Identity Management for Linux Domain Environments & Trusts.

Learn more


FreeIPA → Identity Management for Linux Domain Environments & Trust is a dedicated training which helps you understand the basics and deploy later very expanded Linux Domain Environments within your private or cloud infrastructure.

During hands-on labs we will cover in details every important aspect and functionality of FreeIPA. Except for simple things like user or password management, we will talk about big installations and advanced integrations with Active Directory or other Unix systems like AIX, Solaris or HP-UX. We will go through not so simple PKI features, critical network services integration like VPN or Proxy. We will delve deeply into replication process and issues, Single-Sign On and 2FA setups. There are also lab sessions related to hardening and security testing of FreeIPA instances.

Distributed SUDO and Host-Based Access Control rules for your desktops, servers and critical applications allow you to build controlled, secured and accountable environments and this training will show you all of that. As a bonus we will show you how to use user’s LDAP attributes for achieving hidden network data exfiltration across isolated network segments, LDAP denial of service, anonymous BINDs and of course how to protect your installation against the above threats.


  • Introduction to domain environments.
  • Installing and configuring FreeIPA server.
  • Installing and enrolling client machines.
  • SSSD and PAM configuration.
  • User, group and role management.
  • SSO kerberos-based authentication, authorization and integration:
    • SSH
    • HTTP
    • NFS
    • Samba
    • Squid
    • Radius
    • VPN
  • 2FA, one-time password and smart card authentication.
  • DNS configuration and management.
  • HBAC - Host Based Access Control.
  • Distributed SUDO rules management.
  • SSH pubkey configuration.
  • SELinux user mapping.
  • Public Key Infrastructure - Certificate Management.
  • FreeIPA replication.
  • FreeIPA in the cloud.
  • Active Directory Trust Integration.
  • FreeBSD, Solaris, AIX and HP-UX Integration.
  • FreeIPA hardening and vulnerability scanning.
  • FreeIPA tips and tricks.
  • Summary and final lab.

Time Duration

2 days (9:00am - 5:00pm)

Who should attend

  • IT Consultants and Solution Integrators
  • DevOps and DevSecOps Engineers
  • Linux and Network Engineers
  • System Administrators

TRAINER: Leszek Miś

Leszek Miś is the Founder of Defensive Security, Principal Trainer and Security Researcher with over 15 years of experience in Cyber Security and Open Source Security Solutions market. He went through the full path of the infosec carrier positions: from OSS researcher, Linux administrator and system developer, Solution Engineer, DevOps and CI, through penetration tester and security consultant delivering hardening services and training for the biggest players in the European market, to become finally an IT Security Architect / SOC Security Analyst with deep non-vendor focus on Network Security attack and detection. He’s got deep knowledge about finding blind spots and security gaps in corporate environments. Perfectly understands technology and business values from delivering structured, automated adversary simulation platform.

Recognized speaker and trainer: BruCON, Black Hat US, OWASP Appsec US, FloCon US, Hack In The Box DBX/AMS, Infosec in the City SG, Nanosec Asia, Confidence PL, PLNOG, Open Source Day PL, Red Hat Roadshow. Member of OWASP Poland Chapter.

Holds many certifications: OSCP, RHCA, RHCSS, Splunk Certified Architect.

His areas of interest include network “features” extraction, OS internals and forensics. Constantly tries to figure out “what da **ck” the AI/ML Network Security vendors try to sell. In free time he likes to break into “IoT world” just for fun.

Still learning hard every single day.


If interested in dedicated, closed training for your Linux Infrastructure / DevSecOps team let us know. We love delivering on-site training sessions!