how to install freeipa on ubuntu with docker


What is Freeipa?

FreeIPA is an integrated security information management solution combining Linux (Fedora), 389 Directory Server, MIT Kerberos, NTP, DNS, Dogtag (Certificate System). It consists of a web interface and command-line administration tools.

FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments. A FreeIPA server provides centralized authentication, authorization and account information by storing data about user, groups, hosts and other objects necessary to manage the security aspects of a network of computers.

FreeIPA is built on top of well known Open Source components and standard protocols with a very strong focus on ease of management and automation of installation and configuration tasks.

Requirement :

  • Docker and Docker-compose 
  • Chrony
  • freeipa-client


Freeipa Server:

Domain : example.local

Server Hostname : freeipa.example.local

Client IP :

You can Install Freeipa Based on Docker and here is the Docker-compose  that i provide

you  just need to do

docker-compose up -d

version: '3.7'
    image: freeipa/freeipa-server:centos-8
    restart: unless-stopped
    hostname: freeipa.packops.local
      IPA_SERVER_HOSTNAME: freeipa.packops.local
      TZ: "Asia/Tehran"
    tty: true
    stdin_open: true
      - NET_ADMIN
      - /etc/localtime:/etc/localtime:ro
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
      - freeipavol:/data
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv6.conf.lo.disable_ipv6=0
      - "seccomp:unconfined"
      - -U
      - --domain=packops.local
      - --realm=packops.local
      - --http-pin=YOURPASSWORD
      - --dirsrv-pin=YOURPASSWORDe
      - --ds-password=YOURPASSWORD
      - --admin-password=YOURPASSWORD
      - --no-host-dns
      - --unattended
      - "80:80"
      - "443:443"
      - "389:389"
      - "636:636"
      - "88:88"
      - "464:464"
      - "88:88/udp"
      - "464:464/udp"
      - "123:123/udp"
      - "7389:7389"
      - "9443:9443"
      - "9444:9444"
      - "9445:9445"



Access to Freeipa Server cording to these format


Install Freeipa and  join it toYour Freeipa Server

					 apt-get install freeipa-client chrony -y
hostnamectl set-hostname node-02.example.local

ipa-client-install --hostname=`hostname -f` \
--mkhomedir \
--server=freeipa.example.local \
--domain example.local \


Output should be something Like that :

					This program will set up FreeIPA client.
Version 4.8.6

WARNING: conflicting time&date synchronization service 'ntp' will be disa                                                                                                                                          bled in favor of chronyd

Autodiscovery of servers for failover cannot work with this configuration                                                                                                                                          .
If you proceed with the installation, services will be configured to alwa                                                                                                                                          ys access the discovered server for all operations and will not fail over                                                                                                                                           to other servers in case of failure.
Proceed with fixed values and no DNS discovery? [no]: "yes"
Do you want to configure chrony with NTP server or pool address? [no]: "no"
Client hostname: "node-02.example.local"
DNS Domain: "example.local"
IPA Server: "freeipa.example.local"
BaseDN: dc=mabnadp,dc=local

					Continue to configure the system with these values? [no]: yes
Synchronizing time
No SRV records of NTP servers found and no NTP server or pool address was                                                                                                                                           provided.
Using default chrony configuration.
Attempting to sync time with chronyc.
Time synchronization was successful.
User authorized to enroll computers: admin
Password for admin@EXAMPLE.LOCAL:
Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=MABNADP.LOCAL
    Issuer:      CN=Certificate Authority,O=MABNADP.LOCAL
    Valid From:  2021-11-22 11:33:00
    Valid Until: 2041-11-22 11:33:00

Enrolled in IPA realm MABNADP.LOCAL
Created /etc/ipa/default.conf
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm MABNADP.LOCAL
Systemwide CA database updated.
Adding SSH public key from /etc/ssh/
Adding SSH public key from /etc/ssh/
Adding SSH public key from /etc/ssh/
Adding SSH public key from /etc/ssh/
Could not update DNS SSHFP records.
SSSD enabled
Configured /etc/openldap/ldap.conf
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring mabnadp.local as NIS domain.
Client configuration complete.



You Can Cache Packages , Speed UP Downloading Packages and Also Not Accessing Your Servers To the Internet By Simply Using APT Cacher-NG

					kinit admin