FIPAsec

Setting Up a FreeIPA Lab Environment

Step-by-step guide to create a secure testing environment for FreeIPA penetration testing

Setting up a dedicated lab environment is essential for practicing FreeIPA penetration testing techniques safely and legally. This guide will walk you through creating a virtualized FreeIPA environment that you can use to develop and test your skills.

The lab environment will consist of a FreeIPA server and one or more client machines, all running in virtual machines. This isolated environment allows you to practice penetration testing techniques without risking damage to production systems or violating any laws.

FreeIPA Lab Environment Setup

Setting up a secure lab environment is essential for ethical penetration testing

Prerequisites

Hardware Requirements

CPU

Multi-core processor with virtualization support (Intel VT-x or AMD-V)Minimum: 4 cores, Recommended: 8+ cores

RAM

Minimum 8GB RAM (16GB or more recommended)Allocate at least 4GB for the FreeIPA server VM

Storage

At least 50GB of free disk spaceSSD storage highly recommended for better performance

Network

Internet connection for downloading required softwareAbility to create isolated virtual networks

Software Requirements

Virtualization Software

VirtualBox, VMware, or KVM/QEMU

Operating System Images

CentOS/RHEL 8 or Fedora Server for FreeIPA

Penetration Testing Distribution

Kali Linux or Parrot OS for testing

Network Configuration

Knowledge of basic networking concepts

Lab Architecture

Our lab environment will consist of the following components:

FreeIPA Server
  • CentOS/RHEL 8 or Fedora Server
  • 4GB RAM (minimum)
  • 20GB disk space
  • Static IP address
  • Hostname: ipa.example.lab
  • Domain: example.lab
Client Machine
  • CentOS/RHEL 8 or Fedora Workstation
  • 2GB RAM (minimum)
  • 10GB disk space
  • Static IP address
  • Hostname: client.example.lab
  • Enrolled in FreeIPA domain
Attack Machine
  • Kali Linux or Parrot OS
  • 2GB RAM (minimum)
  • 20GB disk space
  • Static IP address
  • Hostname: kali.example.lab
  • Penetration testing tools installed
FreeIPA Lab Network Architecture

Lab Network Architecture

Isolated network environment with FreeIPA server, client machines, and attack system for secure testing

Setting Up the Virtual Network

Before creating the virtual machines, we need to set up a virtual network that will allow the machines to communicate with each other while remaining isolated from your host network.

In VirtualBox, we'll create a Host-Only Network for our lab environment:

  1. Open VirtualBox and go to File > Host Network Manager.
  2. Click Create to create a new host-only network.
  3. Configure the network with the following settings:
    • IPv4 Address: 192.168.56.1
    • IPv4 Network Mask: 255.255.255.0
  4. Enable the DHCP server with the following settings:
    • Server Address: 192.168.56.100
    • Server Mask: 255.255.255.0
    • Lower Address Bound: 192.168.56.101
    • Upper Address Bound: 192.168.56.254
  5. Click Apply to save the settings.

When creating each virtual machine, configure the network adapter to use the Host-Only Network you just created.

Setting Up the FreeIPA Server

Now that we have our virtual network set up, let's create and configure the FreeIPA server:

  1. Create a new virtual machine:
    • Name: FreeIPA Server
    • Type: Red Hat Enterprise Linux 8
    • Memory: 4GB
    • Disk: 20GB
    • Network: Host-Only Network (created earlier)
  2. Install CentOS/RHEL 8:
    • Download the ISO from the official website
    • Mount the ISO to the virtual machine
    • Start the virtual machine and follow the installation wizard
    • Set the hostname to ipa.example.lab
    • Configure a static IP address (e.g., 192.168.56.10)
    • Create a root password and an administrative user
  3. Update the system:
    sudo dnf update -y
  4. Configure the hostname and hosts file:
    sudo hostnamectl set-hostname ipa.example.lab
    sudo vi /etc/hosts

    Add the following line to /etc/hosts:

    192.168.56.10 ipa.example.lab ipa
  5. Install FreeIPA server packages:
    sudo dnf install -y ipa-server ipa-server-dns
  6. Configure the FreeIPA server:
    sudo ipa-server-install

    Follow the installation wizard with these settings:

    • Configure integrated DNS: Yes
    • Server hostname: ipa.example.lab
    • Domain name: example.lab
    • Realm name: EXAMPLE.LAB
    • Directory Manager password: (create a secure password)
    • IPA admin password: (create a secure password)
    • Configure reverse zone: Yes
    • Forwarder: (your DNS server or leave empty)
  7. Verify the installation:
    sudo ipactl status

Setting Up the Client Machine

Now let's set up a client machine that will be enrolled in the FreeIPA domain:

  1. Create a new virtual machine:
    • Name: FreeIPA Client
    • Type: Red Hat Enterprise Linux 8
    • Memory: 2GB
    • Disk: 10GB
    • Network: Host-Only Network (same as the server)
  2. Install CentOS/RHEL 8:
    • Download the ISO from the official website
    • Mount the ISO to the virtual machine
    • Start the virtual machine and follow the installation wizard
    • Set the hostname to client.example.lab
    • Configure a static IP address (e.g., 192.168.56.20)
    • Create a root password and a local user
  3. Update the system:
    sudo dnf update -y
  4. Configure the hostname and hosts file:
    sudo hostnamectl set-hostname client.example.lab
    sudo vi /etc/hosts

    Add the following lines to /etc/hosts:

    192.168.56.10 ipa.example.lab ipa
    192.168.56.20 client.example.lab client
  5. Configure DNS settings:
    sudo vi /etc/resolv.conf

    Add the following lines to /etc/resolv.conf:

    search example.lab
    nameserver 192.168.56.10
  6. Install FreeIPA client packages:
    sudo dnf install -y ipa-client
  7. Enroll the client in the FreeIPA domain:
    sudo ipa-client-install --mkhomedir

    Follow the installation wizard:

    • Provide the FreeIPA server hostname: ipa.example.lab
    • Provide the domain name: example.lab
    • Provide the IPA admin password (created during server setup)
  8. Verify the enrollment:
    id admin
    kinit admin
    klist

Setting Up the Attack Machine

Finally, let's set up the attack machine that will be used for penetration testing:

  1. Create a new virtual machine:
    • Name: Kali Linux
    • Type: Debian 64-bit
    • Memory: 2GB
    • Disk: 20GB
    • Network: Host-Only Network (same as the server and client)
  2. Install Kali Linux:
    • Download the ISO from the official website
    • Mount the ISO to the virtual machine
    • Start the virtual machine and follow the installation wizard
    • Set the hostname to kali.example.lab
    • Configure a static IP address (e.g., 192.168.56.30)
    • Create a root password and a user account
  3. Update the system:
    sudo apt update && sudo apt upgrade -y
  4. Configure the hostname and hosts file:
    sudo hostnamectl set-hostname kali.example.lab
    sudo vi /etc/hosts

    Add the following lines to /etc/hosts:

    192.168.56.10 ipa.example.lab ipa
    192.168.56.20 client.example.lab client
    192.168.56.30 kali.example.lab kali
  5. Configure DNS settings:
    sudo vi /etc/resolv.conf

    Add the following lines to /etc/resolv.conf:

    search example.lab
    nameserver 192.168.56.10
  6. Install additional tools for FreeIPA penetration testing:
    sudo apt install -y ldap-utils krb5-user python3-impacket
  7. Verify connectivity to the FreeIPA server:
    ping -c 4 ipa.example.lab
    nmap -p 389,636,88,464,53,80,443 ipa.example.lab

Configuring the FreeIPA Environment for Testing

Now that we have our lab environment set up, let's configure it with some test users, groups, and access controls to create a realistic testing environment:

  1. Log in to the FreeIPA web interface:
    • Open a web browser on your host machine
    • Navigate to https://ipa.example.lab
    • Accept the self-signed certificate warning
    • Log in with the admin user and password created during server setup
  2. Create test users:
    • Go to Identity > Users > Add
    • Create several users with different privilege levels (e.g., regular users, service accounts, administrators)
    • Set weak passwords for some users to test password attacks
  3. Create test groups:
    • Go to Identity > Groups > Add
    • Create several groups (e.g., IT, HR, Finance, Admins)
    • Add users to appropriate groups
  4. Configure HBAC rules:
    • Go to Policy > Host-Based Access Control > HBAC Rules
    • Create rules to control which users can access which hosts and services
    • Intentionally create some overly permissive rules for testing
  5. Configure sudo rules:
    • Go to Policy > Sudo > Sudo Rules
    • Create rules to control which users can run privileged commands on which hosts
    • Intentionally create some misconfigured rules for testing
  6. Configure role-based access control:
    • Go to Identity > Roles
    • Create roles with different privileges
    • Assign roles to users and groups

Next Steps

Now that you have a fully functional FreeIPA lab environment, you can start practicing penetration testing techniques. Here are some suggested next steps:

Begin Reconnaissance

Start by performing reconnaissance from the attack machine to identify the FreeIPA server and its services. Use the techniques described in our Reconnaissance Guide.

Enumerate the Environment

Once you've identified the FreeIPA server, enumerate users, groups, and access controls using the techniques described in our Enumeration Guide.

Exploit Vulnerabilities

Attempt to exploit the vulnerabilities you've identified using the techniques described in our Exploitation Guide.

Post-Exploitation

After successfully exploiting vulnerabilities, practice post-exploitation techniques to maintain access and move laterally within the environment. See our Post-Exploitation Guide.

Troubleshooting Common Issues

When setting up your FreeIPA lab environment, you might encounter some common issues. Here are solutions to the most frequent problems:

DNS Resolution Issues

If you're experiencing DNS resolution problems:

  • Verify that the FreeIPA server's IP address is correctly set as the DNS server on all client machines
  • Check that the /etc/resolv.conf file has the correct nameserver entry
  • Ensure that the FreeIPA DNS service is running: sudo ipactl status
  • Test DNS resolution with: dig ipa.example.lab
Certificate Errors

If you encounter certificate validation errors:

  • Verify that the system time is synchronized across all machines
  • Check that the hostname resolution is working correctly
  • Regenerate certificates if necessary: sudo ipa-server-certinstall --dirman-password=PASSWORD /path/to/certificate
  • Restart the FreeIPA services: sudo ipactl restart
Client Enrollment Failures

If client enrollment is failing:

  • Ensure the client can reach the FreeIPA server on all required ports (389, 636, 88, 464, etc.)
  • Verify that the client's hostname is correctly set and resolvable
  • Check firewall settings on both server and client
  • Try enrollment with debug output: sudo ipa-client-install --mkhomedir --enable-dns-updates -v
Network Connectivity

If machines cannot communicate with each other:

  • Verify that all VMs are on the same virtual network
  • Check that IP addresses are correctly assigned and don't conflict
  • Ensure that firewalls allow traffic between the machines
  • Test connectivity with: ping and telnet to specific ports

Related Content

Getting Started
Guide to begin FreeIPA penetration testing
Learn more
Cheat Sheet
Quick reference for FreeIPA penetration testing commands
Learn more
Attack Techniques
Overview of FreeIPA attack techniques
Learn more
Tools
Tools for FreeIPA penetration testing
Learn more
Methodology
Comprehensive methodology for FreeIPA penetration testing
Learn more
Resources
Additional resources for FreeIPA penetration testing
Learn more