Identity Management for Linux Domain Environments & Trusts.

Learn more


FreeIPA → Identity Management for Linux Domain Environments & Trust is a dedicated training which helps you understand the basics and deploy later very expanded Linux Domain Environments within your private or cloud infrastructure.

During hands-on labs we will cover in details every important aspect and functionality of FreeIPA. Except for simple things like user or password management, we will talk about big installations and advanced integrations with Active Directory or other Unix systems like AIX, Solaris or HP-UX. We will go through not so simple PKI features, critical network services integration like VPN or Proxy. We will delve deeply into replication process and issues, Single-Sign On and 2FA setups. There are also lab sessions related to hardening and security testing of FreeIPA instances.

Distributed SUDO and Host-Based Access Control rules for your desktops, servers and critical applications allow you to build controlled, secured and accountable environments and this training will show you all of that. As a bonus we will show you how to use user’s LDAP attributes for achieving hidden network data exfiltration across isolated network segments, LDAP denial of service, anonymous BINDs and of course how to protect your installation against the above threats.


  • Introduction to domain environments.
  • Installing and configuring FreeIPA server.
  • Installing and enrolling client machines.
  • SSSD and PAM configuration.
  • User, group and role management.
  • SSO kerberos-based authentication, authorization and integration:
    • SSH
    • HTTP
    • NFS
    • Samba
    • Squid
    • Radius
    • VPN
  • 2FA, one-time password and smart card authentication.
  • DNS configuration and management.
  • HBAC - Host Based Access Control.
  • Distributed SUDO rules management.
  • SSH pubkey configuration.
  • SELinux user mapping.
  • Public Key Infrastructure - Certificate Management.
  • FreeIPA replication.
  • FreeIPA in the cloud.
  • Active Directory Trust Integration.
  • FreeBSD, Solaris, AIX and HP-UX Integration.
  • FreeIPA hardening and vulnerability scanning.
  • FreeIPA tips and tricks.
  • Summary and final lab.

Time Duration

2 days (9:00am - 5:00pm)

Who should attend

  • IT Consultants and Solution Integrators
  • DevOps and DevSecOps Engineers
  • Linux and Network Engineers
  • System Administrators

TRAINER: Leszek Miś

Leszek Miś is the Founder of Defensive Security, Principal Trainer & IT Security Architect. Recently he was a VP, Head of Cyber Security in Collective Sense - a Machine Learning Network Security Startup from the U.S. where he was responsible for product security research, strategy, business analysis & technical feature implementation and recommendation. He has over 13 years of experience in the IT security market supporting the world’s largest customers in terms of exfiltration simulations and penetration tests, infrastructure hardening and general Open Source and IT Security consultancy services. In addition, he has 11 years of experience in teaching and transferring a deep technical knowledge and his own experience. He has trained 600+ students with the highest rank. He is an IT Security Architect with offensive love and a recognized expert in the enterprise OSS market.


If interested in dedicated, closed training for your Linux Infrastructure / DevSecOps team let us know. We love delivering on-site training sessions!