this post was submitted on 15 Nov 2023
0 points (50.0% liked)
Homelab
380 readers
9 users here now
Rules
- Be Civil.
- Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
- No memes or potato images.
- We love detailed homelab builds, especially network diagrams!
- Report any posts that you feel should be brought to our attention.
- Please no shitposting or blogspam.
- No Referral Linking.
- Keep piracy discussion off of this community
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Here are some of my notes.
You need to have a hostname set up on the server:
hostnamectl set-hostname your-server.domain.internal
You will need an entry in /etc/hosts defining the IP of the service with the hostname.
vi /etc/hosts
10.0.0.10
your-server.domain.internal
docker run --sysctl net.ipv6.conf.all.disable_ipv6=0 --name $(hostname -s) -ti -h $(hostname -f) --read-only -v /opt/freeipa:/data -e IPA_SERVER_IP=$(ip a show dev ens18 | grep inet | awk '{ print $2 }' | sed -s 's//.*$//') freeipa/freeipa-server:rocky-9 ipa-server-install -r DOMAIN.INTERNAL -n domain.internal --no-ntp --setup-dns --forwarder=1.0.0.1 --forwarder=1.1.1.1 --reverse-zone=10.in-addr.arpa. --ip-address=$(ip a show dev ens18 | grep inet | awk '{ print $2 }' | sed -s 's//.*$//')
Here some stuff you might need to edit in the docker command:
Server IP:
-e IPA_SERVER_IP=$(ip a show dev ens18 | grep inet | awk '{ print $2 }' | sed -s 's/\/.*$//') #This line use ens18 (default for proxmox) to get the ip and use it to host the service. Change it to the IP you want for the freeipa server, same for --ip-address=
IPV6 usage:
--sysctl net.ipv6.conf.all.disable_ipv6=0 # I didn't wanted to use ipv6 in my lab so you can switch it to 1 if you want ipv6 enabled
Realm domain:
-r DOMAIN.INTERNAL # Change this to whatever realm domain you want ALWAYS UPPERCASE
Domain name:
-n domain.internal # The LDAP domain to use, usually it is the realm name in lowercase
DNS parameter:
--forwarder=1.0.0.1 #These are cloudflare public dns
--forwarder=1.1.1.1 #These are cloudflare public dns
--reverse-zone=10.in-addr.arpa. #This is the reverse zone for the domain server
Thanks, i appreciate it!
Now as I started researching freeipa suddenly other options pop up such as lldap, authentik, authelia etc.. now im getting confused again! Lol
On my side I have FreeIPA for LDAP/Kerberos/DNS/Certificate and Authentik for SSO (pulling account info from FreeIPA). I am pretty satisfied with FreeIPA in general. I even use FreeIPA with DDNS and create some domain for kubernetes directly. I also added freeipa as a Certificate Issuer in Cert-manager which allow me to generate internal certificate for my ingress.