Deploy FreeIPA Server on Ubuntu VPS

Here’s a step-by-step guide to deploy FreeIPA server on Ubuntu VPS, using the latest supported methods. FreeIPA is traditionally built for Fedora-based systems (like CentOS or AlmaLinux), but with the help of containerization (Podman), it can run effectively on Ubuntu VPS.

What is FreeIPA?

FreeIPA (Identity, Policy, Audit) is an open-source identity management solution designed primarily for Linux and Unix environments. It integrates several key identity management services into a centralized, easy-to-manage platform.

Key Features of FreeIPA:

• Centralized Authentication: Uses Kerberos for secure authentication across networks
• Identity Management: Manages users, groups, hosts, and services centrally
• Access Control: Implements fine-grained access policies using Role-Based Access Control (RBAC)
• Directory Services: Includes an integrated LDAP (389 Directory Server) for storing identity data
• Single Sign-On (SSO): Simplifies user logins across multiple systems
• DNS Management: Integrates DNS management, enabling streamlined host and service name resolution
• Certificate Management: Offers built-in Public Key Infrastructure (PKI) using Dogtag Certificate System
• Audit Logging: Tracks administrative actions and system activities for auditing and compliance
• Web Interface: Provides an intuitive graphical user interface (GUI) for easy management

Common Use Cases:

• Centralizing user and identity management for enterprises
• Securing and simplifying Linux infrastructure management
• Implementing compliance and auditability for security policies

Benefits of Using FreeIPA:

• Simplified infrastructure management
• Enhanced security with centralized identity and access controls
• Reduced complexity through integrated services
• Lower operational overhead with automation and unified interfaces

FreeIPA is widely adopted in organizations seeking an open-source, scalable, and secure identity management solution.

✅ Prerequisites

• An Ubuntu VPS (20.04 LTS or 22.04 LTS recommended)
• At least 2 CPU cores, 4 GB RAM, and 10 GB free disk space
• Root or sudo privileges
• A static IP address
• A valid fully qualified domain name (FQDN) pointing to the VPS (e.g., ipa.example.com) (Guide: How to Point a Domain to Your VPS Server)
• Ports 80, 443, 389, 636, 88, 464, 53, 123 open in your firewall (Guide: How to Open Ports on Linux Server)

How to Deploy FreeIPA Server on Ubuntu VPS

1. 🔧 Prepare the System

   sudo apt update && sudo apt upgrade -y sudo hostnamectl set-hostname ipa.example.com

   Edit /etc/hosts to include your FQDN:

   sudo nano /etc/hosts

   Add/Edit:

   192.0.2.10 ipa.example.com ipa

   Replace 192.0.2.10 with your server’s actual IP address.

2. 🐳 Install Podman

   sudo apt install podman -y

3. 📦 Pull the FreeIPA Server Container

   Podman:

   git clone https://github.com/freeipa/freeipa-container.git cd freeipa-container podman build freeipa-almalinux9 -f Dockerfile.almalinux-9 sudo mkdir -p /var/lib/freeipa-data

4. 🗄️ Create a Volume for Data Persistence

   podman volume create freeipa-data

5. ⚙️ Run the FreeIPA Container

   Here’s how to start a FreeIPA server in a container. Replace values as needed.

   podman run --name freeipa-server-almalinux9 -ti \ -h ipa.example.com --read-only --sysctl net.ipv6.conf.all.disable_ipv6=0 \ -v /sys/fs/cgroup:/sys/fs/cgroup:ro \ -v /var/lib/freeipa-data:/data:Z freeipa-almalinux9

   You’ll be prompted to configure FreeIPA interactively during the first run.

6. 🧪 Test the FreeIPA Web UI

   After installation is complete, visit:

   https://ipa.example.com
   

   Log in with:

   • Username: admin
   • Password: the one you set via PASSWORD=...

7. 🛡️ Configure Firewall (if using UFW)

   sudo ufw allow 80,443,389,636,88,464/tcp sudo ufw allow 53,123/udp sudo ufw reload

8. 🔄 Autostart the Container (Optional)

   podman generate systemd --name freeipa-server-container --files --restart-policy=always sudo mv container-freeipa-server-container.service /etc/systemd/system/ sudo systemctl daemon-reexec sudo systemctl enable --now container-freeipa-server-container.service

9. 🧰 Useful CLI Commands

   • Check container logs:

     podman logs freeipa-server-container

   • Exec into container:

     podman exec -it freeipa-server-container bash

   • Stop/start:

     podman stop freeipa-server-container podman start freeipa-server-container

10. 🧪 Test LDAP and Kerberos

    Test with LDAP:

    ldapsearch -x -H ldap://ipa.example.com -b dc=example,dc=com

    Test Kerberos (requires krb5-user):

    sudo apt install krb5-user kinit admin

    You’ll be prompted for the admin password.

✅ Conclusion

You now know how to deploy FreeIPA server on Ubuntu VPS. After completing the steps above, you’ll have a fully-functional FreeIPA identity management server running on Ubuntu via container. You can use this to:

• Manage users and groups
• Provide centralized authentication (LDAP + Kerberos)
• Use it as a DNS server (if configured)
• Integrate Linux clients with ipa-client-install

🧭 Next Steps

• Configure clients: ipa-client-install
• Automate user/group provisioning
• Enable 2FA and SSH key management
• Secure access with firewall/VPN