After successfully getting the DHCP working in both LAN’s, I have attempted to create a server/client solution by using FreeIPA. I heard about this software through research, and it is a great alternative to Active Directory in a Linux environment.
FreeIPA allow you to ‘Manage Linux users and client hosts in your realm from one central location with CLI, Web UI or RPC access. Enable Single Sign On authentication for all your systems, services and applications’ -FreeIPA. (N.D.). https://www.freeipa.org/page/Main_Page
FreeIPA Installation
I will go through the steps that I followed to implement this solution.
I started by creating two VM’s.
1. Create a VM running a Fedora OS. This will be used as the ‘server’ for LDAP authentication.
2. Create a VM running Ubuntu (20.04). This will be the ‘client’ device
3. Set static IPv4 addresses on both machines.
On the Fedora server
4. Update the Fedora install: sudo dnf update -y
5. Once complete, reboot the device
6. Change device hostname: nano /etc/hostname.
In this example we will use ‘ipasrv.hq.lan’. Save the file
7. Change device hosts: nano /etc/hosts, add the line:
*Server IP*<tab> ipasrv.hq.lan <tab> ipasrv. Save the file
8. Reboot device
9. Setup firewall for certain ports:
firewall-cmd — add-service=freeipa-ldap — add-service=freeipa-ldaps
and then
firewall-cmd — add-service=freeipa-ldap — add-service=freeipa-ldaps — permanent
10. Pull server resources: yum install freeipa-server freeipa-server-dns nfs-utils
11. Reboot again
12. Run installation of freeIPA server: ipa-server-install — mkhomedir. This will start an interactive install. Run through this install.
13. Setup web interface: kinit admin
14. In a browser, type the IPv4 address of the server, or the server hostname.
15. Login with admin and pre set password.
From here you can add users and have full control over the services FreeIPA offers.
Now we set up the client device.
1. Change hostname, ‘ipa01.home.lan’
2. Change hosts, add the client to the top of the list, and the server just below the loopbacks
3. Update && upgrade, reboot
4. sudo apt install freeipa-client
5. Set default Kerberos realm/server details ‘ipasrv.home.lan’
6. ipa-client-install — mkhomedir
7. Run through install ‘home.lan’ + ‘ipasrv.home.lan’ + Yes, No , Yes
8. Enter user authorized to enroll computers (the server)‘admin’
9. Enter password (your set password)
10.Recieve confirmation of install
Then when you check back on the server web page, the client device will be added as a ‘Host’.
Our Network
I have drawn up a simple logical diagram to display our network configuration
