5.7 KiB
How to Configure FreeIPA Client on Ubuntu 22.04 / 20.04
FreeIPA is a powerful open-source identity management system that provides centralized authentication, authorization, and accounting services. In this post, we will walk through the steps to configure FreeIPA client on Ubuntu 22.04 / 20.04. After configuring the freeipa client then we will try to login with the user created on FreeIPA server.
In our previous post, we had already discussed FreeIPA Server installation steps on RHEL8/Rokcy Linux 8/ AlmaLinux 8.
Also Read: How to Install FreeIPA Server on RHEL 8 | Rocky Linux 8 | AlmaLinux 8
Creating User on FreeIPA Server for Centralization Authentication
Login to your freeipa server and create a user with name “sysadm”, run the following commands
$ sudo kinit admin
Password for [email protected]:
$
$ sudo ipa config-mod --defaultshell=/bin/bash
$ sudo ipa user-add sysadm --first=System --last=Admin --password
Password:
Enter Password again to verify:
-------------------
Added user "sysadm"
-------------------
User login: sysadm
First name: System
Last name: Admin
Full name: System Admin
Display name: System Admin
Initials: SA
Home directory: /home/sysadm
GECOS: System Admin
Login shell: /bin/bash
Principal name: [email protected]
Principal alias: [email protected]
User password expiration: 20230415073041Z
Email address: [email protected]
UID: 464600003
GID: 464600003
Password: True
Member of groups: ipausers
Kerberos keys available: True
$
First command is to get Kerberoscredentials and second command to set default login shell for all users as “/bin/bash”and third command used for creating the user with name “sysadm”
Steps to configure FreeIPA Client on Ubuntu 22.04 /20.04
Perform the following steps to configure FreeIPA client for centralize authentication.
1) Add DNS record of Ubuntu System on FreeIPA Server
Login to your FreeIPA Server and run the beneath command to add dns record for FreeIPA client (i.e Ubuntu 22.04/20.04)
$ sudo ipa dnsrecord-add linuxtechi.lan app01.linuxtechi.lan --a-rec 192.168.1.106
Record name: app01.linuxtechi.lan
A record: 192.168.1.106
$
In the above command app01.linuxtechi.lan is my Ubuntu system with IP address 192.168.1.106.
Note: Make sure your FreeIPA Server and Clients are on the same timezone and getting the time from NTP Servers.
2) Install FreeIPA client Package
Run the below command from your Ubuntu system to install freeipa-client along with the dependencies,
$ sudo apt install freeipa-client oddjob-mkhomedir -y
While installing freeipa-client, we will get following screen, Choose OK and hit enter
In the next screen, Hit enter to skip,
3) Add FreeIPA Server IP & hostname in hosts file
Add below entries of your FreeIPA Server in /etc/hosts file
$ echo "192.168.1.102 ipa.linuxtechi.lan ipa" | sudo tee -a /etc/hosts
$ echo "192.168.1.106 app01.linuxtechi.lan app01" | sudo tee -a /etc/hosts
Change IP address and hostname that suits to your setup.
4) Configure FreeIPA client using ipa-client-install
Now run following “ipa-client-install” command to configure freeipa-client on your Ubuntu system,
$ sudo ipa-client-install --hostname=`hostname -f` --mkhomedir --server=ipa.linuxtechi.lan --domain linuxtechi.lan --realm LINUXTECHI.LAN
Change the FreeIPA Server address, domain name and realm that suits to your setup.
Output of above command would be something like below :
Perfect, output above confirms that ipa-client installation was successful.
Now allow user’s home directory to be created automatically when they first time authenticated with FreeIPA Server.
Append the following line in the file “/usr/share/pam-configs/mkhomedir”
required pam_mkhomedir.so umask=0022 skel=/etc/skel
$ echo "required pam_mkhomedir.so umask=0022 skel=/etc/skel" | sudo tee -a /usr/share/pam-configs/mkhomedir
To make above changes into affect, run following command
$ sudo pam-auth-update
Select OK and then hit enter.
5) Try to Login to your Ubuntu System with sysadm user
Try to ssh or login to your Ubuntu system using the sysadm user,
$ ssh [email protected]
As you can see above, when we first time to login, it says password expired. It will prompt us to set new password and will disconnect the session.
After updating the password, try to ssh ubuntu system and this time we should able to login.
$ ssh [email protected]
Output,
Great, output above confirms that we have successfully login to our Ubuntu system using a centralize user. This also shows that we have successfully configured FreeIPA client.
In case, you want to uninstall freeipa from your ubuntu system then run following set of commands,
$ sudo ipa-client-install --uninstall
$ sudo rm -rf /var/lib/sss/db/*
$ sudo systemctl restart sssd.service
That’s all from this post, I believe you have found it informative. Kindly do post your queries and feedback in below comments section.
via: https://www.linuxtechi.com/configure-freeipa-client-on-ubuntu/
作者:Pradeep Kumar 选题:lkxed 译者:译者ID 校对:校对者ID