Here is a quick and dirty guide on how to setup FreeIPA, an open source LDAP and Kerberos server. FreeIPA works best on Fedora, CentOS, and RedHat. Currently, the latest release, FreeIPA 4.2, are included in Fedora, however 4.1 is included in CentOS. This guide will help show you how to install FreeIPA 4.1 on CentOS 7. However, for those of you interested in installing it on a Ubuntu box, please add FreeIPA to your repository by:
# apt-add-repository ppa:freeipa/ppa # apt-add-repository ppa:sssd/updates # apt-get -y install openssh-server freeipa-client sssd However for CentOS you will need to: # yum install ipa-server Next we need to setup your freeipa server, I'll assume you know how to find your IP, but enter your IP and FQDN to the /etc/hosts file as shown below: # echo 192.168.1.2 ipa.mynetwork.local ipa >> /etc/hosts # echo ipa.mynetwork.local > /etc/hostname Next you have two options, you can manually go through the installation or you can enter a line similar to below to configure it all by you automatically. Using a one-liner like below has some additional benefits, for example, you cannot set the mkhomedir through the walk-through installation. However you can set it afterwards when you log into the system. # ipa-server-install -r MYNETWORK.LOCAL -n mynetwork.local --setup-dns --mkhomedir -p DirPass1234 -a AdminPass1234 --no-forwarders -U For those who are interested this is a break-down of the commands listed above. You'll want to be sure to change both the Directory and Administrator password to something secure.
Once this is complete you will need to be sure to open up your firewall by executing the following command: # firewall-cmd --permanent --add-service=ntp # firewall-cmd --permanent --add-service=http # firewall-cmd --permanent --add-service=https # firewall-cmd --permanent --add-service=ldap # firewall-cmd --permanent --add-service=ldaps # firewall-cmd --permanent --add-service=kerberos # firewall-cmd --permanent --add-service=kpasswd # firewall-cmd --reload Next you'll be able to log into your new server at: https://ipa.mynetwork.local/ipa/ui/ Be sure to log into it using the username admin, and the password you set up during the installation. |
AuthorJames Benson is an IT professional. Archives
August 2022
Categories
All
|