Implementing FreeIPA as a central Identity Management Solution

Step 2. Create Users / Groups via the CLI

Prerequisite: In order to use the “ipa” command, you must be authenticated by an IPA admin user.
You can achieve this using the “kinit” command


[root@ds01 ~]# kinit admin
Password for admin@EXAMPLE.COM:
[root@ds01 ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin@EXAMPLE.COM

Valid starting     Expires            Service principal
08/28/12 20:41:39  08/29/12 20:41:37  krbtgt/EXAMPLE.COM@EXAMPLE.COM
[root@ds01 ~]#

Creating users via the CLI is as follows

[root@ds01 ~]# ipa user-add
First name: Dale
Last name: Macartney
User login [dmacartney]:
Added user "dmacartney"
User login: dmacartney
First name: Dale
Last name: Macartney
Full name: Dale Macartney
Display name: Dale Macartney
Initials: DM
Home directory: /home/dmacartney
GECOS field: Dale Macartney
Login shell: /bin/sh
Kerberos principal: dmacartney@EXAMPLE.COM
UID: 1272000001
GID: 1272000001
Password: False
Kerberos keys available: False
[root@ds01 ~]#


Now lets set a password for our new user

[root@ds01 ~]# ipa passwd dmacartney
New Password:
Enter New Password again to verify:
Changed password for "dmacartney@EXAMPLE.COM"
[root@ds01 ~]#

Your new user will now be able to authenticate and login via your authenticated workstation.


Deleting users is equally as simple.

[root@ds01 ~]# ipa user-del dmacartney
Deleted user "dmacartney"
[root@ds01 ~]#

2 comments on “Implementing FreeIPA as a central Identity Management Solution

  1. Kevin McNally May 6, 2015 19:31

    Cool. Great work.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>