<html><body><div style="font-family: lucida console,sans-serif; font-size: 10pt; color: #000000"><div>That, too, is in the first document I linked, plus it also lists the option of standing up a Samba 4 to emulate an AD domain that trusts FreeIPA.<br></div><div><br data-mce-bogus="1"></div><div><br></div><div><br></div><hr id="zwchr" data-marker="__DIVIDER__"><div data-marker="__HEADERS__"><b>From: </b>"grace rante thompson" <graziee@gmail.com><br><b>To: </b>"Jason Nance" <jason@tresgeek.net><br><b>Cc: </b>freeipa-users@redhat.com<br><b>Sent: </b>Friday, March 24, 2017 10:58:06 AM<br><b>Subject: </b>Re: [Freeipa-users] Authenticating windows users<br></div><div><br></div><div data-marker="__QUOTED_TEXT__"><div dir="ltr">sorry, I guess I should have been more clear that we needed more than just Kerberos. Somebody suggested pGina so I'll give it a shot. <br><div>thanks</div><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Mar 23, 2017 at 11:52 AM, Jason B. Nance <span dir="ltr"><<a href="mailto:jason@tresgeek.net" target="_blank">jason@tresgeek.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-family:lucida console,sans-serif;font-size:10pt;color:#000000"><div style="font-family:lucida console,sans-serif;font-size:10pt;color:#000000"><div><span style="color:#2e3436;font-family:'Source Sans Pro',sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:#ffffff;display:inline!important;float:none"></span><div style="clear:both"></div></div><div><span class=""><blockquote style="border-left:2px solid #1010ff;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"><div><div dir="ltr">Thanks Jason, but those documents need AD as the primary authenticator. This is not the case for us. </div></div></blockquote> </span><div>I think you need to read them a bit closer.  Very first line of first link says:</div><br><div><span style="color:#2e3436;font-family:'Source Sans Pro',sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:#ffffff;display:inline!important;float:none">"This article describes direct integration between FreeIPA and Windows machine, i.e. without involving Active Directory server."</span></div><span class=""><div style="clear:both"><br></div><br><blockquote style="border-left:2px solid #1010ff;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"><div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Mar 23, 2017 at 11:46 AM, Jason B. Nance <span dir="ltr"><<a href="mailto:jason@tresgeek.net" target="_blank">jason@tresgeek.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-family:lucida console,sans-serif;font-size:10pt;color:#000000"><div style="font-family:lucida console,sans-serif;font-size:10pt;color:#000000"><div><span><blockquote style="border-left:2px solid #1010ff;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"><div><div dir="ltr"><div>We are primarily linux/osx shop and we currently have FreeIPA/IDM (ver 4.2) as our master. I will need to add a handful of windows machines and been trying to figure out how to authenticate our windows users with FreeIPA/IDM. Is this even possible? I know Global Catalogs may not happen anytime soon (sad face).  I'm open to -all- ideas, even if it is a paid solution (not sure if centrify and the likes can sync up to FreeIPA/IDM). </div></div></div></blockquote> </span><div style="color:#000000;font-family:'lucida console',sans-serif;font-size:10pt;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:#ffffff">I would start here:</div><div style="color:#000000;font-family:'lucida console',sans-serif;font-size:10pt;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:#ffffff"><br></div><div style="color:#000000;font-family:'lucida console',sans-serif;font-size:13.3333px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:#ffffff"><a href="https://www.freeipa.org/page/Windows_authentication_against_FreeIPA" target="_blank">https://www.freeipa.org/page/Windows_authentication_against_FreeIPA</a><br data-mce-bogus="1"></div><div style="color:#000000;font-family:'lucida console',sans-serif;font-size:13.3333px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:#ffffff"><br></div><div style="color:#000000;font-family:'lucida console',sans-serif;font-size:13.3333px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:#ffffff"><a href="https://www.freeipa.org/page/Implementing_FreeIPA_in_a_mixed_Environment_(Windows/Linux)_-_Step_by_step" target="_blank">https://www.freeipa.org/page/Implementing_FreeIPA_in_a_mixed_Environment_(Windows/Linux)_-_Step_by_step</a><br data-mce-bogus="1"></div><br></div></div></div></div></blockquote></div></div></div></blockquote></span></div><br></div></div></div></blockquote></div></div><br></div></div></body></html>