I know the Windows systems don't have full integration with FreeIPA, but I have Windows systems authenticating to FreeIPA the same as they would to a regular MIT Kerberos system. The are not using the same config that is posted on the FreeIPA website where the IPA users are mapped to a single workstation user.
Jimmy On Tue, Nov 15, 2011 at 3:40 PM, Steven Jones <[email protected]>wrote: > Hi, > > I dont think there is much realistic hope of getting windows to > authenticate to freeIPA......the others should be able to and the fedora > docs on the freeipa documentation web page list a specific method for macs > for one (but I have not tried it yet, but I will be)....ubuntu has been > mentioned before....I have to try/do that as well.... > > Siggi sent me some notes a while back, > > ============= > > Ubuntu client install > > > https://help.ubuntu.com/10.04/serverguide/C/kerberos.html > > > sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config > > > maybe also need libpam-ldap libnss-ldap > > > Use ipa-getkeytab on a IPA server to retrieve the keytab for the host, and > copy this to /etc/krb5.keytab on the Ubuntu client. > > [root@ipa1 ~]# ipa-getkeytab -s ipa1.ix.test.com -p host/ > ubuntu-client.ix.test.com -k /tmp/buntuclient_krb5.keytab > > If you prefer you can use something like CFengine to automate the whole > process. > > ============= > > Hope that helps............. > > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > ________________________________ > From: [email protected] [[email protected]] > on behalf of Boris Epstein [[email protected]] > Sent: Wednesday, 16 November 2011 9:03 a.m. > To: [email protected] > Subject: [Freeipa-users] LDAP authentication into FreeIPA > > Hello all, > > This may be my general LDAP illiteracy - I only dealth with it briefly > years ago - but I am trying to set up a FreeIPA server on Fedora 16 to have > my Macs and Ubuntu Linux machines as well as a couple of Windows boxes to > authenticate to - and seem not to be making much forward progress. Is there > a step-by-step writeup on how to do that sort of thing? > > Thanks for any and all help. > > Boris. > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
