[Freeipa-users] LDAP authentication into FreeIPA

Boris Epstein borepstein at gmail.com
Tue Nov 15 21:24:20 UTC 2011 

Jimmy,

Thanks! I thought this way myself - FreeIPA provides a proper LDAP
implementation, no reason Windows should be unable to use it.

Now if only I could find a better documentation on how to make this
happen...

Boris.

On Tue, Nov 15, 2011 at 4:01 PM, Jimmy <g17jimmy at gmail.com> wrote:

> I know the Windows systems don't have full integration with FreeIPA, but I
> have Windows systems authenticating to FreeIPA the same as they would to a
> regular MIT Kerberos system. The are not using the same config that is
> posted on the FreeIPA website where the IPA users are mapped to a single
> workstation user.
>
> Jimmy
>
> On Tue, Nov 15, 2011 at 3:40 PM, Steven Jones <Steven.Jones at vuw.ac.nz>wrote:
>
>> Hi,
>>
>> I dont think there is much realistic hope of getting windows to
>> authenticate to freeIPA......the others should be able to and the fedora
>> docs on the freeipa documentation web page list a specific method for macs
>> for one (but I have not tried it yet, but I will be)....ubuntu has been
>> mentioned before....I have to try/do that as well....
>>
>> Siggi sent me some notes a while back,
>>
>> =============
>>
>> Ubuntu client install
>>
>>
>> https://help.ubuntu.com/10.04/serverguide/C/kerberos.html
>>
>>
>> sudo apt-get install krb5-user libpam-krb5 libpam-ccreds
>> auth-client-config
>>
>>
>> maybe also need libpam-ldap libnss-ldap
>>
>>
>> Use ipa-getkeytab on a IPA server to retrieve the keytab for the host,
>> and copy this to /etc/krb5.keytab on the Ubuntu client.
>>
>> [root at ipa1 ~]# ipa-getkeytab -s ipa1.ix.test.com -p host/
>> ubuntu-client.ix.test.com -k /tmp/buntuclient_krb5.keytab
>>
>> If you prefer you can use something like CFengine to automate the whole
>> process.
>>
>> =============
>>
>> Hope that helps.............
>>
>>
>> regards
>>
>> Steven Jones
>>
>> Technical Specialist - Linux RHCE
>>
>> Victoria University, Wellington, NZ
>>
>> 0064 4 463 6272
>>
>> ________________________________
>> From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com]
>> on behalf of Boris Epstein [borepstein at gmail.com]
>> Sent: Wednesday, 16 November 2011 9:03 a.m.
>> To: freeipa-users at redhat.com
>> Subject: [Freeipa-users] LDAP authentication into FreeIPA
>>
>> Hello all,
>>
>> This may be my general LDAP illiteracy - I only dealth with it briefly
>> years ago - but I am trying to set up a FreeIPA server on Fedora 16 to have
>> my Macs and Ubuntu Linux machines as well as a couple of Windows boxes to
>> authenticate to - and seem not to be making much forward progress. Is there
>> a step-by-step writeup on how to do that sort of thing?
>>
>> Thanks for any and all help.
>>
>> Boris.
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20111115/4bf093ca/attachment.htm>

More information about the Freeipa-users mailing list