What is freeIPA

FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 Directory Server, MIT Kerberos, NTP, DNS, Dogtag (Certificate System). It consists of a web interface and command-line administration tools.

FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments. A FreeIPA server provides centralized authentication, authorization and account information by storing data about user, groups, hosts and other objects necessary to manage the security aspects of a network of computers.

FreeIPA is an open source alternative to Microsoft Directory Server. It provides the following functionality:

  • Centralised LDAP based authorisation
  • Kerberos
  • Time server
  • DNS
  • Certificate Authority
  • Host and Role based access control

and more, all with a reasonable web GUI and excellent command line tools.

This work will walk through an install of FreeIPA on a Fedora 35 Server install and configures three servers in a multi-master configuration. It should be similar on CentOS and RHEL (although the packages might be called ipa not freeipa).

You can find the code to create an IPA infrastructure at :
the code used for this project has been saved in github feel free to download