How to Install FreeIPA Client on Ubuntu Server 18.04

FreeIPA is free and open source Identity, Policy, and Audit (IPA) suite sponsored by RedHat. It's an IPA solution combination of Linux (Fedora), 389 Directory Server, MIT Kerberos, NTP, DNS Bind, Dogtag, Apache web server, and Python.

In our previous guide, we've already shown you the FreeIPA installation and configuration on CentOS 7 server. However, this guide will show you the installation and configuration of the FreeIPA Client.

Currently, FreeIPA has client packages for CentOS 7, Fedora, and Ubuntu. And for this guide, we're going to install and configure the FreeIPA client on Ubuntu 18.04 Bionic Beaver server.

Prerequisites

  • Server with FreeIPA Server installed.
  • Ubuntu 18.04 Bionic Beaver
  • Root privileges

What we will do?

  1. Add Client DNS Record
  2. Setup the Client DNS Resolver
  3. Setup FQDN
  4. Install FreeIPA Client on Ubuntu 18.04
  5. Enable Automatically Create Home Directory
  6. Verify FreeIPA Client Installation
  7. Testing

Step 1 - Add Client DNS Record

First of all, we need to add the DNS record of the client host to the FreeIPA server.

Login to the FreeIPA server and authenticate to the Kerberos admin using the following command.

kinit admin
TYPE YOUR PASSWORD

After that, add the DNS record of the client host to the FreeIPA server.

ipa dnsrecord-add hakase-labs.io client1 --a-rec 10.9.9.16

IPA DNS Record

Step 2 - Setup DNS Resolver

In order to configure the client with the DNS autodiscovery setup, we need to edit the client DNS resolver to use the FreeIPA server IP address as the nameserver.

Edit the '/etc/resolv.conf' file.

vim /etc/resolv.conf

Replace the domain name and IP address with your own FreeIPA server and paste into it.

search hakase-labs.io
nameserver 10.9.9.15

Step 3 - Setup FQDN

After configuring the DNS resolver, we need to configure the FQDN (Fully Qualified Domain Name) of the client host. And then add the FreeIPA server IP address and domain name to the '/etc/hosts' file.

Change FQDN of the client by running the following command.

hostnamectl set-hostname client1.hakase-labs.io

Next, edit the '/etc/hosts' file using vim editor.

vim /etc/hosts

Make the following change in configuration and paste into it.

10.9.9.15   ipa.hakase-labs.io  ipa
10.9.9.16   client1.hakase-labs.io client1

Save and close, then type 'exit' command to log out from the server.

Now log in again to the server and verify FQDN using the following command.

hostname -f

Setup the hostname

Step 4 - Install FreeIPA Client Packages

By default, Ubuntu provides FreeIPA client packages on its own repository. So we can install FreeIPA client packages just by running the following command below.

sudo apt-get install freeipa-client oddjob-mkhomedir -y

After that, run the FreeIPA client command installation below.

ipa-client-install --mkhomedir --no-ntp

Type 'yes' to apply system changes using profile values generated from the DNS autodiscovery. Once the installation is complete, you will get the result such as 'The ipa-client-install command was successful'.

Install FreeIPA Client Packages

Additionally:

  • If you fail with the autodiscovery host, ensure the DNS of the FreeIPA server is in the top line on the '/etc/resolv.conf file, and ensure the DNS port '53' are open on the server.
  • If you have an error during the join process to the FreeIPA server, you can use '--force-join' option.

Step 5 - Setup Automatically Create Home Directory

On Ubuntu server, the automatically created home directory for each user will not work at the beginning. Even the ipa client installation using the '--mkhomedir' option.

In order to make this thing work on the Ubuntu server, we need to install additional packages and add additional PAM (Pluggable Authentication Modules) configuration.

The additional packages have been installed on the top, so we just need to create a new PAM configuration.

Add new PAM configuration for automatically create the home directory by running the following command.

cat > /usr/share/pam-configs/mkhomedir <<EOF
Name: create home directory FreeIPA
Default: yes
Priority: 900
Session-Type: Additional
Session:
required pam_mkhomedir.so umask=0022 skel=/etc/skel
EOF

After that, apply the new PAM configuration.

sudo pam-auth-update

Create home directory automatically

Now all users that log in to the client host using the FreeIPA user will automatically create the home directory.

Step 6 - Verify FreeIPA Client Installation

After the FreeIPA client installation and configuration, we want to verify by checking the client hosts from the FreeIPA server.

Run the following command on the FreeIPA server.

ipa host-show client1.hakase-labs.io

Change the name of the host with your own info, and you will be shown your host info.

Verify FreeIPA Client Installation

In addition, we want to check again from the FreeIPA web-UI dashboard.

Log in to the FreeIPA dashboard, click on the 'Hosts' tab. And you will be shown your own host info.

FreeIPA dashboard

Step 7 - Testing FreeIPA Client

For this example, we want to test the FreeIPA client installation by creating a new user on the FreeIPA server.

Run the following command to create a new user.

ipa user-add misaka  --first=misaka --last=mikoto [email protected]  --shell=/bin/bash --password

Testing FreeIPA Client

After that, try to log in to the client host through SSH from the FreeIPA server.

ssh [email protected]

And finally, you will be logged in to the client using the FreeIPA user recently created.

Test login

Share this page:

Suggested articles

1 Comment(s)

Add comment

Comments

By: Radek at: 2019-06-07 18:10:45

Hello.

Great text but screenshots are useless because of small resolution.

This also happens in other articles.

 

Radek