LEARN HOW TO INSTALL FREEIPA OPEN SOURCE IDENTITY MANAGEMENT SERVER ON CENTOS 7 IN THE CLOUD ON AWS

FREEIPA is a linux based and open source identity management server that enables any organisation to have a centralized authentication, authorization platform that stores data about users, groups, hosts and other objects necessary to manage the security aspect of a computer network. FREEIPA is built on the 389 DS LDAP server and serves as a data backend for all identity, authentication (KERBEROS) and authorization needs. FREEIPA is an open source project sponsored by REDHAT and is an upstream for the commercial REDHAT IDENTITY MANAGER product. In this video tutorial you will learn how to install the FREEIPA open source identity management server on CENTOS 7 in the cloud on AMAZON WEB SERVICES.

REQUIREMENTS

In order to complete this tutorial, the following is a list of items that may be needed or required. Please ensure to have these items available before taking implementation action on this tutorial to ensure success:
1) A desktop or laptop with atleast 4GB RAM, a dual core processor and 50 GB of free disk space
2) If you choose to install on you computer you will need virtualization software i.e VIRTUALBOX
3) The CENTOS 7 disk image file (for on premise / on device installation)
4) An AWS free tier account and access to the AWS LIGHTSAIL web application
5) A AWS ROUTE53 domain with an A record pointing to the CENTOS 7 instance.

OVERVIEW

1) Log into your AWS account, open the LIGHTSAIL web app and create a new CENTOS 7 instance
2) Download the KEYPAIR FILE for the instance, connect via SSH and install package updates
3) Change the hostname of the CENTOS 7 SERVER instance and start the FREEIPA package installation process.
4) Configure the IPv4 firewall in AWS LIGHTSAIL to permit access to the FREEIPA web based dashboard
5) Open a web browser and log into the FREEIPA web based dashboard

STEP 1: Log into your AWS account, open the LIGHTSAIL web app and create a new CENTOS 7 instance

1) Click HERE to go to the AWS log in page and enter your IAM credentials or root user account credentials to log in. Once you have logged in use the search bar on the console dashboard to search for LIGHTSAIL. Click on the “LIGHTSAIL” search result to open the AWS LIGHTSAIL web app. Once it open click on the CREATE INSTANCE button to open the INSTANCE creation wizard.

2) On the CREATE AN INSTANCE page, select an INSTANCE LOCATION and select LINUX / UNIX on the SELECT A PLATFORM section. On the SELECT A BLUEPRINT section click on the OS ONLY button and select the CENTOS 7 instance type.

3) Scroll down to the SELECT YOUR INSTANCE PLAN section and select the $20USD per month plan which will create an instance with 4GB RAM, an 80GB SSD and a dual core processor.

4) Next, give the instance a descriptive name on the IDENTIFY YOUR INSTANCE text input box, scroll down and click on the CREATE INSTANCE button.

5) Once the INSTANCE creation process is complete, click on the NETWORKING tab and click on the CREATE STATIC IP button. Select the FREEIPA-SERVER CENTOS 7 instance on the ATTACH TO AN INSTANCE drop down, type in a descriptive name to identify the IP ADDRESS that you are allocating and click on the CREATE button

6) Go back to the AWS CONSOLE and open the ROUTE53 dashboard. Click on HOSTED ZONES and click on your domain name. Click on CREATE RECORD, copy the IP ADDRESS that you attached to the FREEIPA CENTOS 7 instance and paste it on the VALUE input box. Set the record type to A -RECORD, the RECORD NAME to “freeipa-server” and click on CREATE RECORD.

This will create an A record of freeipa-server.billysoftwebservices.com pointing to the public ip address of the FREEIPA CENTOS 7 instance.

7) Next, go back to the AWS LIGHTSAIL web application, click on the FREEIPA CENTOS 7 instance and on the CONNECT tab, scroll down and click on the DOWNLOAD DEFAULT KEY link. This will download the keypair file that you will use to connect to the CENTOS INSTANCE via SSH.

STEP 2: Download the KEYPAIR FILE for the instance, connect via SSH AND INSTALL PACKAGE UPDATES.

8) Next, open your terminal application, and run the following commands to change your working directory to the download folder, change the permissions on the keypair file to read only and to connect to the instance via ssh:

cd Downloads

chmod 400 name-of-keypair-file

ssh -i ‘name-of-keypair-file’ centos@ip-address-of-centos-instance

9) Next, run the following commands to install system and package updates & upgrades:

sudo su

yum update && yum upgrade

STEP 3: Change the hostname of the CENTOS 7 SERVER instance and start the FREEIPA package installation process.

10) Once the update process is complete, reboot the instance, change the hostname for the FREEIPA CENTOS 7 instance. Run the following command to install the epel-repository, bind-util and the ipa-server package:

yum -y install epel-release

yum -y update

yum -y install bind-utils vim

yum -y install ipa-server

NB: RUN ONE COMMAND AT A TIME.

11) Next, run the following command to open the /etc/hosts file to configure a new hostname for the server:

yum install nano -y

nano /etc/hosts

add the following in the file using the format below ( To check the LAN IP address USE the command ip add list):

ip-address-of-server freeipa-server.yourdomain.com freeipa-server

12) Next, run the following command to set the new hostname for the CENTOS 7 SERVER instance:

hostnamectl set-hostname freeipa-server

And to ensure that the new hostname persists across server reboots, edit the cloud.cfg file:

nano /etc/cloud/cloud.cfg

Add the following string to the bottom of the /etc/cloud/cloud.cfg file to be sure that the new hostname is preserved between restarts and reboots:

preserve_hostname: true

13) Restart the CENTOS 7 SERVER instance and run the following command to configure IPA server. You need to execute this as root user:

sudo reboot

Reconnect to the server and run the command:

sudo ipa-server install

The installer will prompt “DO YOU WANT TO CONFIGURE INTEGRATED DNS (BIND) ? [no]: ” Type in the word NO and press enter to disallow this.

14) Next, you will be prompted to enter an FQDN as well as HOSTNAME, press ENTER on each prompt to leave the hostname that you set in the previous step and on the DIRECTORY MANAGER PASSWORD prompt, enter any password that you would like and press ENTER.

15) Next the FREEIPA configuration script will prompt you to set a password for the admin account. Type in a secure password that is not easy to guess on the IPA ADMIN PASSWORD and PASSWORD (CONFIRM) fields. You will also see information about the FREEIPA server such as the HOSTNAME and domain name that you have configured. On the CONTINUE TO CONFIGURE THE SYSTEM WITH THESE VALUES? prompt, Type in the word YES and press ENTER.

16) Once the configuration process is complete, run the following commands to test the FREEIPA server:

kinit admin

klist

STEP 4: Configure the IPv4 firewall in AWS LIGHTSAIL to permit access to the FREEIPA web based dashboard

17) Open the AWS LIGHTSAIL web app and click on the name of the FREEIPA instance. Click on the NETWORKING tab and on the IPV4 FIREWALL section, click on ADD RULE. Select HTTPS on the APPLICATION drop down and click on CREATE

18) Open up a new browser tab and go to freeipa-server.yourdomain-name.com. If you get an SSL certificate error, thats because FREEIPA uses a self signed certificate for security reasons. Click on advanced and click on PROCEED or any other link that allows you to proceed wit the connection.

STEP 5: LOG INTO THE FREEIPA DASHBOARD

19) Enter your username and password on the log in page and you should see a dashboard as shown in the image below. You should now be able to configure client devices and start using FREEIPA in your organisation