How To Install FreeIPA on CentOS 8

Install FreeIPA on CentOS 8

In this tutorial, we will show you how to install FreeIPA on CentOS 8. For those of you who didn’t know, FreeIPA is an open-source identity management system for Linux/Unix environments that provides centralized account management and authentication, like Microsoft Active Directory or LDAP.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of FreeIPA on CentOS 8.


  • A server running one of the following operating systems: CentOS 8.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install FreeIPA on CentOS 8

Step 1. First, let’s start by ensuring your system is up-to-date.

sudo dnf install epel-release
sudo dnf update

Step 2. Installing FreeIPA on CentOS 8.

Now we setup Hostname, you can set up it with the following command:

hostnamectl set-hostname freeipa.idroot.us
echo " freeipa.idroot.local ipa" >> /etc/hosts

FreeIPA packages are provided by the Identity Management system module of CentOS 8 AppStream repos. Therefore, you need to enable the idm:DL1 stream by running the command:

sudo dnf module enable idm:DL1

Next, sync the repository with the following command:

sudo dnf distro-sync

Finally, install FreeIPA on CentOS 8 system using the following command:

sudo dnf install ipa-server ipa-server-dns

Step 3. Configure FreeIPA.

You will need to set up the FreeIPA server. we can set up it with the following command:

ipa-server-install --setup-dns

Here is how this configuration will look by running the previous command:

[root@idroot.us ~]# ipa-server-install --setup-dns

The log file for this installation can be found in /var/log/ipaserver-install.log
This program will set up the IPA Server.

This includes:
* Configure a stand-alone CA (dogtag) for certificate management
* Configure the Network Time Daemon (ntpd)
* Create and configure an instance of Directory Server
* Create and configure a Kerberos Key Distribution Center (KDC)
* Configure Apache (httpd)
* Configure DNS (bind)

To accept the default shown in brackets, press the Enter key.

Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
Example: master.example.com.

Server host name [freeipa.idroot.us]: [ENTER]

Warning: skipping DNS resolution of host freeipa.idroot.local
The domain name has been determined based on the host name.

Please confirm the domain name [idroot.us]:[ENTER]
The kerberos protocol requires a Realm name to be defined.
This is typically the domain name converted to uppercase.

Please provide a realm name [IDROOT.US]: [ENTER]
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and has full access
to the Directory for system management tasks and will be added to the
instance of directory server created for IPA.
The password must be at least 8 characters long.

Directory Manager password: [ENTER PASSWORD]
Password (confirm): [ENTER PASSWORD]

 . . . . .

After the FreeIPA installation, authenticate to the Kerberos realm to ensure that the administrator is configured correctly:

kinit admin

You can as well list Kerberos tickets using the klist command:


Step 4. Configure Firewall.

You will need to allow some ports used by FreeIPA. You can allow them with the following command:

sudo firewall-cmd --add-service={http,https,dns,ntp,freeipa-ldap,freeipa-ldaps} --permanent
sudo firewall-cmd --reload

Next, you will also need to disable the SELinux in your system:

sudo setenforce 0
sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config

Step 5. Accessing the FreeIPA Web interface.

FreeIPA will be available on HTTP port 80 by default. Open your favorite browser and navigate to https://freeipa.idroot.us/ and complete the required steps to finish the installation. Ignore the private SSL warning and proceed to the FreeIPA server login page. Use the username, admin, and admin password provided during the installation setup.

Install FreeIPA on CentOS 8

Congratulations! You have successfully installed FreeIPA. Thanks for using this tutorial to install the FreeIPA on CentOS 8 system. For additional help or useful information, we recommend you to check the official FreeIPA website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!


r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to idroot.us, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Back to top button