[Freeipa-users] LDAP authentication into FreeIPA

Dmitri Pal dpal at redhat.com
Tue Nov 15 23:32:00 UTC 2011 

On 11/15/2011 04:01 PM, Jimmy wrote:
> I know the Windows systems don't have full integration with FreeIPA,
> but I have Windows systems authenticating to FreeIPA the same as they
> would to a regular MIT Kerberos system. The are not using the same
> config that is posted on the FreeIPA website where the IPA users are
> mapped to a single workstation user.
>

Would you mind sharing your configuration and steps with us?


Thank you
Dmitri

> Jimmy
>
> On Tue, Nov 15, 2011 at 3:40 PM, Steven Jones <Steven.Jones at vuw.ac.nz
> <mailto:Steven.Jones at vuw.ac.nz>> wrote:
>
>     Hi,
>
>     I dont think there is much realistic hope of getting windows to
>     authenticate to freeIPA......the others should be able to and the
>     fedora docs on the freeipa documentation web page list a specific
>     method for macs for one (but I have not tried it yet, but I will
>     be)....ubuntu has been mentioned before....I have to try/do that
>     as well....
>
>     Siggi sent me some notes a while back,
>
>     =============
>
>     Ubuntu client install
>
>
>     https://help.ubuntu.com/10.04/serverguide/C/kerberos.html
>
>
>     sudo apt-get install krb5-user libpam-krb5 libpam-ccreds
>     auth-client-config
>
>
>     maybe also need libpam-ldap libnss-ldap
>
>
>     Use ipa-getkeytab on a IPA server to retrieve the keytab for the
>     host, and copy this to /etc/krb5.keytab on the Ubuntu client.
>
>     [root at ipa1 ~]# ipa-getkeytab -s ipa1.ix.test.com
>     <http://ipa1.ix.test.com> -p host/ubuntu-client.ix.test.com
>     <http://ubuntu-client.ix.test.com> -k /tmp/buntuclient_krb5.keytab
>
>     If you prefer you can use something like CFengine to automate the
>     whole process.
>
>     =============
>
>     Hope that helps.............
>
>
>     regards
>
>     Steven Jones
>
>     Technical Specialist - Linux RHCE
>
>     Victoria University, Wellington, NZ
>
>     0064 4 463 6272
>
>     ________________________________
>     From: freeipa-users-bounces at redhat.com
>     <mailto:freeipa-users-bounces at redhat.com>
>     [freeipa-users-bounces at redhat.com
>     <mailto:freeipa-users-bounces at redhat.com>] on behalf of Boris
>     Epstein [borepstein at gmail.com <mailto:borepstein at gmail.com>]
>     Sent: Wednesday, 16 November 2011 9:03 a.m.
>     To: freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
>     Subject: [Freeipa-users] LDAP authentication into FreeIPA
>
>     Hello all,
>
>     This may be my general LDAP illiteracy - I only dealth with it
>     briefly years ago - but I am trying to set up a FreeIPA server on
>     Fedora 16 to have my Macs and Ubuntu Linux machines as well as a
>     couple of Windows boxes to authenticate to - and seem not to be
>     making much forward progress. Is there a step-by-step writeup on
>     how to do that sort of thing?
>
>     Thanks for any and all help.
>
>     Boris.
>
>     _______________________________________________
>     Freeipa-users mailing list
>     Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20111115/e7a94da0/attachment.htm>

More information about the Freeipa-users mailing list