From 59bdafed6a3057affd1445e6f0a4e786894c3a14 Mon Sep 17 00:00:00 2001
From: ducoterra <git@ducoterra.net>
Date: Fri, 6 Feb 2026 20:21:55 -0500
Subject: [PATCH] freeipa install updates

---
 active/software_freeipa/freeipa.md | 62 ++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)

diff --git a/active/software_freeipa/freeipa.md b/active/software_freeipa/freeipa.md
index e1d8ad6..cd64f10 100644
--- a/active/software_freeipa/freeipa.md
+++ b/active/software_freeipa/freeipa.md
@@ -1,6 +1,9 @@
 # FreeIPA
 
 - [FreeIPA](#freeipa)
+  - [Install](#install)
+  - [Backup and Restore](#backup-and-restore)
+  - [Add a Fedora Client](#add-a-fedora-client)
   - [Notes](#notes)
   - [Quickstart Debugging Setup](#quickstart-debugging-setup)
   - [Quickstart Production Setup](#quickstart-production-setup)
@@ -26,6 +29,65 @@ An AD Server.
 
 This guide assumes Fedora 40+.
 
+## Install
+
+<https://www.freeipa.org/page/Quick_Start_Guide>
+
+```bash
+# Add firewall rules
+firewall-cmd \
+--permanent \
+--add-service=http \
+--add-service=https \
+--add-service=ldap \
+--add-service=ldaps
+
+firewall-cmd --reload
+
+# Download freeipa deps
+dnf install freeipa-server
+
+# Install and setup freeipa
+# Make sure your directory password is less then 64 characters long.
+# Any longer and you will get an OpenSSL error when reading /root/ca-agent.p12.
+ipa-server-install
+
+# Login as admin
+kinit admin
+
+# Add a user
+ipa user-add
+ipa passwd ducoterra
+
+# Uninstall
+ipa-server-install --uninstall
+```
+
+## Backup and Restore
+
+When restoring a backup the server must have the same:
+
+1. Hostname
+2. IP address
+3. FreeIPA version
+
+```bash
+# Create a backup
+ipa-backup
+```
+
+```bash
+# Restore a backup
+ipa-restore /path/to/backup
+```
+
+## Add a Fedora Client
+
+```bash
+sudo dnf install ipa-client sssd oddjob oddjob-mkhomedir adcli
+sudo ipa-client-install --mkhomedir
+```
+
 ## Notes
 
 For yubikey manager appimage extend app not responding timeout to 60 seconds