| | 1 | '''FreeIPA''' is an integrated security information management solution combining Linux (Fedora), 389 Directory Server, MIT Kerberos, NTP, DNS, Dogtag (Certificate System). It consists of a web interface and command-line administration tools. |
| | 2 | |
| | 3 | FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments. A FreeIPA server provides centralized authentication, authorization and account information by storing data about user, groups, hosts and other objects necessary to manage the security aspects of a network of computers. |
| | 4 | |
| | 5 | at KNU Cluster FreeIPA is using for as domain for students accounts for oVirt. |
| | 6 | |
| | 7 | It installed in oVirt.vlabs environment as VM with disk on separate LUN with CentOS 7 from standard repos. VM placed in private network of vLabs and has paththrough access from web. |
| | 8 | |
| | 9 | We tried to install Let`s Encrypt CA cert`s and not succeed because of bug`s in FreeIPA. |
| | 10 | |
| | 11 | In order to integrate freeIPA to ovirt option '''nsslapd-minssf''' need to be set to 1 in file {{{ /etc/dirsrv/slapd-VLABS-KNU-UA/dse.ldif }}} |
| | 12 | |
| | 13 | Starting from version 4.0 FreeIPA using One Time Password(OTP). In our installation we doesn`t need this feature so it must be disabled by {{{ ipa config-mod --user-auth-type=disabled }}} |
| | 14 | |
| | 15 | users can be created by recommended set of commands |
| | 16 | {{{ |
| | 17 | kinit admin |
| | 18 | for i in {<student number in group>}; do echo "<coursname_aspassword><year>" | ipa user-add <courcename>_g<groupnumber>_s$i --first=FIRSTNAME --last=LASTNAME --password --noprivate --gidnumber=<number of existing group>; done |
| | 19 | |
| | 20 | ipa group-add-member <groupname> --users=<list of users> |
| | 21 | }}} |
| | 22 | |
