Isn’t it funny how what should be a simple task turns into a complicated project in no time flat?

After checking out letsencrypt.org for some web site SSL stuff, I decided it was time to start moving the self-signed certificates over to ‘real’ certs too.

I’ve for a long time run some internal LDAP services (hosted on RaspberryPi’s too) but something I’ve wanted to do for over a now is move to a FreeIPA system.

Now, FreeIPA doesn’t (from what I can tell) run on a RaspberryPi, so I decided to kick up a VM to run it. For testing purposes, it’ll be an ubuntu guest running VirtualBox on an older MacMini that I’ve got laying around. That is until I get my new virtualization rig in.

A word to the wise. Make sure you give your virtual machine 2GB of memory to play with. I also learned that the latest Fedora 27 kernel doesn’t boot under my VirtualBox environment.

A lot of trial and error went on in this endeavor.

First off, I’m running FreeIPA on a Fedora 27 host (not fully updated due to reason above). With a base system installed, do a ‘dnf install freeipa-server’. While I don’t have the notes available, I’m pretty sure I searched for freeipa (dnf search freeipa) and installed all of the available packages.

I wasn’t able to initially install and configure the DNS portions. But next was a simple ‘ipa-server-install’, selecting a lot of the defaults. I did get what looks like a working system up eventually (i really reinstalled the darn thing 50 times).

After everything was up and I could log into the WebUI, I did a ‘ipa-dns-install’. It should be noted that for this process I’m actually migrating all of the hosts over to a new network name. Also new IP address space. That’s going to be fun. Can’t wait to see how FreeIPA handles that.

In the mean time some reading materials (in no particular order):

Some things to keep in mind: