FreeIPA Setup
What is FreeIPA?
FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 Directory Server, MIT Kerberos, NTP, DNS, and Dogtag (Certificate System). It consists of a web interface and command-line administration tools.
FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments. A FreeIPA server provides centralized authentication, authorization, and account information by storing data about users, groups, hosts, and other objects necessary to manage the security aspects of a network of computers.
FreeIPA is built on top of well-known Open Source components and standard protocols with a very strong focus on ease of management and automation of installation and configuration tasks.
Multiple FreeIPA servers can easily be configured in a FreeIPA Domain in order to provide redundancy and scalability.
How to set a FreeIPA with replicas using docker-compose?
Install below tools
Use Ubuntu 20.04
sudo apt install -y docker.io docker-composeMain Server
version: '3.6'
services:
freeipa:
hostname: ipa1.test.com
image: freeipa/freeipa-server:rocky-8-4.9.11
container_name: freeipa-server1
restart: unless-stopped
sysctls:
net.ipv6.conf.all.disable_ipv6: "0"
command: ipa-server-install --realm=test.com --ds-password=DirectoryManagerPassword --unattended
environment:
- PASSWORD=Aa123456
ports:
- "389:389"
- "636:636"
- "88:88/udp"
- "88:88/tcp"
- "464:464/udp"
- "464:464/tcp"
- "80:80"
- "443:443"
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/lib/ipa-data:/data:Z
- /sys/fs/cgroup:/sys/fs/cgroupReplicas Configuration
version: '3.6'
services:
freeipa:
hostname: ipa2.test.com
image: freeipa/freeipa-server:rocky-8-4.9.11
read_only: true
container_name: freeipa-client-1
restart: unless-stopped
user: root
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
command: ipa-replica-install --no-ntp --server=ipa1.test.com --domain=test.com --skip-conncheck --setup-ca --principal admin --admin-password Aa123456 --force-join --unattended
extra_hosts:
- "ipa1:192.168.100.1"
- "ipa1.test.com:192.168.100.1"
ports:
- "389:389"
- "636:636"
- "88:88/udp"
- "88:88/tcp"
- "464:464/udp"
- "464:464/tcp"
- "80:80"
- "443:443"
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/lib/ipa-data:/data:Z
- /sys/fs/cgroup:/sys/fs/cgroup
environment:
- DEBUG_NO_EXIT=1Join Clients to the FreeIPA Server
sudo apt install freeipa-client -y
ipa-client-install --hostname=<Hostname> --domain=<Your.Domain> --server=<Freeipa-Server-FQDN> --realm=<Realm> --principal=<Admin-User> --password=<Admin-Password> --mkhomedir --force-join --unattended --verbose
# Example
ipa-client-install --hostname=test-server --domain=test.com --server=ipa1.test.com --realm=TEST.COM --principal=admin --password=123654 --mkhomedir --force-join --unattended --verbose