{"id":22405,"date":"2024-05-04T13:46:11","date_gmt":"2024-05-04T10:46:11","guid":{"rendered":"https:\/\/kifarunix.com\/?p=22405"},"modified":"2024-05-04T15:39:43","modified_gmt":"2024-05-04T12:39:43","slug":"install-and-configure-freeipa-client-on-ubuntu-24-04","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-and-configure-freeipa-client-on-ubuntu-24-04\/","title":{"rendered":"Install and Configure FreeIPA Client on Ubuntu 24.04"},"content":{"rendered":"<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1051\" height=\"588\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/login-with-freeipa-client.png?v=1714819480\" alt=\"install freeipa client ubuntu 24.04\" class=\"wp-image-22416\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/login-with-freeipa-client.png?v=1714819480 1051w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/login-with-freeipa-client-768x430.png?v=1714819480 768w\" sizes=\"(max-width: 1051px) 100vw, 1051px\" \/><\/figure><\/div>\n\n\n<p>In this tutorial, you will learn how to install and configure FreeIPA client on Ubuntu 24.04. With <a href=\"https:\/\/www.freeipa.org\/page\/Client\" target=\"_blank\" rel=\"noreferrer noopener\">FreeIPA client,<\/a> you can be able to authenticate against your central authentication FreeIPA server making it easier to manage user accounts, passwords, and access rights across a network of systems.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#install-and-setup-free-ipa-client-on-ubuntu-24-04\">Install and Setup FreeIPA Client on Ubuntu 24.04<\/a><ul><li><a href=\"#install-and-setup-free-ipa-server\">Install and Setup FreeIPA Server<\/a><\/li><li><a href=\"#add-user-accounts-to-free-ipa-server\">Add User Accounts to FreeIPA Server<\/a><\/li><li><a href=\"#add-client-dns-record-to-free-ipa-server\">Add Client DNS Record to FreeIPA Server<\/a><\/li><li><a href=\"#update-client-and-free-ipa-server-dns-records-on-the-client-node\">Update Client and FreeIPA Server DNS Records on the Client Node<\/a><\/li><li><a href=\"#install-free-ipa-client-on-ubuntu-24-04\">Install FreeIPA Client on Ubuntu 24.04<\/a><\/li><li><a href=\"#configure-free-ipa-client-to-authenticate-via-free-ipa-server\">Configure FreeIPA Client to authenticate via FreeIPA Server<\/a><\/li><li><a href=\"#login-to-ubuntu-24-04-using-free-ipa-user-account\">Login to Ubuntu 24.04 using FreeIPA user Account<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"install-and-setup-free-ipa-client-on-ubuntu-24-04\">Install and Setup FreeIPA Client on Ubuntu 24.04<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-and-setup-free-ipa-server\">Install and Setup FreeIPA Server<\/h3>\n\n\n\n<p>Before you can proceed, you need to have a running FreeIPA server.<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/?s=install+freeipa+server\" target=\"_blank\" rel=\"noreferrer noopener\">Install and Setup FreeIPA Server<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"add-user-accounts-to-free-ipa-server\">Add User Accounts to FreeIPA Server<\/h3>\n\n\n\n<p>Once the server is up and running, add user accounts.<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/add-freeipa-user-accounts-via-cli-or-web-interface\/\" target=\"_blank\" rel=\"noreferrer noopener\">Add FreeIPA User Accounts via CLI or Web Interface<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"add-client-dns-record-to-free-ipa-server\">Add Client DNS Record to FreeIPA Server<\/h3>\n\n\n\n<p>If you configured your FreeIPA Server with integrated DNS, you need to add the client&#8217;s A record details on the server.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ipa dnsrecord-add ipa.srv.world &lt;client-hostname&gt; --a-rec &lt;client-IP&gt;<\/code><\/pre>\n\n\n\n<p>In our FreeIPA server, I didnt setup integrated DNS so I am skipping this step.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"update-client-and-free-ipa-server-dns-records-on-the-client-node\">Update Client and FreeIPA Server DNS Records on the Client Node<\/h3>\n\n\n\n<p>If you are using an integrated DNS on your FreeIPA server and your client is already configured to use it for as DNS server, then you should be able to resolve both the server and the client addresses.<\/p>\n\n\n\n<p>However, if you did not set the DNS server, you can use the hosts file on the client to set the records. <\/p>\n\n\n\n<p>For example, to add FreeIPA server records on the Client hosts file<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"192.168.122.110 freeipa.kifarunix.com\" | sudo tee -a \/etc\/hosts<\/code><\/pre>\n\n\n\n<p>Similarly, update the client DNS records;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"192.168.122.40 noble.kifarunix.com noble\" | sudo tee -a \/etc\/hosts<\/code><\/pre>\n\n\n\n<p>If you hostname was already resolving to the loopback address, update the hosts file accordingly to remove that record.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-free-ipa-client-on-ubuntu-24-04\">Install FreeIPA Client on Ubuntu 24.04<\/h3>\n\n\n\n<p>You are now ready to install FreeIPA client on your Ubuntu system for central authentication via the FreeIPA server.<\/p>\n\n\n\n<p>Run the command below to install FreeIPA client and other required packages.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt install freeipa-client oddjob-mkhomedir<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>freeipa-client<\/strong> provide tools required to configure a system as FreeIPA server client.<\/li>\n\n\n\n<li><strong>oddjob-mkhomedir<\/strong> package provides PAM module, that enables automatic home directories creation for users when they first log in to a system<\/li>\n<\/ul>\n\n\n\n<p>During installation, you will be prompted to set your Kerberos realm, an administrative domain in which the Kerberos authentication service operates.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1351\" height=\"578\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/ipa-client-kerberos-realm.png?v=1714813494\" alt=\"\" class=\"wp-image-22406\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/ipa-client-kerberos-realm.png?v=1714813494 1351w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/ipa-client-kerberos-realm-768x329.png?v=1714813494 768w\" sizes=\"(max-width: 1351px) 100vw, 1351px\" \/><\/figure>\n\n\n\n<p>Press <strong>tab<\/strong> to select Okay and proceed. Otherwise, update the realm domain and press Okay to proceed.<\/p>\n\n\n\n<p>Also, set the FreeIPA server FQDN address and proceed.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1351\" height=\"548\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/ipa-server-fqdn.png?v=1714813505\" alt=\"\" class=\"wp-image-22407\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/ipa-server-fqdn.png?v=1714813505 1351w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/ipa-server-fqdn-768x312.png?v=1714813505 768w\" sizes=\"(max-width: 1351px) 100vw, 1351px\" \/><\/figure>\n\n\n\n<p>For the administrative server for your Kerberos realm, use the same FreeIPA server FQDN.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1348\" height=\"570\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/freeipa-client-administrative-server.png?v=1714814480\" alt=\"\" class=\"wp-image-22408\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/freeipa-client-administrative-server.png?v=1714814480 1348w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/freeipa-client-administrative-server-768x325.png?v=1714814480 768w\" sizes=\"(max-width: 1348px) 100vw, 1348px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configure-free-ipa-client-to-authenticate-via-free-ipa-server\">Configure FreeIPA Client to authenticate via FreeIPA Server<\/h3>\n\n\n\n<p>The FreeIPA client installed above, ships with a number of IPA tools that can be use to manage and configure the client for authentication against the FreeIPA server. Among the tools installed is the <strong><code>ipa-client-install<\/code><\/strong> command.<\/p>\n\n\n\n<p><strong>ipa-client-install<\/strong> command configures a client machine to use IPA for authentication and identity services. By  default this configures SSSD to connect to an IPA server for authentication and authorization.<\/p>\n\n\n\n<p>You can see how to use this command via man page or help info;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><strong>ipa-client-install<\/strong> --help<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>Usage: ipa-client-install [options]\n\nOptions:\n  --version             show program's version number and exit\n  -h, --help            show this help message and exit\n  -U, --unattended      unattended (un)installation never prompts the user\n  --uninstall           uninstall an existing installation. The uninstall can\n                        be run with --unattended option\n\n  Basic options:\n    -p PRINCIPAL, --principal=PRINCIPAL\n                        principal to use to join the IPA realm\n    --ca-cert-file=FILE\n                        load the CA certificate from this file\n    --ip-address=IP_ADDRESS\n                        Specify IP address that should be added to DNS. This\n                        option can be used multiple times\n    --all-ip-addresses  All routable IP addresses configured on any interface\n                        will be added to DNS\n    --domain=DOMAIN_NAME\n                        primary DNS domain of the IPA deployment (not\n                        necessarily related to the current hostname)\n    --server=SERVER     FQDN of IPA server\n    --realm=REALM_NAME  Kerberos realm name of the IPA deployment (typically\n                        an upper-cased name of the primary DNS domain)\n    --hostname=HOST_NAME\n                        The hostname of this machine (FQDN). If specified, the\n                        hostname will be set and the system configuration will\n                        be updated to persist over reboot. By default the\n                        result of getfqdn() call from Python's socket module\n                        is used.\n\n  Client options:\n    -w PASSWORD, --password=PASSWORD\n                        password to join the IPA realm (assumes bulk password\n                        unless principal is also set)\n    -W                  Prompt for a password to join the IPA realm\n    -f, --force         force setting of LDAP\/Kerberos conf\n    --configure-firefox\n                        configure Firefox to use IPA domain credentials\n    --firefox-dir=FIREFOX_DIR\n                        specify directory where Firefox is installed (for\n                        example: '\/usr\/lib\/firefox')\n    -k KEYTAB, --keytab=KEYTAB\n                        path to backed up keytab from previous enrollment\n    --mkhomedir         create home directories for users on their first login\n    --force-join        Force client enrollment even if already enrolled\n    --ntp-server=NTP_SERVER\n                        ntp server to use. This option can be used multiple\n                        times\n    --ntp-pool=NTP_POOL\n                        ntp server pool to use\n    -N, --no-ntp        do not configure ntp\n    --nisdomain=NISDOMAIN\n                        NIS domain name\n    --no-nisdomain      do not configure NIS domain name\n    --ssh-trust-dns     configure OpenSSH client to trust DNS SSHFP records\n    --no-ssh            do not configure OpenSSH client\n    --no-sshd           do not configure OpenSSH server\n    --no-sudo           do not configure SSSD as data source for sudo\n    --subid             configure SSSD as data source for subid\n    --no-dns-sshfp      do not automatically create DNS SSHFP records\n    --kinit-attempts=KINIT_ATTEMPTS\n                        number of attempts to obtain host TGT (defaults to 5).\n\n  SSSD options:\n    --fixed-primary     Configure sssd to use fixed server as primary IPA\n                        server\n    --permit            disable access rules by default, permit all access.\n    --enable-dns-updates\n                        Configures the machine to attempt dns updates when the\n                        ip address changes.\n    --no-krb5-offline-passwords\n                        Configure SSSD not to store user password when the\n                        server is offline\n    --preserve-sssd     Preserve old SSSD configuration if possible\n\n  PKINIT options:\n    --pkinit-identity=IDENTITY\n                        PKINIT identity information (for example\n                        FILE:\/path\/to\/cert.pem,\/path\/to\/key.pem)\n    --pkinit-anchor=FILEDIR\n                        PKINIT trust anchors, prefixed with FILE: for CA PEM\n                        bundle file or DIR: for an OpenSSL hash dir. The\n                        option can be used used multiple times.\n\n  Automount options:\n    --automount-location=AUTOMOUNT_LOCATION\n                        Automount location\n\n  Logging and output options:\n    -v, --verbose       print debugging information\n    -d, --debug         alias for --verbose (deprecated)\n    -q, --quiet         output only errors\n    --log-file=FILE     log to the given file\n<\/code><\/pre>\n\n\n\n<p>Or<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>man ipa-client-install<\/code><\/pre>\n\n\n\n<p>Hence, you can simply execute the command below to setup the client<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ipa-client-install --mkhomedir --no-ntp<\/code><\/pre>\n\n\n\n<p>The option, <strong>&#8211;mkhomedir<\/strong>, is important to ensure user&#8217;s home directory is created on first login to the machine.<\/p>\n\n\n\n<p>Also, note that we disabled NTP services since we are not using FreeIPA server as our time server.<\/p>\n\n\n\n<p>When ran, the DNS discovery may fail if you didnt integrate FreeIPA server with DNS, so you need to provide your domain name, e.g <strong>kifarunix.com<\/strong> and FreeIPA FQDN such as <strong>freeipa.kifarunix.com<\/strong>. Ensure you say <strong>yes<\/strong> for continuing with no DNS discovery.<\/p>\n\n\n\n<p>Similarly, when prompted on who is authorized to enroll computers, use IPA admin and its credentials.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>This program will set up IPA client.\nVersion 4.11.1\n\nDNS discovery failed to determine your DNS domain\nProvide the domain name of your IPA server (ex: example.com): kifarunix.com\nProvide your IPA server name (ex: ipa.example.com): freeipa.kifarunix.com\nThe failure to use DNS to find your IPA server indicates that your resolv.conf file is not properly configured.\nAutodiscovery of servers for failover cannot work with this configuration.\nIf you proceed with the installation, services will be configured to always access the discovered server for all operations and will not fail over to other servers in case of failure.\nProceed with fixed values and no DNS discovery? [no]: yes\nClient hostname: noble.kifarunix.com\nRealm: KIFARUNIX.COM\nDNS Domain: kifarunix.com\nIPA Server: freeipa.kifarunix.com\nBaseDN: dc=kifarunix,dc=com\n\nContinue to configure the system with these values? [no]: yes\nSkipping chrony configuration\nUser authorized to enroll computers: admin\nPassword for admin@KIFARUNIX.COM: \nSuccessfully retrieved CA cert\n    Subject:     CN=Certificate Authority,O=KIFARUNIX.COM\n    Issuer:      CN=Certificate Authority,O=KIFARUNIX.COM\n    Valid From:  2024-05-04 03:38:52+00:00\n    Valid Until: 2044-05-04 03:38:52+00:00\n\nEnrolled in IPA realm KIFARUNIX.COM\nCreated \/etc\/ipa\/default.conf\nConfigured \/etc\/sssd\/sssd.conf\nSystemwide CA database updated.\nAdding SSH public key from \/etc\/ssh\/ssh_host_ed25519_key.pub\nAdding SSH public key from \/etc\/ssh\/ssh_host_ecdsa_key.pub\nAdding SSH public key from \/etc\/ssh\/ssh_host_rsa_key.pub\nCould not update DNS SSHFP records.\nSSSD enabled\nConfigured \/etc\/openldap\/ldap.conf\nConfigured \/etc\/ssh\/ssh_config\nConfigured \/etc\/ssh\/sshd_config.d\/04-ipa.conf\nConfiguring kifarunix.com as NIS domain.\nConfigured \/etc\/krb5.conf for IPA realm KIFARUNIX.COM\nClient configuration complete.\nThe ipa-client-install command was successful\n<\/code><\/pre>\n\n\n\n<p>If you do not want to type the domain name\/IPA server name, specify them on CLI;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ipa-client-install --mkhomedir --no-ntp --domain=kifarunix.com --server=freeipa.kifarunix.com<\/code><\/pre>\n\n\n\n<p>If there is any error, a log file where it is written to is provided.<\/p>\n\n\n\n<p>The command configures and enable SSSD service.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status sssd<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf sssd.service - System Security Services Daemon\n     Loaded: loaded (\/usr\/lib\/systemd\/system\/sssd.service; enabled; preset: enabled)\n     Active: active (running) since Sat 2024-05-04 12:48:19 EAT; 7min ago\n   Main PID: 8327 (sssd)\n      Tasks: 7 (limit: 4615)\n     Memory: 57.6M (peak: 58.0M)\n        CPU: 249ms\n     CGroup: \/system.slice\/sssd.service\n             \u251c\u25008327 \/usr\/sbin\/sssd -i --logger=files\n             \u251c\u25008328 \/usr\/libexec\/sssd\/sssd_be --domain kifarunix.com --uid 0 --gid 0 --logger=files\n             \u251c\u25008329 \/usr\/libexec\/sssd\/sssd_nss --uid 0 --gid 0 --logger=files\n             \u251c\u25008330 \/usr\/libexec\/sssd\/sssd_pam --uid 0 --gid 0 --logger=files\n             \u251c\u25008331 \/usr\/libexec\/sssd\/sssd_ssh --uid 0 --gid 0 --logger=files\n             \u251c\u25008332 \/usr\/libexec\/sssd\/sssd_sudo --uid 0 --gid 0 --logger=files\n             \u2514\u25008333 \/usr\/libexec\/sssd\/sssd_pac --uid 0 --gid 0 --logger=files\n\nMay 04 12:48:19 noble systemd[1]: Starting sssd.service - System Security Services Daemon...\nMay 04 12:48:19 noble sssd[8327]: Starting up\nMay 04 12:48:19 noble sssd_be[8328]: Starting up\nMay 04 12:48:19 noble sssd_nss[8329]: Starting up\nMay 04 12:48:19 noble sssd_ssh[8331]: Starting up\nMay 04 12:48:19 noble sssd_pam[8330]: Starting up\nMay 04 12:48:19 noble sssd_sudo[8332]: Starting up\nMay 04 12:48:19 noble sssd_pac[8333]: Starting up\nMay 04 12:48:19 noble systemd[1]: Started sssd.service - System Security Services Daemon.\n<\/code><\/pre>\n\n\n\n<p>You can also check what configurations are installed on the SSSD configuration.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo cat \/etc\/sssd\/sssd.conf<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>[domain\/kifarunix.com]\n\nid_provider = ipa\nipa_server = _srv_, freeipa.kifarunix.com\nipa_domain = kifarunix.com\nipa_hostname = noble.kifarunix.com\nauth_provider = ipa\nchpass_provider = ipa\naccess_provider = ipa\ncache_credentials = True\nldap_tls_cacert = \/etc\/ipa\/ca.crt\nkrb5_store_password_if_offline = True\n[sssd]\nservices = nss, pam, ssh, sudo\n\ndomains = kifarunix.com\n[nss]\nhomedir_substring = \/home\n\n[pam]\n\n[sudo]\n\n[autofs]\n\n[ssh]\n\n[pac]\n\n[ifp]\n\n[session_recording]\n<\/code><\/pre>\n\n\n\n<p>If you check users using id command, you should be able to see them listed.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>id bcooper<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>uid=1152000006(bcooper) gid=1152000006(bcooper) groups=1152000006(bcooper)<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"login-to-ubuntu-24-04-using-free-ipa-user-account\">Login to Ubuntu 24.04 using FreeIPA user Account<\/h3>\n\n\n\n<p>We have already created some accounts on our FreeIPA server;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1624\" height=\"444\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/managing-users-from-web-freeipa.png\" alt=\"\" class=\"wp-image-22399\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/managing-users-from-web-freeipa.png?v=1714808114 1624w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/managing-users-from-web-freeipa-768x210.png?v=1714808114 768w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/managing-users-from-web-freeipa-1536x420.png?v=1714808114 1536w\" sizes=\"(max-width: 1624px) 100vw, 1624px\" \/><\/figure>\n\n\n\n<p>Or list them from command line<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ipa user-find --all | grep \"User login\"<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>  User login: admin\n  User login: bcooper\n  User login: bparker\n  User login: bsmith\n<\/code><\/pre>\n\n\n\n<p>So, on our Ubuntu 24.04 client, let&#8217;s login as one of the users above;<\/p>\n\n\n\n<p>On the login interface, select <strong>Not listed<\/strong> to be able to enter new username and password for login.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1049\" height=\"786\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/login-with-not-listed-users.png?v=1714818220\" alt=\"\" class=\"wp-image-22411\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/login-with-not-listed-users.png?v=1714818220 1049w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/login-with-not-listed-users-768x575.png?v=1714818220 768w\" sizes=\"(max-width: 1049px) 100vw, 1049px\" \/><\/figure>\n\n\n\n<p>Enter the username and password. If the authentication is successful, you will be prompted to reset the password.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1042\" height=\"787\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/reset-password-freeipa-server.png?v=1714818236\" alt=\"\" class=\"wp-image-22412\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/reset-password-freeipa-server.png?v=1714818236 1042w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/reset-password-freeipa-server-768x580.png?v=1714818236 768w\" sizes=\"(max-width: 1042px) 100vw, 1042px\" \/><\/figure>\n\n\n\n<p>So, enter the current password and set a new one. When you login, you should see a message saying home directory is creating.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1034\" height=\"790\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/freeipa-client-user-login.png?v=1714818251\" alt=\"\" class=\"wp-image-22413\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/freeipa-client-user-login.png?v=1714818251 1034w, https:\/\/kifarunix.com\/wp-content\/uploads\/2024\/05\/freeipa-client-user-login-768x587.png?v=1714818251 768w\" sizes=\"(max-width: 1034px) 100vw, 1034px\" \/><\/figure>\n\n\n\n<p>You can also try to ssh into the client using the FreeIPA server user account.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>kifarunix@u24:~$ ssh bcooper@192.168.122.40\nThe authenticity of host 'localhost (<no hostip for proxy command>)' can't be established.\nED25519 key fingerprint is SHA256:VXA9MTsTF\/73wJyT6qs9VeS\/JVKKYJ2zUq9EqPzT4Tw.\nThis key is not known by any other names.\nAre you sure you want to continue connecting (yes\/no\/[fingerprint])? yes\nWarning: Permanently added 'localhost' (ED25519) to the list of known hosts.\n(bcooper@localhost) Password: <password>\nWelcome to Ubuntu 24.04 LTS (GNU\/Linux 6.8.0-31-generic x86_64)\n\n * Documentation:  https:\/\/help.ubuntu.com\n * Management:     https:\/\/landscape.canonical.com\n * Support:        https:\/\/ubuntu.com\/pro\n\nExpanded Security Maintenance for Applications is not enabled.\n\n3 updates can be applied immediately.\n3 of these updates are standard security updates.\nTo see these additional updates run: apt list --upgradable\n\nEnable ESM Apps to receive additional future security updates.\nSee https:\/\/ubuntu.com\/esm or run: sudo pro status\n\n\nThe programs included with the Ubuntu system are free software;\nthe exact distribution terms for each program are described in the\nindividual files in \/usr\/share\/doc\/*\/copyright.\n\nUbuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by\napplicable law.\n\n$\n<\/code><\/pre>\n\n\n\n<p>And there you go. You have setup FreeIPA client on Ubuntu 24.04 and you should be able to login using the centrally managed user accounts. Stay connected for more tutorials around FreeIPA server.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this tutorial, you will learn how to install and configure FreeIPA client on Ubuntu 24.04. With FreeIPA client, you can be able to authenticate<\/p>\n","protected":false},"author":10,"featured_media":22416,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,285,1152,1099],"tags":[247,7477,7396],"class_list":["post-22405","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-howtos","category-directory-server","category-freeipa","category-openldap","tag-freeipa","tag-freeipac-client","tag-ubuntu-24-04","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/22405"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=22405"}],"version-history":[{"count":7,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/22405\/revisions"}],"predecessor-version":[{"id":22423,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/22405\/revisions\/22423"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/22416"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=22405"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=22405"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=22405"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}