Introduction to FreeIPA

FreeIPA is used for authentication at Freeside, FreeIPA provides an all in one system that implementing the LDAP protocol along with Kerberos and CA services. It is advised to familiarise yourself with LDAP and Kerberos before using FreeIPA.

Here is a basic introduction to LDAP and an ELI5 For Kerbros

The FreeIPA documentation can also be very useful.

URL for FreeIPA: ipa.freeside.co.uk (150.237.94.146)

Installing a FreeIPA server

Instead of including infomation which will go out of date on the Wiki I shall link to a guide on http://server-world.info Their guides are straight to the point and regulary updated for new Distro updates. https://www.server-world.info/en/note?os=Fedora_27&p=freeipa - This is the guide I followed to setup FreeIPA

Installing a FreeIPA Client

First make sure the Client has a FQDN example fs-importantserver-01.freeside.co.uk localhost in your /etc/host, a corresponding enty should be made on the DNS server hosted on ipa.freeside.co.uk by editing the /etc/host file.

You should also check that the DNS is set on the Client to use the server 150.237.94.146 without this FreeIPA won’t automatically be able to retrieve infomation from kerbros and you will have problems connecting to kerbros down the line.

Installing a client is a simple as typing the command: # ipa-client-install --server=ipa.freeside.co.uk --domain freeside.co.uk

Add to setup home directory mounting # ipa-client-automount --location=default

Configuring a service to use LDAP Authentication:

The ldap Base shoould be cn=users, cn=accounts,dc=freeside,dc=co,dc=uk dc=freeside,dc=co,dc=uk on it’s own would work but the application may use the the compat tree which would result in the application not being able to retrieve user infomation such as emails.

The bind DN is uid=system,cn=sysaccounts,cn=etc,dc=freeside,dc=co,dc=uk this is a system account which does not have write privilidges. DO NOT USE A BIND WITH WRITE PERMISSION

TODO:

  • Guide how to use the FreeIPA interface
  • Screenshots