{"id":2790,"date":"2026-03-26T15:41:36","date_gmt":"2026-03-26T14:41:36","guid":{"rendered":"https:\/\/yellotab.se\/x056\/?p=2790"},"modified":"2026-03-30T10:29:48","modified_gmt":"2026-03-30T08:29:48","slug":"freeipa-installation","status":"publish","type":"post","link":"https:\/\/yellotab.se\/x056\/2026\/03\/26\/freeipa-installation\/","title":{"rendered":"FreeIPA Systemdokumentation"},"content":{"rendered":"\n<pre class=\"wp-block-preformatted\"><strong>K\u00e4lla:<\/strong> <a href=\"https:\/\/chatgpt.com\/c\/69c42482-dbfc-8333-bcd6-6f362df3ca11\">ChatGPT<\/a> |<\/pre>\n\n\n\n<h1 class=\"wp-block-heading\">Installation och setup<\/h1>\n\n\n\n<p><strong>Datum:<\/strong> 2026-03-26<br><strong>Ansvarig:<\/strong> Lars Lindmark<br><strong>Syfte:<\/strong> Installation och konfiguration av FreeIPA Master Server i lokalt n\u00e4tverk f\u00f6r identitetshantering och Kerberos-infrastruktur.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">1. System\u00f6versikt<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Hypervisor:<\/strong> Proxmox 9<\/li>\n\n\n\n<li><strong>VM OS:<\/strong> Rocky Linux 10<\/li>\n\n\n\n<li><strong>Hostname:<\/strong> <code class=\"\" data-line=\"\">ipa.home.jidoka.se<\/code><\/li>\n\n\n\n<li><strong>IP-adress:<\/strong> <code class=\"\" data-line=\"\">192.168.1.16<\/code> (statisk, reserverad via DHCP)<\/li>\n\n\n\n<li><strong>Domain:<\/strong> <code class=\"\" data-line=\"\">home.jidoka.se<\/code><\/li>\n\n\n\n<li><strong>Realm:<\/strong> <code class=\"\" data-line=\"\">HOME.JIDOKA.SE<\/code><\/li>\n\n\n\n<li><strong>DNS:<\/strong> AdGuard Home anv\u00e4nds som prim\u00e4r DNS-server, FreeIPA hanterar inte DNS.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">2. Installation av VM<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Skapa en ny VM i Proxmox med f\u00f6ljande parametrar:\n<ul class=\"wp-block-list\">\n<li>CPU: Anpassad till host<\/li>\n\n\n\n<li>RAM: 4\u20138 GB<\/li>\n\n\n\n<li>Disk: \u226540 GB<\/li>\n\n\n\n<li>Network: Bridged adapter (ens18)<\/li>\n\n\n\n<li>Machine type: Q35 \/ default f\u00f6r Rocky 10<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Installera <strong>Rocky Linux 10 Minimal ISO<\/strong>.<\/li>\n\n\n\n<li>Konfigurera VM med <strong>grafisk konsol f\u00f6r installation<\/strong> (Proxmox webkonsol).<\/li>\n\n\n\n<li>Anv\u00e4nd SSH fr\u00e5n remote dator f\u00f6r att kunna Copy\/paste (VM har inte st\u00f6d Out Of Box)<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">3. N\u00e4tverkskonfiguration<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Statiskt IP reserverat via DHCP: <code class=\"\" data-line=\"\">192.168.1.16<\/code><\/li>\n\n\n\n<li>FQDN: <code class=\"\" data-line=\"\">ipa.home.jidoka.se<\/code><\/li>\n\n\n\n<li>DNS-forwarding via AdGuard Home<\/li>\n\n\n\n<li>Kontroll av DNS:<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">nslookup ipa.home.jidoka.se<\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">4. FreeIPA Installation<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Uppdatera systemet:<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo dnf update -y<\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>Installera FreeIPA serverpaket:<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo dnf install ipa-server ipa-server-dns -y<\/pre>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li>Starta installation:<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo ipa-server-install<\/pre>\n\n\n\n<ol start=\"4\" class=\"wp-block-list\">\n<li>Interaktiv konfiguration:<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"table has-fixed-layout\"><thead><tr><th>Parameter<\/th><th>V\u00e4rde \/ val<\/th><\/tr><\/thead><tbody><tr><td>Hostname<\/td><td>ipa.home.jidoka.se<\/td><\/tr><tr><td>Domain<\/td><td>home.jidoka.se<\/td><\/tr><tr><td>Realm<\/td><td>HOME.JIDOKA.SE<\/td><\/tr><tr><td>Admin password<\/td><td>(valdes under installation)<\/td><\/tr><tr><td>NetBIOS domain<\/td><td>HOME (standard)<\/td><\/tr><tr><td>Konfigurera Dogtag CA<\/td><td>Yes (standard, Smallstep anv\u00e4nds senare)<\/td><\/tr><tr><td>DNS-hantering<\/td><td>Hoppar \u00f6ver (AdGuard anv\u00e4nds)<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Obs: Prompt \u201cContinue to configure the system\u2026\u201d \u2192 svar <strong>yes<\/strong>.<\/li>\n\n\n\n<li>Dogtag CA anv\u00e4nds initialt, men planeras ers\u00e4ttas av Smallstep CA.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">5. Brandv\u00e4ggskonfiguration<\/h2>\n\n\n\n<p>FreeIPA kr\u00e4ver \u00f6ppna portar f\u00f6r LDAP, Kerberos, Web UI och replikering.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">sudo firewall-cmd --add-service=freeipa-ldap --permanent<br>sudo firewall-cmd --add-service=freeipa-ldaps --permanent<br>sudo firewall-cmd --add-service=freeipa-replication --permanent<br>sudo firewall-cmd --add-service=freeipa-trust --permanent<br>sudo firewall-cmd --add-service=freeipa-4 --permanent<br>sudo firewall-cmd --reload<\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Kontrollera:<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-preformatted\">firewall-cmd --list-all<\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">6. Post-installation<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Backup av CA-certifikat:<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-preformatted\">cp \/root\/cacert.p12 \/secure\/location\/ [<a href=\"smb:\/\/Arkivet._smb._tcp.local\/Tillga\u030angar\/Nycklar\/x077\/105 FreeIPA\">Arkivet<\/a>]<\/pre>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>Kontrollera att FreeIPA fungerar:<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-preformatted\">kinit admin<br>klist<br>ipa user-find<\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Kerberos-ticket skapad och testlogin via Web UI bekr\u00e4ftat.<\/li>\n<\/ul>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\">\n<li>Addera n\u00f6dv\u00e4ndiga DNS-poster i AdGuard:<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A-record: <code class=\"\" data-line=\"\">ipa.home.jidoka.se \u2192 192.168.1.16<\/code><\/li>\n\n\n\n<li>SRV-poster kan l\u00e4ggas senare om full Windows-integration kr\u00e4vs.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">7. Verifiering<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Kerberos:<\/strong> <code class=\"\" data-line=\"\">kinit admin<\/code> \u2192 <code class=\"\" data-line=\"\">klist<\/code> visar ticket<\/li>\n\n\n\n<li><strong>LDAP \/ IPA CLI:<\/strong> <code class=\"\" data-line=\"\">ipa user-find<\/code> listar anv\u00e4ndare<\/li>\n\n\n\n<li><strong>Web UI:<\/strong> <a href=\"https:\/\/ipa.home.jidoka.se\">https:\/\/ipa.home.jidoka.se<\/a> \u2192 login fungerar<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">8. N\u00e4sta steg<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Integrera Smallstep CA f\u00f6r TLS-certifikat<\/li>\n\n\n\n<li>Koppla FreeIPA till OIDC \/ Keycloak f\u00f6r federerad identitet<\/li>\n\n\n\n<li>Konfigurera klienter (Linux, NAS, Home Assistant) via LDAP \/ Kerberos<\/li>\n\n\n\n<li>Dokumentera eventuella DNS SRV-poster om Windows-klienter anv\u00e4nds<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">9. Anteckningar \/ Anm\u00e4rkningar<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>DNS hanteras av AdGuard, SRV-poster m\u00e5ste l\u00e4ggas manuellt f\u00f6r full funktion<\/li>\n\n\n\n<li>Brandv\u00e4gg m\u00e5ste h\u00e5lla \u00f6ppet FreeIPA-relaterade portar<\/li>\n\n\n\n<li>FreeIPA initialt med Dogtag CA, planeras ers\u00e4ttas av Smallstep CA<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Installation och setup av FreeIPA, som \u00e4r installerat som en LXC p\u00e5 Proxmox host. Operativsystem Rocky OS 10 minimal <\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[270],"tags":[271,272],"class_list":["post-2790","post","type-post","status-publish","format-standard","hentry","category-systemdokumentation","tag-freeipa","tag-identitetsserver"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/yellotab.se\/x056\/wp-json\/wp\/v2\/posts\/2790","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/yellotab.se\/x056\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/yellotab.se\/x056\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/yellotab.se\/x056\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/yellotab.se\/x056\/wp-json\/wp\/v2\/comments?post=2790"}],"version-history":[{"count":7,"href":"https:\/\/yellotab.se\/x056\/wp-json\/wp\/v2\/posts\/2790\/revisions"}],"predecessor-version":[{"id":2814,"href":"https:\/\/yellotab.se\/x056\/wp-json\/wp\/v2\/posts\/2790\/revisions\/2814"}],"wp:attachment":[{"href":"https:\/\/yellotab.se\/x056\/wp-json\/wp\/v2\/media?parent=2790"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/yellotab.se\/x056\/wp-json\/wp\/v2\/categories?post=2790"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/yellotab.se\/x056\/wp-json\/wp\/v2\/tags?post=2790"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}