, we are going to set the IP address on the system, In our case, the host IP is

hostnamectl set-hostname ipa.idroot.us
echo " ipa.idroot.local ipa" >> /etc/hosts

Next, Install the package dependencies required for our setup with the following commands if they are not already installed:

yum install bind-dyndb-ldap ipa-server-dns sssd-client sssd-common sssd-common-pac sssd-ldap sssd-proxy python-sssdconfig authconfig authconfig-gtk

Then, install FreeIPA using the following command:

yum install ipa-server -y

Step 3. Configuring FreeIPA.

The setup process for FreeIPA can take a long time to complete depending on the server specifications. Begin the setup process with the following command:

ipa-server-install --setup-dns

Here is how this configuration will look by running the previous command:

[root@idroot.us ~]# ipa-server-install --setup-dns

The log file for this installation can be found in /var/log/ipaserver-install.log
This program will set up the IPA Server.

This includes:
* Configure a stand-alone CA (dogtag) for certificate management
* Configure the Network Time Daemon (ntpd)
* Create and configure an instance of Directory Server
* Create and configure a Kerberos Key Distribution Center (KDC)
* Configure Apache (httpd)
* Configure DNS (bind)

To accept the default shown in brackets, press the Enter key.

Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
Example: master.example.com.

Server host name [ipa.idroot.local]: [ENTER]

Warning: skipping DNS resolution of host ipa.idroot.local
The domain name has been determined based on the host name.

Please confirm the domain name [idroot.local]:[ENTER]
The kerberos protocol requires a Realm name to be defined.
This is typically the domain name converted to uppercase.

Please provide a realm name [IDROOT.LOCAL]: [ENTER]
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and has full access
to the Directory for system management tasks and will be added to the
instance of directory server created for IPA.
The password must be at least 8 characters long.

Directory Manager password: [ENTER PASSWORD]
Password (confirm): [ENTER PASSWORD]

 . . . . .

After the FreeIPA installation, authenticate to the Kerberos realm to ensure that the administrator is configured correctly:

kinit admin

Next, we are going to use authconfig to guarantee that the user directories are created and enable sssd:

authconfig --enablemkhomedir --update
chkconfig sssd on

Step 4. Configure firewall for FreeIPA.

These commands are used to allow FreeIPA services in the case the security daemon Firewalld is running on your system:

firewall-cmd --permanent --add-service={ntp,http,https,ldap,ldaps,kerberos,kpasswd,dns}
firewall-cmd --reload

Step 5. Accessing FreeIPA.

FreeIPA will be available on HTTP port 80 by default. Open your favorite browser and navigate to https://ipa.idroot.local/ and complete the required steps to finish the installation.

Congratulations! You have successfully installed FreeIPA. Thanks for using this tutorial for installing FreeIPA open source identity management on CentOS 7 systems. For additional help or useful information, we recommend you to check the official FreeIPA website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!


r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to idroot.us, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Back to top button