Thanks your info. So it means we cannot use FreeIPA server if we require MFA
under Windows 2012?
Because our environment is under PCI-DSS cert, PCI-DSS 3.2 has new requirement
forcing MFA on non-console access to servers. That's why we look for FreeIPA.
From: Alexander Bokovoy [mailto:aboko...@redhat.com]
Sent: Thursday, May 11, 2017 3:43 PM
To: Felix Chu
Subject: Re: [Freeipa-users] Windows client authentication with OTP not
On to, 11 touko 2017, Felix Chu wrote:
>Hi , I would like to implement SSO for my Linux+Windows2012 machines
>I have installed FreeIPA, it works well for my Linux client
>authentication with OTP enabled. However, for Windows client, I can
>only make it works with FreeIPA without OTP.
>The Windows machines are 2012 R2 without AD(workgroup only). When I
>login Windows using FreeIPA user accounts enabled with OTP, it shows
>"An unsupported preauthentication mechanism was presented to the
>Kerberos package", is that not supported ? or something I configured
Windows does not support OTP in Kerberos the same way how MIT Kerberos does
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project