[Freeipa-users] FreeIPA, Windows and Kerberos
Michael ORourke
mrorourke at earthlink.net
Fri Oct 23 23:58:56 UTC 2015
What about the pGina project? I haven't tried this personally, but it
sounds like it might be something that could work with FreeIPA (using
the LDAP plugin).
Reference: http://pgina.org/
And this article looks helpful:
http://www.freeipa.org/page/Windows_authentication_against_FreeIPA
Or perhaps doing something with Samba and FreeIPA.
What exactly are you trying to do? When you say, "single sign-on via
kerberos", do you have some Linux servers that you want to access from
different versions of Windows and you want to be able to authenticate
without typing in a password every time (e.g. using PuTTY)?
-Mike
On 10/23/2015 2:51 PM, Randolph Morgan wrote:
> We are running a mixed environment network. However, all of our
> authentication is performed via LDAP, we do not have an AD on our
> network, nor do we have any Windows servers, all of our servers are
> running RHEL. We are working on implementing a new authentication
> server that is running FreeIPA, but would like to do single sign-on
> via Kerberos. I have been reading posts for the better part of two
> weeks and can not find instructions that work, on how to get Windows
> (XP - 10) to authenticate via Kerberos. Here is a list of some of the
> sites that I have looked at:
>
> https://support.microsoft.com/en-us/kb/837361
> https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html
> https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#id2573486
>
> http://www.freeipa.org/page/Windows_authentication_against_FreeIPA
> https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Using_Microsoft_Windows.html
> (This is an older post but I was getting desperate)
> http://www.freeipa.org/page/Implementing_FreeIPA_in_a_mixed_Environment_%28Windows/Linux%29_-_Step_by_step
>
>
> So here is the problem, when I attempt to set the Realm on the Windows
> client I receive the following error:
>
> C:\Users\randym>ksetup /setrealm CHEM.BYU.EDU
> Setting Dns Domain
> Failed to set dns domain info: 0xc0000022
> Failed /SetRealm : 0xc0000022
>
> I have tried several varieties of this command, including setting the
> domain instead of the realm and always get the same result. Can
> someone please put together a step by step process that includes both
> server side and client side for configuring Kerberos to work with
> Windows and FreeIPA.
>
> Thank You in advance,
>
> Randy
>
More information about the Freeipa-users
mailing list