FreeIPA is a free and open source Identity, Policy, and Audit (IPA) suite sponsored by RedHat. It's an IPA solution, a combination of Linux (Fedora), 389 Directory Server, MIT Kerberos, NTP, DNS Bind, Dogtag, Apache web server, and Python.


In our previous guide, we've already shown you the FreeIPA installation and configuration on CentOS 7 server. However, this guide will show you the installation and configuration of the FreeIPA Client.


Currently, FreeIPA has client packages for CentOS 7, Fedora, and Ubuntu. And for this guide, we're going to install and configure the FreeIPA client on CentOS 7 server.



  • A Server the FreeIPA server software installed.
  • CentOS 7 client
  • Root privileges


What we will do?

  • Add Client DNS Record
  • Setup the Client DNS Resolver
  • Setup FQDN
  • Install FreeIPA Client on CentOS 7
  • Verify the Installation
  • Testing


Step 1 - Add DNS Record


First of all, we need to add the DNS record of the client host to the FreeIPA server.


Login to the FreeIPA server and authenticate to the Kerberos admin using the following command.

kinit admin


After that, add the DNS record of the client to the FreeIPA server.

ipa dnsrecord-add client --a-rec


Step 2 - Setup DNS Resolver and Firewalld


In order to configure the client with the DNS autodiscovery setup, we need to edit the client DNS resolver to use the FreeIPA server IP address as the nameserver.


Edit the '/etc/resolv.conf' file.

vim /etc/resolv.conf


Replace the domain name and IP address with your own FreeIPA server and paste into it.



Next, we need to open the DNS port service on the client. It's used for the IPA client autodiscovery, so we need to open that port on the client host.

firewall-cmd --add-service=dns --permanent
firewall-cmd --reload


Step 3 - Setup FQDN


After configuring the DNS resolver, we need to configure the FQDN (Fully Qualified Domain Name) of the client host. And then add the FreeIPA server IP address and domain name to the '/etc/hosts' file.


Change FQDN of the client by running the following command.

hostnamectl set-hostname


Next, edit the '/etc/hosts' file using vim editor.

vim /etc/hosts


Make the following change in the following configuration.  ipa client


Save and close, then type 'exit' command to log out from the server.


Now log in again to the server and verify FQDN of the server using the following command.

hostname -f


Step 4 - Install FreeIPA Client on CentOS 7


By default, CentOS 7 server provides FreeIPA client packages on its own repository. So we can install FreeIPA client packages just by running the following command below.

sudo yum -y install freeipa-client ipa-admintools


After that, run the FreeIPA client command installation below.

ipa-client-install --mkhomedir --force-ntpd


Type 'yes' to apply system changes using profile values generated from the DNS autodiscovery. Once the installation is complete, you will get the result such as 'The ipa-client-install command was successful'.



If you fail with the autodiscovery host, ensure the DNS of the FreeIPA server is in the top line on the '/etc/resolv.conf file, and ensure the DNS port '53' are open on the server.


Step 5 - Verify the Installation


After the FreeIPA client installation and configuration, we want to verify by checking the client hosts from the FreeIPA server.


Run the following command on the FreeIPA server.

ipa host-show


Change the name of the host with your own info, and you will be shown your host info.


In addition, we want to check again from the FreeIPA web-UI dashboard.


Log in to the FreeIPA dashboard, click on the 'Hosts' tab. And you will be shown your own host info.


Step 6 - Testing


For this example, we want to test the FreeIPA client installation by creating a new user on the FreeIPA server.


Run the following command to create a new user.

ipa user-add yume --first=yume --last=sensei  --shell=/bin/bash --password


After that, try to log in to the client host through SSH from the FreeIPA server.

ssh yume@


And finally, you will be logged in to the client using the FreeIPA user recently created.


Was this answer helpful? 0 Users Found This Useful (0 Votes)