FreeIPA IdM - Issues

Lessons Learned

Category Lesson

Category	Lesson
DNS Separation	Using `--no-dns` requires pre-existing DNS records for IPA hostname before installation.
Firewall	FreeIPA installer manages firewalld rules automatically with `--setup-firewall`.
SELinux	Keep enforcing - FreeIPA is fully SELinux compatible.
Service Accounts	Use `ipa service-add` for printers, applications needing bind accounts.
ISE Integration	FreeIPA LDAP works with ISE for 802.1X user lookup.

DNS Separation

Using --no-dns requires pre-existing DNS records for IPA hostname before installation.

Firewall

FreeIPA installer manages firewalld rules automatically with --setup-firewall.

SELinux

Keep enforcing - FreeIPA is fully SELinux compatible.

Service Accounts

Use ipa service-add for printers, applications needing bind accounts.

ISE Integration

FreeIPA LDAP works with ISE for 802.1X user lookup.

Item	Status
ipa-01	Operational, primary IdM server
ipa-02	Planned (HA replica on kvm-02)
DNS	A/PTR records in BIND
ISE	LDAP integration configured
Documentation	11-phase runbook + service account guide

Item

Status

ipa-01

Operational, primary IdM server

ipa-02

Planned (HA replica on kvm-02)

DNS

A/PTR records in BIND

ISE

LDAP integration configured

Documentation

11-phase runbook + service account guide