Working with FreeIPA

Hands-On Lab

 

Photo of Stosh Oldham

Stosh Oldham

Course Development Director in Content

Length

01:00:00

Difficulty

Intermediate

An important part of security is identifying and authenticating users. FreeIPA is a technology that does both using a suite of various technologies. In this hands-on lab, we will work through setting up a basic Kerberos realm and directory using FreeIPA. This is an important skill for the LPIC3-303 and other high-level certifications exams.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Working with FreeIPA

Introduction

An important part of security is identifying and authenticating users. FreeIPA is a technology that does both using a suite of various technologies. In this hands-on lab, we will work through setting up a basic Kerberos realm and directory using FreeIPA. This is an important skill for the LPIC3-303 and other high-level certifications exams.

Connecting to the Lab

  1. Open your terminal application, and run the following command (remember to replace <PUBLIC_IP> with the public IP you were provided on the lab instructions page):
    ssh cloud_user@<PUBLIC_IP>
  2. Type yes at the prompt.
  3. Enter your cloud_user password at the prompt.

Configure the Host File and Name

  1. Escalate privileges to root.
    sudo su -
  2. Edit the /etc/hosts file.
    vim /etc/hosts
  3. Scroll down to a blank line, and add the following:
    10.0.1.100   ipa.example.com
  4. Press Esc, then type :wq to exit the vim text editor.
  5. Set the host name.
    hostnamectl set-hostname ipa.example.com

Configure the Base IPA Domain

  1. Create the base IPA domain.
    ipa-server-install
  2. Press Enter at the next four prompts.
  3. Enter your cloud_user password at the next four prompts.
  4. Type yes at the prompt.
  5. Wait a few minutes for the installation to finish.

Create and Verify a New Session

  1. Create a new session for the admin user.
    kinit admin
  2. Enter your cloud_user password at the prompt.
  3. Verify that this was successful.
    klist

Create a New User in Directory Services

  1. Create the user jsmith with the first name john and last name smith in directory services.
    ipa user-add jsmith --first john --last smith

Conclusion

Congratulations, you've successfully completed this hands-on lab!