FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 Directory Server, MIT Kerberos, NTP, DNS, Dogtag (Certificate System). It consists of a web interface and command-line administration tools. Officially launched in 2008, the project itself refers to an installation tool and identity and service management environment, based on RedHat’s 389 Directory Server project, and integrates multiple pre-existing projects such as:1 OpenLDAP for directory service, MIT Kerberos 5 for authentication and sessions, Apache HTTP Server and Apache Tomcat for management interface and web service.
A identity and Authentication solution
At freeIPA they believe that identity (machine, user, virtual machines, groups, authentication credentials), policy (host based access control) and audit (this component is deferred) information must be open, interoperable and manageable. And to improve these approaches, we are constantly visualizing projects that carry out this type of task in order to integrate and deepen solutions.
Because of its vital importance and the way it is interrelated, freeIPA believes that identity, policy and audit information must be open, interoperable and manageable. The aim is to make identity, policy and auditing (someday) easy to manage centrally for the Linux and Unix world
Installing freeIPA on CentOS 7
In order to achieve an optimal installation of freeIPA, one of the first things we need to do is to define the hostname of the computer. We write in a terminal:
            sudo -i
After entering the password, we will be root user:
            hostnamectl set-hostname ipa.osradar.com
Now, adding the host entry:
            echo “192.168.250.7 ipa.osradar.com ipa” >> /etc/hosts
Then we proceed to install the necessary packages. These include ipa-server which is the primary and bind-dyndb-ldap for handling DNS.
            yum install ipa-server bind-dyndb-ldap ipa-server-dns
To the terminal to solve the dependencies, proceed to give us the summary and install the packages.
After the process is done, we must run the installation script with the –setup-dns parameter to request the configuration of the DNS.
As we previously configured the hostname, the first two questions are simply to press ENTER. You will then be asked to define a password.
Then, we’ll set an IPA administrator password:
Then, he presents the “summary” of the configuration and asks us if we want to start it.So, therefore, we say YES.
In the following images, so we will see how the installation process continues
The installation is a bit long, so we will continue to see lines and lines of configurations.
And finally, it tells us that the installation has been successful.
Basic settings after installation
The same script, at the end of the installation, tells us that we must open certain ports in order for the services to run properly. So that’s the next step, that’s what we’re writing about:
firewall-cmd –permanent –add-service={ntp,http,https,ldap,ldaps,kerberos,kpasswd,dns}
Next we must refresh the firewall configuration:
            firewall-cmd –reload
Now we need to generate the Kerberos ticket. The Kerberos ticket is essentially a temporary pass-book to authenticate with Kerberos and allows us to use the IPA tools with the user interface:
             kinit admin
And with this command we can see our ticket:
klist
To ensure that the user directories were created correctly, we used authconfig:
             authconfig –enablemkhomedir –update
To enable System Security Services Daemon (sssd), we run:
           chkconfig sssd on
and:
            service sssd start
After that, reboot the server.
Finally, we can access from our browser to the administration panel
             http://IP_SERVER
The centralization of processes is important for companies to be able to manage information effectively and correctly. FreeIPA provides an open, free and flexible solution to managing security policy processes.
