[Freeipa-users] LDAP authentication into FreeIPA
Dmitri Pal
dpal at redhat.com
Tue Nov 15 23:32:00 UTC 2011
On 11/15/2011 04:01 PM, Jimmy wrote:
> I know the Windows systems don't have full integration with FreeIPA,
> but I have Windows systems authenticating to FreeIPA the same as they
> would to a regular MIT Kerberos system. The are not using the same
> config that is posted on the FreeIPA website where the IPA users are
> mapped to a single workstation user.
>
Would you mind sharing your configuration and steps with us?
Thank you
Dmitri
> Jimmy
>
> On Tue, Nov 15, 2011 at 3:40 PM, Steven Jones <Steven.Jones at vuw.ac.nz
> <mailto:Steven.Jones at vuw.ac.nz>> wrote:
>
> Hi,
>
> I dont think there is much realistic hope of getting windows to
> authenticate to freeIPA......the others should be able to and the
> fedora docs on the freeipa documentation web page list a specific
> method for macs for one (but I have not tried it yet, but I will
> be)....ubuntu has been mentioned before....I have to try/do that
> as well....
>
> Siggi sent me some notes a while back,
>
> =============
>
> Ubuntu client install
>
>
> https://help.ubuntu.com/10.04/serverguide/C/kerberos.html
>
>
> sudo apt-get install krb5-user libpam-krb5 libpam-ccreds
> auth-client-config
>
>
> maybe also need libpam-ldap libnss-ldap
>
>
> Use ipa-getkeytab on a IPA server to retrieve the keytab for the
> host, and copy this to /etc/krb5.keytab on the Ubuntu client.
>
> [root at ipa1 ~]# ipa-getkeytab -s ipa1.ix.test.com
> <http://ipa1.ix.test.com> -p host/ubuntu-client.ix.test.com
> <http://ubuntu-client.ix.test.com> -k /tmp/buntuclient_krb5.keytab
>
> If you prefer you can use something like CFengine to automate the
> whole process.
>
> =============
>
> Hope that helps.............
>
>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> ________________________________
> From: freeipa-users-bounces at redhat.com
> <mailto:freeipa-users-bounces at redhat.com>
> [freeipa-users-bounces at redhat.com
> <mailto:freeipa-users-bounces at redhat.com>] on behalf of Boris
> Epstein [borepstein at gmail.com <mailto:borepstein at gmail.com>]
> Sent: Wednesday, 16 November 2011 9:03 a.m.
> To: freeipa-users at redhat.com <mailto:freeipa-users at redhat.com>
> Subject: [Freeipa-users] LDAP authentication into FreeIPA
>
> Hello all,
>
> This may be my general LDAP illiteracy - I only dealth with it
> briefly years ago - but I am trying to set up a FreeIPA server on
> Fedora 16 to have my Macs and Ubuntu Linux machines as well as a
> couple of Windows boxes to authenticate to - and seem not to be
> making much forward progress. Is there a step-by-step writeup on
> how to do that sort of thing?
>
> Thanks for any and all help.
>
> Boris.
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20111115/e7a94da0/attachment.htm>
More information about the Freeipa-users
mailing list