Our previous guide, link provided a stepwise tutorial on how to install and setup FreeIPA server on CentOS 8. As a continuation, this guide will take you through how to add FreeIPA user accounts via CLI or Web interface.
First install and Setup FreeIPA server on CentOS 8 by following the link below;
Add FreeIPA User Accounts via CLI or Web Interface
There are two ways in which FreeIPA user accounts can be created. That is via command line interface or via the FreeIPA web user interface.
Add FreeIPA User Accounts via CLI
FreeIPA user accounts can be created via the command line using the
ipa user-add command.
The command can be run non-interactively or interactively by passing the attributes directly on the command line or entering the attributes interactively respectively.
For example, to create a user called
kmibey on the command line using the
ipa user-add non-interactively.
ipa user-add kmibey --first=Kip --last=Mibey --password
The command will prompt for the password and create the user account with other account default values.
... Password: PASSWORD Enter Password again to verify: RE-ENTER PASSWORD ------------------- Added user "kmibey" ------------------- User login: kmibey First name: Kip Last name: Mibey Full name: Kip Mibey Display name: Kip Mibey Initials: KM Home directory: /home/kmibey GECOS: Kip Mibey Login shell: /bin/sh Principal name: [email protected] Principal alias: [email protected] User password expiration: 20191018180713Z Email address: [email protected] UID: 474600001 GID: 474600001 Password: True Member of groups: ipausers Kerberos keys available: True
To interactively create a FreeIPA user account using the
ipa user-add command, simply run the command on the terminal as shown below;
When run, you are prompted to provide the required values. Where the default values can be used, press Enter to accept the defaults or enter your values and proceed.
First name: jane Last name: doe User login [jdoe]: Password: Enter Password again to verify: ----------------- Added user "jdoe" ----------------- User login: jdoe First name: jane Last name: doe Full name: jane doe Display name: jane doe Initials: jd Home directory: /home/jdoe GECOS: jane doe Login shell: /bin/sh Principal name: [email protected] Principal alias: [email protected] User password expiration: 20191018182043Z Email address: [email protected] UID: 474600004 GID: 474600004 Password: True Member of groups: ipausers Kerberos keys available: True
Password provided during account setup is temporary and the user is prompted to change the password on the first login.
You can consult,
ipa user-add --help for more information about the command.
List FreeIPA User Accounts
You can list FreeIPA user accounts using the
ipa user-find command.
To list all created FreeIPA user accounts, simply run the command;
ipa user-find --all
To list specific user;
ipa user-find USERNAME
ipa user-find jdoe
Learn more on
ipa user-find --help.
Modify FreeIPA User Accounts
To change the attributes of the FreeIPA user account, use the
ipa user-mod command.
For example, to change the shell for the user, simply run;
ipa user-mod USERNAME --shell=/bin/bash
Substitute USERNAME with the user’s login ID.
See other options for changing user attributes,
ipa user-mod --help.
To delete the user, use the
ipa user-del command.
ipa user-del USERNAME
Add FreeIPA User Accounts via Web Interface
To create, view or modify users and their attributes from FreeIPA server web interface, login to FreeIPA as an administrative user.
Once logged in, Under Identity > Users tab, you can see multiple user account management options.
As you can see from the Users tab, there are three types of the user account states;
Stageusers are not allowed to authenticate. Some of the user account properties required for active users might not yet be set.
Activeusers are allowed to authenticate. All required user account properties must be set in this state.
Preservedusers are former
activeusers. They are considered inactive and cannot authenticate to IdM.
To add a user account, click
+Add button. This opens up a screen where you can set the user’s username, the first and last names, passwords and other attributes.
Click Add to create the user account. You can click click on other options like Add and Add another to add the user and proceed to add another, Add and Edit to add the edit the user attributes…
To edit FreeIPA user account attributes, click on the user’s username.
Scroll down the screen to see other user’s attributes that can be modified. You can also set user roles, user groups from the same screen.
You can also Delete, Enable or Disable user account.
Well, that is just about it on our guide on how to add FreeIPA user accounts via CLI or Web interface.