FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 Directory Server, MIT Kerberos, NTP, DNS, Dogtag (Certificate System). It consists of a web interface and command-line administration tools.

FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments. A FreeIPA server provides centralized authentication, authorization and account information by storing data about user, groups, hosts and other objects necessary to manage the security aspects of a network of computers.

at KNU Cluster FreeIPA is using for as domain for students accounts for oVirt.

It installed in oVirt.vlabs environment as VM with disk on separate LUN with CentOS 7 from standard repos. VM placed in private network of vLabs and has paththrough access from web.

We tried to install Lets Encrypt CA certs and not succeed because of bug`s in FreeIPA.

In order to integrate freeIPA to ovirt option nsslapd-minssf need to be set to 1 in file /etc/dirsrv/slapd-VLABS-KNU-UA/dse.ldif

Starting from version 4.0 FreeIPA using One Time Password(OTP). In our installation we doesn`t need this feature so it must be disabled by ipa config-mod --user-auth-type=disabled

users can be created by recommended set of commands

kinit admin
for i in {<student number in group>}; do echo "<coursname_aspassword><year>" | ipa user-add <courcename>_g<groupnumber>_s$i --first=FIRSTNAME --last=LASTNAME --password --noprivate --gidnumber=<number of existing group>; done

ipa group-add-member <groupname> --users=<list of users>

examples can be found in history of commands on

Last modified 7 years ago Last modified on Mar 12, 2016 8:18:50 PM