This guide installs FreeIPA on a Linux host. FreeIPA 4.13.1 is the latest version with Modern WebUI beta, DNS over TLS/HTTPS support, and enhanced system accounts.
Before installing FreeIPA, ensure your system is properly prepared:
# Update system packages
sudo dnf update -y
# Set hostname to FQDN
sudo hostnamectl set-hostname ipa.example.com
# Disable NetworkManager's DNS management (optional but recommended)
sudo nmcli con mod "System eth0" ipv4.ignore-auto-dns yes
sudo nmcli con mod "System eth0" ipv4.dns "8.8.8.8,8.8.4.4"
# Restart networking
sudo systemctl restart NetworkManager
Install required runtime packages for the service:
# Install FreeIPA server packages
sudo dnf install -y ipa-server ipa-server-dns
# For DNS support (recommended)
sudo dnf install -y bind bind-dyndb-ldap
# For certificate management
sudo dnf install -y certmonger
Use the ipa-server-install command to set up your FreeIPA server:
sudo ipa-server-install --setup-dns --forwarder=8.8.8.8 --auto-forwarders
During installation, you will be prompted for:
For automated deployments:
sudo ipa-server-install \
--unattended \
--realm=EXAMPLE.COM \
--domain=example.com \
--ds-password=DirectoryManagerPassword \
--admin-password=AdminPassword \
--setup-dns \
--forwarder=8.8.8.8 \
--auto-forwarders
After installation, verify the service is running:
# Check service status
sudo ipactl status
# Or check individual services
sudo systemctl status dirsrv
sudo systemctl status krb5kdc
sudo systemctl status kadmin
sudo systemctl status httpd
sudo systemctl status named
Log in to the web UI or run a test query to confirm the service works:
# Test using kinit
kinit admin
ipa user-find admin
# Access the web UI at https://ipa.example.com
# Username: admin
# Password: the admin password you set during installation
To join client systems to your IPA domain:
# On client systems
sudo dnf install -y ipa-client
sudo ipa-client-install --domain=example.com --server=ipa.example.com
If you need to forward DNS queries to upstream servers:
# Add forwarders
ipa dnsconfig-mod --forwarder=8.8.8.8 --forwarder=8.8.4.4
# Or set up conditional forwarding for specific domains
ipa dnsforwardzone-add --forwarder=192.168.1.1 example.internal
With FreeIPA 4.13.x, you have access to:
Common issues and solutions:
Stuck on a step or need custom configuration? We provide paid consulting for FreeIPA deployments, from single-instance setups to distributed clusters.