How to Install FreeIPA on AlmaLinux or Rocky 8

A tutorial to learn the steps and commands to install FreeIPA on CentOS 8, AlmaLinux, or Rocky Linux 8  Server distros to get a centralized authentication, authorization, and account information system.

FreeIPA stands for Free Identity, Policy, Audit, and it is an open-source identity management solution based on an LDAP directory and Kerberos with optional components such as a DNS server, certification authority, and more.  It can manage a domain with users, computers, policies, and trust relationships. Doesn’t it sound like Microsoft Active Directory? Yes, it is exactly what it is all about. FreeIPA can also set up a forest-to-forest trust with existing Active Directory forests and even live in a DNS zone below a zone managed by Active Directory, as long as they do not overlap. It consists of a web interface and command-line administration tools.


  • The hostname must be fully qualified and can be resolved. Here we are using a subdomain i.e.
  • At least 1GB of RAM and 10GB of free disk


Steps to install FreeIPA on AlmaLinux or Rocky Linux 8

The commands below can also be used on CentOS 8, Oracle Linux, VzLinux, and other RPM-based operating systems.

1. Set hostname in AlmaLinux or Rocky

To access and use FreeIPA properly, we need a fully qualified domain name, so we must set the FQDN hostname we want to use. For example, we are using, which can be resolved using our DNS server. However, if you don’t have a DNS server, we need to manually add entries in the Alma Linux server’s host file to resolve the system IP address for our fully qualified hostname.

sudo hostnamectl set-hostname

Replace with the one you want to set for your server’s hostname.

The domain used for the hostname must resolve the IP address to reach the server. Next, point your server IP address to the hostname, i.e., a fully qualified Domain name, in the Host file.

echo " demo" | sudo tee -a /etc/hosts

Replace192.168.0.110 with your server IP address and with your FQDN hostname.

Note: If you want to test FreeIPA locally, using reserved TLDs such as .local is recommended. .test or even .home can be used; for example, a demo.IPA.local

Once done, confirm that the system can ping the host.

ping -c 2

Now, reboot:

sudo reboot


2. Run system update

Before moving further, let’s run the system update command once to ensure all the system packages are current. This will also rebuild the system’s repo cache.

sudo dnf update


3. Enable the Red Hat Enterprise Linux Identity Management system module

FreeIPA Server and client packages are available through the default App stream repository; however, to get them, we need to enable the IDM—Identity Management system module on the AlmaLinux or Rocky Linux we use.

sudo dnf install @idm:DL1

Enabel Redhat IDM on AlmaLinux or Rocky Linux


4. Install FreeIPA on AlmaLinux or Rocky Linux 8

Once the IDM module has been enabled on your server system, it’s time to install all the required packages for FreeIPA on our system.

sudo dnf install ipa-server

If you want to install the FreeIPA DNS server as well, then also run the following command as well:

sudo dnf install ipa-server-dns bind-dyndb-ldap


5. Set up the FreeIPA Server

So far, we have downloaded and installed all the key things required to set up the FreeIPA server on AlmaLinux or Rocky, so let’s start with it.

sudo ipa-server-install

The above command will start the text-based wizard. It will ask you some common questions. The initial ones will be about the integration of BIND DNS. By default, it will be set to ‘NO’. Thus, press the Enter key to continue without it. However, to set a BIND DNS on your Alma or Rocky to resolve domain names, type’ yes‘ and hit Enter.

After that, the script will automatically detect the server hostname and the domain you have set for the hostname.

Thus, press the Enter key for both options.

Configure domain name for freeIPA server

After setting up the above entries, the setup will ask you to set up a directory manager password and IPA admin password for the web interface. Next, it will ask you to configure the NTP server with chronic. Accept the default (no) or type yes as per your choice.

Remember, when it asks you to continue configuring the system with these values, type yes and hit Enter.


6. Configure Linux Firewalld

If you are using your server on some cloud service, then use its firewall to whitelist the following ports:

You must make sure these network ports are open:

TCP Ports:
80, 443: HTTP/HTTPS
389, 636: LDAP/LDAPS
88, 464: Kerberos

UDP Ports:
88, 464: Kerberos
123: NTP

Whereas, if you are using Firewalld in your server system, then run the following two commands:

sudo firewall-cmd --add-service={http,https,dns,ntp,freeipa-ldap,freeipa-ldaps} --permanent
sudo firewall-cmd --reload

7.  Access FreeIPA GUI Web Interface

Once the installation is completed by the script, open your system browser and point it to the FQDN hostname you set for the system in the beginning, e.g Or even if you type https://your-server-ip This will automatically redirect it to the FQDN.

FreeIPA installation on AlmaLinux or Rocky Linux 8


8. Login

The default username for logging into FreeIPA is admin, and the password is the same one you set for it while installing the FreeIPA server in Step 5 of this article.

Login FreeIPA


FreeIPA Command-line

Those who don’t want to use the FreeIPA web GUI interface can use the command line to perform various operations, such as creating users, testing SSH logins for users, and more.

To start using CLI, type-

sudo kinit admin

First, enter the system user password, then enter the one you set for FreeIPA during installation.

Once you log in, you can start using the ipa commands. To get all the details on this command, see the man page:

man ipa

For example, to create a user-

sudo ipa user-add testuser --first=Test --last=User --password

Once the user-added, you can authenticate it with:

You can now authenticate as a new user with

kinit <user>

To list user accounts

sudo ipa user-find

To log in with the created user:

ssh test@localhost

For more information, see the official documentation.

FreeIPA Uninstallation from AlmaLinux or rocky

If you are having trouble with the open-source identity management system or no longer need it, use the below command to remove FreeIPA from CentOS, AlmaLinux, Rocky, or any similar Linux system you are using.

sudo ipa-server-install --uninstall


Other articles:



Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.