What about the pGina project? I haven't tried this personally, but it sounds like it might be something that could work with FreeIPA (using the LDAP plugin).
Reference: http://pgina.org/
And this article looks helpful:
http://www.freeipa.org/page/Windows_authentication_against_FreeIPA
Or perhaps doing something with Samba and FreeIPA.

What exactly are you trying to do? When you say, "single sign-on via kerberos", do you have some Linux servers that you want to access from different versions of Windows and you want to be able to authenticate without typing in a password every time (e.g. using PuTTY)?

-Mike

On 10/23/2015 2:51 PM, Randolph Morgan wrote:
We are running a mixed environment network. However, all of our authentication is performed via LDAP, we do not have an AD on our network, nor do we have any Windows servers, all of our servers are running RHEL. We are working on implementing a new authentication server that is running FreeIPA, but would like to do single sign-on via Kerberos. I have been reading posts for the better part of two weeks and can not find instructions that work, on how to get Windows (XP - 10) to authenticate via Kerberos. Here is a list of some of the sites that I have looked at:

https://support.microsoft.com/en-us/kb/837361
https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html
https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#id2573486
http://www.freeipa.org/page/Windows_authentication_against_FreeIPA
https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Using_Microsoft_Windows.html (This is an older post but I was getting desperate) http://www.freeipa.org/page/Implementing_FreeIPA_in_a_mixed_Environment_%28Windows/Linux%29_-_Step_by_step

So here is the problem, when I attempt to set the Realm on the Windows client I receive the following error:

C:\Users\randym>ksetup /setrealm CHEM.BYU.EDU
Setting Dns Domain
Failed to set dns domain info: 0xc0000022
Failed /SetRealm : 0xc0000022

I have tried several varieties of this command, including setting the domain instead of the realm and always get the same result. Can someone please put together a step by step process that includes both server side and client side for configuring Kerberos to work with Windows and FreeIPA.

Thank You in advance,

Randy


--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to