How to Install FreeIPA Client on RHEL | Rocky Linux | AlmaLinux

In this post, we will show you how to install and configure FreeIPA client on RHEL, Rocky Linux or AlmaLinux.

For the demonstration purpose, we will integrate a RHEL system with FreeIPA server using FreeIPA client for centralize authentication.

FreeIPA server is an open-source identity management solution that provides centralized authentication, authorization, and account information for Linux systems.

Prerequisites

  • Pre-Installed RHEL-9/8 or Rocky Linux9/8 or AlmaLinux 9/8
  • Regular user with sudo rights
  • Valid subscription for RHEL system.
  • Internet Connectivity

Also Read: How to Install FreeIPA Server on RHEL 8 | Rocky Linux 8 | AlmaLinux 8

Without any delay, let’s deep dive into FreeIPA client installation and configuration steps,

1) Create a User on FreeIPA Server

Login to FreeIPA server and create a user for centralize authentication, here I am creating a user with opsadm using following command.

$ sudo kinit admin
$ sudo ipa user-add opsadm --first=Ops --last=Admin --password
Password:
Enter Password again to verify:
-------------------
Added user "opsadm"
-------------------
  User login: opsadm
  First name: Ops
  Last name: Admin
  Full name: Ops Admin
  Display name: Ops Admin
  Initials: OA
  Home directory: /home/opsadm
  GECOS: Ops Admin
  Login shell: /bin/bash
  Principal name: [email protected]
  Principal alias: [email protected]
  User password expiration: 20230502010113Z
  Email address: [email protected]
  UID: 464600004
  GID: 464600004
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True
$

2) Add DNS Record for RHEL, Rocky Linux or AlmaLinux

Next step is to add DNS record for machine which we want to integrate with FreeIPA server for centralize authentication. On FreeIPA Server, run following command

$ sudo ipa dnsrecord-add linuxtechi.lan rhel.linuxtechi.lan --a-rec 192.168.1.2

Note: Replace IP address and hostname in above commands that suits to your setup.

Add-DNS-Record-RHEL-RockyLinux-AlmaLinux

Now login to RHEL client and add following entries in /etc/hosts file

192.168.1.102 ipa.linuxtechi.lan ipa
192.168.1.2   rhel.linuxtechi.lan rhel

Save and exit the file.

3) Install and configure FreeIPA client on RHEL, RockyLinux & AlmaLinux

FreeIPA client and its dependencies are available in the default package repositories (AppStream and BaseOS), so to install freeipa client, run

$ sudo dnf install freeipa-client -y

Install-FreeIPA-Client-DNF-Command-RHEL

After the installation, configure the FreeIPA client, run following command

$ sudo ipa-client-install --hostname=`hostname -f` --mkhomedir --server=ipa.linuxtechi.lan --domain linuxtechi.lan  --realm LINUXTECHI.LAN

// Replace freeipa server’s hostname, domain name and realm according to your setup.

Output ,

Configure-freeipa-client-command-rhel

Perfect, output above confirms that freeipa-client command has been executed successfully. To test the freeipa client integration, logout from the current user and try to login as opsadm user that we had created on IPA server.

4) Test FreeIPA Client

Try to ssh the rhel system on which you have just configured FreeIPA client using opsadm user,

$ ssh opsadm@<IPAddress-RHEL>

First-time-login-opsadm-freeipa-rhel

When we login to the system first time then it will prompt you to set new password because of password expiry policy.

After changing the password, try to login again. This time you should be able to login

$ ssh [email protected]

Login-RHEL-System-FreeIPA-Client

Great, output above confirms that we can login using opsadm user. This confirms that FreeIPA client installation and configuration is successful.

That’s all from this post, I hope you have found it informative, please do post your queries and feedback in below comments section.

Leave a Comment

Your email address will not be published. Required fields are marked *