How To Install FreeIPA on CentOS 8

Install FreeIPA on CentOS 8

In this tutorial, we will show you how to install FreeIPA on CentOS 8. For those of you who didn’t know, FreeIPA is an open-source identity management system for Linux/Unix environments that provides centralized account management and authentication, like Microsoft Active Directory or LDAP.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step by step installation of FreeIPA on CentOS 8.

Install FreeIPA on CentOS 8

Step 1. First, let’s start by ensuring your system is up-to-date.

sudo dnf install epel-release
sudo dnf update

Step 2. Installing FreeIPA on CentOS 8.

Now we setup Hostname, you can set up it with the following command:

hostnamectl set-hostname freeipa.idroot.us
echo "192.168.77.1 freeipa.idroot.local ipa" >> /etc/hosts

FreeIPA packages are provided by the Identity Management system module of CentOS 8 AppStream repos. Therefore, you need to enable the idm:DL1 stream by running the command:

sudo dnf module enable idm:DL1

Next, sync the repository with the following command:

sudo dnf distro-sync

Finally, install FreeIPA on CentOS 8 system using the following command:

sudo dnf install ipa-server ipa-server-dns

Step 3. Configure FreeIPA.

You will need to set up the FreeIPA server. we can set up it with the following command:

ipa-server-install --setup-dns

Here is how this configuration will look by running the previous command:

[root@idroot.us ~]# ipa-server-install --setup-dns

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will set up the IPA Server.

This includes:
* Configure a stand-alone CA (dogtag) for certificate management
* Configure the Network Time Daemon (ntpd)
* Create and configure an instance of Directory Server
* Create and configure a Kerberos Key Distribution Center (KDC)
* Configure Apache (httpd)
* Configure DNS (bind)

To accept the default shown in brackets, press the Enter key.

Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: master.example.com.


Server host name [freeipa.idroot.us]: [ENTER]

Warning: skipping DNS resolution of host freeipa.idroot.local
The domain name has been determined based on the host name.

Please confirm the domain name [idroot.us]:[ENTER]
The kerberos protocol requires a Realm name to be defined.
This is typically the domain name converted to uppercase.

Please provide a realm name [IDROOT.US]: [ENTER]
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and has full access
to the Directory for system management tasks and will be added to the
instance of directory server created for IPA.
The password must be at least 8 characters long.

Directory Manager password: [ENTER PASSWORD]
Password (confirm): [ENTER PASSWORD]

 . . . . .

After the FreeIPA installation, authenticate to the Kerberos realm to ensure that the administrator is configured correctly:

kinit admin

You can as well list Kerberos tickets using the klist command:

klist

Step 4. Configure Firewall.

You will need to allow some ports used by FreeIPA. You can allow them with the following command:

sudo firewall-cmd --add-service={http,https,dns,ntp,freeipa-ldap,freeipa-ldaps} --permanent
sudo firewall-cmd --reload

Next, you will also need to disable the SELinux in your system:

sudo setenforce 0
sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config

Step 5. Accessing the FreeIPA Web interface.

FreeIPA will be available on HTTP port 80 by default. Open your favorite browser and navigate to https://freeipa.idroot.us/ and complete the required steps to finish the installation. Ignore the private SSL warning and proceed to the FreeIPA server login page. Use the username, admin, and the admin password provided during the installation setup.

Install FreeIPA on CentOS 8

Congratulations! You have successfully installed FreeIPA. Thanks for using this tutorial to install the FreeIPA on CentOS 8 system. For additional help or useful information, we recommend you to check the official FreeIPA website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!