Introduction to FreeIPA

FreeIPA is used for authentication at Freeside, FreeIPA provides an all in one system that implementing the LDAP protocol along with Kerberos and CA services. It is advised to familiarise yourself with LDAP and Kerberos before using FreeIPA.

Here is a basic introduction to LDAP and an ELI5 For Kerbros

The FreeIPA documentation can also be very useful.

URL for FreeIPA: (

Installing a FreeIPA server

Instead of including infomation which will go out of date on the Wiki I shall link to a guide on Their guides are straight to the point and regulary updated for new Distro updates. - This is the guide I followed to setup FreeIPA

Installing a FreeIPA Client

First make sure the Client has a FQDN example localhost in your /etc/host, a corresponding enty should be made on the DNS server hosted on by editing the /etc/host file.

You should also check that the DNS is set on the Client to use the server without this FreeIPA won’t automatically be able to retrieve infomation from kerbros and you will have problems connecting to kerbros down the line. Setting the DNS requires you to run the following series of commands: # nmcli con mod <connection> ipv4.dns "" # nmcli con down <connection> # nmcli con up <connection> <connection> can be found by running # nmcli con.

Installing a client is a simple as typing the command:

ipa-client-install --fixed-primary

You’ll now the asked a series of questions. Here are the answers you should use:

Proceed with fixed values and no DNS discovery? [no]: yes
Do you want to configure chrony with NTP server or pool address? [no]: yes
Enter NTP source server addresses separated by comma, or press Enter to skip: 
Enter a NTP source pool address, or press Enter to skip:
Client hostname:
DNS Domain:
IPA Server:
BaseDN: dc=freeside,dc=co,dc=uk
NTP pool:

Continue to configure the system with these values? [no]: yes

After this, you’ll be asked to answer a username and password. This should be the username and password of an admin on the FreeIPA server.

Next, add to setup home directory mounting:

sudo ipa-client-automount --location=default

We don’t use server autodiscovery, so you do need to specify the --server there explicitly. On other networks here you do have FreeIPA server autodiscovery setup, you don’t need to specify the server automatically if you’ve got the DNS server correctly configured.

Configuring a service to use LDAP Authentication:

The ldap Base shoould be cn=users, cn=accounts,dc=freeside,dc=co,dc=uk dc=freeside,dc=co,dc=uk on it’s own would work but the application may use the the compat tree which would result in the application not being able to retrieve user infomation such as emails.

The bind DN is uid=system,cn=sysaccounts,cn=etc,dc=freeside,dc=co,dc=uk this is a system account which does not have write privilidges. DO NOT USE A BIND WITH WRITE PERMISSION


  • Guide how to use the FreeIPA interface
  • Screenshots