Christian WellsFreeIPA is an open-source identity management and authentication system for Linux-based systems. It provides a centralized platform for managing users, groups, and other identity-related information, and allows users to securely authenticate to various services using a single set of credentials. In this article, we will explain how to install FreeIPA on Rocky Linux, a new Linux distribution that is based on the source code of Red Hat Enterprise Linux (RHEL) and CentOS.
Before you begin, make sure that you have a Rocky Linux server that is connected to the internet, and that you have a non-root user with sudo privileges.
Here is the firewall configuration for FreeIPA on Rocky Linux, you need to open the necessary ports for the FreeIPA services. The ports that need to be opened depend on the services that you want to enable on the FreeIPA server.
For example, if you want to enable the LDAP service on the FreeIPA server, you need to open the 389/tcp port for LDAP, and the 636/tcp port for LDAPS (LDAP over SSL). To do this, you can run the following commands:
sudo firewall-cmd --permanent --add-port=389/tcp
sudo firewall-cmd --permanent --add-port=636/tcp
These commands will add the 389/tcp and 636/tcp ports to the firewall configuration, and make the changes permanent.
Similarly, if you want to enable the Kerberos service on the FreeIPA server, you need to open the 88/udp and 88/tcp ports for Kerberos authentication, and the 464/udp and 464/tcp ports for Kerberos password changes. To do this, you can run the following commands:
sudo firewall-cmd --permanent --add-port=88/udp
sudo firewall-cmd --permanent --add-port=88/tcp
sudo firewall-cmd --permanent --add-port=464/udp
sudo firewall-cmd --permanent --add-port=464/tcp
Once you have opened the necessary ports for the FreeIPA services that you want to enable, you need to reload the firewall configuration to apply the changes:
sudo firewall-cmd --reload
This will reload the firewall configuration and apply the changes. You can verify that the necessary ports are open by running the firewall-cmd --list-ports command, which will list all the open ports on the firewall.
To install FreeIPA on Rocky Linux, you first need to update the package list and install the required packages by running the following commands:
sudo yum update
sudo yum install freeipa-server bind bind-dyndb-ldap ipa-server-dns
These commands will update the package list, and install the FreeIPA server, the BIND DNS server, and the ipa-server-dns package, which provides the necessary tools for configuring DNS with FreeIPA.
Once the required packages are installed, you need to initialize the FreeIPA server by running the ipa-server-install command:
sudo ipa-server-install
This command will start the FreeIPA server installation process. It will prompt you to provide some basic information, such as the hostname of the server, the domain name, the realm name, and the password for the FreeIPA administrator account. Make sure to provide the correct values for these settings, and choose the default options for the other options.
Once you have provided the required information, the ipa-server-install command will configure and start the FreeIPA server. This process may take a few minutes, during which you will see the installation progress on the screen.
Once the FreeIPA server is installed and configured, you can access the FreeIPA web interface by visiting the URL https://your_server_hostname/ipa in a web browser. You will be prompted to enter the username and password for the FreeIPA administrator account that you specified during the installation.
Once you have logged in to the FreeIPA web interface, you can start managing users, groups, and other identity-related information. You can also add other services to the FreeIPA server, such as LDAP, Kerberos, DNS, and more.
To manage FreeIPA on Rocky Linux, you can use the FreeIPA web interface, the ipa command-line tool, or the ldapmodify command.
The FreeIPA web interface is the easiest and most user-friendly way to manage FreeIPA. It provides a graphical user interface that allows you to manage users, groups, and other identity-related information, and to add and configure other services, such as LDAP, Kerberos, DNS, and more. To access the FreeIPA web interface, you need to visit the URL https://your_server_hostname/ipa in a web browser, and log in with the username and password for the FreeIPA administrator account.
The ipa command-line tool is another way to manage FreeIPA. It is a powerful command-line utility that provides a rich set of commands for managing users, groups, and other identity-related information. To use the ipa command-line tool, you need to log in to the FreeIPA server using an SSH client, and run the ipa command with the appropriate options. For example, to list all the users in the FreeIPA directory, you can run the following command:
ipa user-find
The ldapmodify command is another way to manage FreeIPA. It is a low-level command-line utility that allows you to directly modify the entries in the FreeIPA LDAP directory. To use the ldapmodify command, you need to log in to the FreeIPA server using an SSH client, and run the ldapmodify command with the appropriate options. For example, to add a new user to the FreeIPA directory, you can create a file with the LDIF data for the new user, and run the ldapmodify command as follows:
ldapmodify -H ldap://your_server_hostname -D "cn=Directory Manager" -W -f new_user.ldif
There are several ways to manage FreeIPA on Rocky Linux, including the FreeIPA web interface, the ipa command-line tool, and the ldapmodify command. You can choose the method that best suits your needs and preferences.
In conclusion, installing FreeIPA on Rocky Linux is a simple process that involves installing the required packages, and running the ipa-server-install command to initialize the FreeIPA server. By following the steps outlined in this article, you can quickly and easily set up a FreeIPA server on Rocky Linux, and start managing users, groups, and other identity-related information in a centralized and secure manner.
