How to set up internal network with virtual FreeIPA server using either KVM or VirtualBox for RHCSA tests?

Edit- This has been resolved, thanks to /u/iggy_koopa

So I am at my wits' end here trying to set up an internal network in order to do some RHCSA mock exams. I have been studying on my own for RHCSA and have essentially completed the syllabus using Sander van Vugt's RHCSA book and video courses for RHEL7. I have my exam booked for a couple of weeks' time and would like to practice with some mock exams. van Vugt provides 4 of these in his book but these require a Centos7/RHEL7 FreeIPA server with a specific configuration accessible to another CentOS7 machine and this is where I am getting stuck. I would be grateful if someone could provide advice or point me to an up-to-date howto for this. Configuring a FreeIPA server is RHCSE territory and I don't have another six months to study up to that level in order to complete relatively simple tasks like mount an NFS share using an LDAP login to practice for RCSA tests. Alternatively the issue might be nothing to do with the server but only the internal network.

Objective

Set up internal network on host machine for either VirtualBox or KVM clients. One to be a FreeIPA server with a specific address (full details at bottom of this post). Host machine is running Ubuntu 15.10. I did think about putting CentOS on the host but it is a Broadwell based laptop which I am not certain that a 3 series kernel would properly support and I am not certain that my main issues are caused by Ubuntu.

Problem

I cannot get either VM's I have set up from scratch or downloaded preconfigured images from the publisher to see one another on an internal VirtualBox network. They appear to have the requested IP addresses but cannot see one another. They work fine on NAT to acecss the outside world.

What I have tried already

Following van Vugt's step by step instructions for the FreeIPA server as given in his book (reproduced below), several times using VirtualBox. These appear to be either incomplete or contain errors as the steps given seem to be in the wrong order. The publisher's errata for the book is an 18 page word doc and although some of it does refer to this section the corrections don't appear to be very meaningful or applicable here. I do appear to have the FreeIPA server set up and running after jumping back and forth through the steps given but the core issue is the internal network. My own configuartions don't seem to be able to access anyhting when set to use internal network.

Downloading preconfigured VM images from the publisher. These are made available as both VMWare and KVM images for the FreeIPA server and 2 clients all CentOS7. I could not get the FreeIPA image to convert and boot successfully in VirtualBox so I converted the qcow2 KVM image and used that. It appears to be configured as per instructions above but I can't get it to see other machines on the internal network- although it can ping the VirtualBox virtual DHCP server. The client is set for DHCP and can't see anything 'network unreachable'

The command I used to set up the virtual network is

VBoxManage dhcpserver add --netname intnet3 --ip 192.168.122.1 --netmask 22 --lowerip 192.168.122.100 --upperip 192.168.122.300 --enable 

based on guidance given here and here. The ip address for the FreeIPA server needs to be 192.168.122.200. In the VM settings in VirtualBox I have 'internal network' 'inet3' selected with 'promiscous mode allow VMs.

I have tried also using KVM with the preconfigured images BUT all of the guidance for internal networks seems to be stuff like this and this which is based around init.d scripts. Obviuosly both host and clients are using systemd so this doesn't help so much.

Unfortunately it doesn't seem that any of the other self study guides for RHEL7 RHCSA are out yet so I am not aware of another source for test environments/ tests.

van Vugt's instructions for the server setup are quite long. I reproduce them below as a quote in case they may be useful here.

Thanks in advance

Performing the Base Installation

To create the IPA server that is needed for several exercises throughout this book, install a (virtual) machine that matches the following criteria:

• Ensure your server has 2 GB RAM and 10 GB available disk space.
• Use Red Hat Enterprise Linux 7 or CentOS 7.
• Name set to ipa.example.com.
• IP address set to 192.168.122.200, default gateway to 192.168.122.1, and DNS temporarily to 8.8.8.8. (You need to change that later.)
• Choose the server with graphical interface installation pattern.
• Use default partitioning on the servers hard disk.
• Switch off SELinux.
• Make sure that you have access to installation repositories.
• Add an entry to /etc/hosts to enable hostname resolution for the hostname. The line should read as follows:
• 192.168.122.200 ipa.example.com ipa

Installing FreeIPA

To install FreeIPA, follow these steps:

1. Open a root shell and type yum -y install ipa-server bind-dyndb-ldap.
2. Start the installation program for the IPA server by running ipa-server-install --setup-dns. (Type ipa-server --help for a complete list of all options.) Tip There is also a command ipa-dns-install. This command is useful if you have configured FreeIPA without DNS first and later on you decide that you want to change that and add DNS support.
3. When asked whether you want to configure integrated DNS (BIND), answer yes.
4. The installer will now tell you that it has found an existing BIND configuration and asks if you want to overwrite it. Answer yes to this question.
5. At this point, the installer should detect the hostname that has been set and prompt for the hostname, which according to the earlier instructions should be set to ipa.example.com. If the installer shows anything else, stop the installation now, using Ctrl+C and use hostnamectl set-hostname ipa.example.com to set the hostname. You should not go on and install IPA if the hostname has not been set correctly!
6. At this point, the installer asks you to confirm the DNS domain name, which should be set to example.com. If all went well, the DNS name has been correctly identified earlier in this procedure. Press Enter to confirm.
7. At this point, the installer should ask you to confirm the Kerberos realm name EXAMPLE.COM. If it does not, you haven’t created a line in /etc/hosts that allows for resolution of this hostname. If that is the case, stop the configuration script and add this line to /etc/hosts. After adding it, you can start this script again to work through all steps of the configuration. Confirm the Kerberos realm name EXAMPLE.COM by pressing Enter.
8. The installer now prompts for the Directory Manager password. As you are setting up the IPA server for use in a course / test environment, I recommend using the password password.
9. After setting the password for the Directory Manager (which is an LDAP administrative account), you need to set a password for the IPA admin user as well. This is the account that you typically use to accomplish all IPA management tasks. Set this to password also.
10. At this point, you are prompted as to whether you want to set an IP address for a DNS forwarder. It is a good idea to forward all DNS requests that cannot be resolved locally to an external DNS server, but you do not have to. Enter the IP address of your external DNS server, or a common external DNS server such as 8.8.8.8, and press Enter.
11. The installer prompts once more for the IP address of a DNS forwarder. This is because multiple DNS forwarders can be configured. Press Enter without entering anything else here.
12. You are now asked if you want to configure the (DNS) reverse zone. For full functionality, it is important that you do this. Press Enter to access the default suggestion and start configuring it. This will allow you to not only resolve hostnames to IP addresses but also to resolve IP addresses to hostnames.
13. You are now prompted to specify the reverse zone name. According to the preceding instructions, it should be set to 122.168.192.in-addr.arpa. (The reverse zone name contains the network part of the IP address, but reversed, followed by the fixed part in-addr.arpa. Press Enter to accept.

14. You will now see a summary of all installation settings. Check if it looks okay. If it does, type yes and press Enter to start the installation. Go have a cup of coffee; this will take a couple of minutes to complete. After successful completion, the installer shows the following message:

    Setup complete Next steps: 1. You must make sure these network ports are open: TCP Ports: * 80, 443: HTTP/HTTPS * 389, 636: LDAP/LDAPS * 88, 464: kerberos * 53: bind UDP Ports: * 88, 464: kerberos * 53: bind * 123: ntp 2. You can now obtain a kerberos ticket using the command: 'kinit admin' This ticket will allow you to use the IPA tools (e.g., ipa user-add) and the web user interface. 

    Be sure to back up the CA certificate stored in /root/cacert.p12 This file is required to create replicas. The password for this file is the Directory Manager password

15. At this point, you need to finalize the installation. First, you need to open the firewall to allow all services that FreeIPA is offering to be accessed. Do this by typing for i in http https ldap ldaps kerberos kpasswd dns ntp; do firewall-cmd --permanent --add-service $i; done. Next type firewall-cmd --reload to reload the configuration.

16. Now you can obtain a Kerberos ticket for the Kerberos admin user by using kinit admin. Enter the password password that you’ve set for this user previously and you’ll have a Kerberized session that is established.

17. Type klist to verify the contents of the Kerberos ticket. You’ll see that your session is valid for 24 hours. This completes the primary part of the setup.

    You now have a working IPA service that provides LDAP, Kerberos, DNS, and time services. Notice that the time services are offered by using the ntp service, and not the chronyd service that you will learn about in this book. From a functionality perspective, that does not really matter. Preparing Your IPA Server for User Authentication Now that you have a functional IPA server, it is time to prepare it for the labs where you need to authenticate on the IPA server using LDAP or Kerberos credentials. This includes the creation of an FTP server to make the certificate and keytab files available:

18. Install the vsftpd FTP server by using yum install -y vsftpd.

19. Type systemctl enable vsftpd; systemctl start vsftpd to enable and start the FTP service.

20. From a root shell, type cp ~/cacert.p12 /var/ftp/pub to copy the CA certificate of the IPA server to the FTP site. This ensures that the certificate is available for the exercises where users need to authenticate.

21. Type firewall-cmd --permanent --add-service ftp; firewall-cmd --reload.

22. Type klist to see whether you are still in a Kerberized session. If not, type kinit admin.

23. Now that you are authenticated on the IPA server, type ipa user-add lisa. Enter lisa as the first name and jones as the last name. You’ll see that the user lisa is added to the IPA server. Repeat this procedure to create a user linda thomsen.

24. For both users, set the IPA password. Use ipa passwd lisa; ipa passwd linda to do this. Enter the password password for both users. Your IPA server is now ready for all exercises in Chapters 6 and 24 of this book.

There are continuing instructions for the RHCSE section of the book 'Preparing Your IPA Server for Kerberized NFS' which I have not reproduced here as I Presume that they are not relevant here