[Freeipa-users] FreeIPA, Windows and Kerberos

Fujisan fujisan43 at gmail.com
Sat Oct 24 07:16:18 UTC 2015 

Have you tried with /setdomain?
ksetup /setdomain CHEM.BYU.EDU <http://chem.byu.edu/>

I've done like this on windows 8.1 and windows 10. I had trouble doing it
on one windows 7 desktop so I upgraded to windows 10.

​These are the only steps I did to authenticate a windows desktop via
kerberos, nothing more:​

1. ksetup /setdomain [REALM NAME]
2. ksetup /addkdc [REALM NAME] [kdc DNS name]
3. ksetup /addkpasswd [REALM NAME] [kdc DNS name]
4. ksetup /setcomputerpassword [MACHINE_PASSWORD] (the one used above)
5. ksetup /mapuser * *


On Fri, Oct 23, 2015 at 8:51 PM, Randolph Morgan <randym at chem.byu.edu>
wrote:

> We are running a mixed environment network.  However, all of our
> authentication is performed via LDAP, we do not have an AD on our network,
> nor do we have any Windows servers, all of our servers are running RHEL.
> We are working on implementing a new authentication server that is running
> FreeIPA, but would like to do single sign-on via Kerberos.  I have been
> reading posts for the better part of two weeks and can not find
> instructions that work, on how to get Windows (XP - 10) to authenticate via
> Kerberos.  Here is a list of some of the sites that I have looked at:
>
> https://support.microsoft.com/en-us/kb/837361
> https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html
>
> https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#id2573486
> http://www.freeipa.org/page/Windows_authentication_against_FreeIPA
>
> https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Using_Microsoft_Windows.html
> (This is an older post but I was getting desperate)
>
> http://www.freeipa.org/page/Implementing_FreeIPA_in_a_mixed_Environment_%28Windows/Linux%29_-_Step_by_step
>
> So here is the problem, when I attempt to set the Realm on the Windows
> client I receive the following error:
>
> C:\Users\randym>ksetup /setrealm CHEM.BYU.EDU
> Setting Dns Domain
> Failed to set dns domain info: 0xc0000022
> Failed /SetRealm : 0xc0000022
>
> I have tried several varieties of this command, including setting the
> domain instead of the realm and always get the same result.  Can someone
> please put together a step by step process that includes both server side
> and client side for configuring Kerberos to work with Windows and FreeIPA.
>
> Thank You in advance,
>
> Randy
>
> --
> Randy Morgan
> CSR
> Department of Chemistry and Biochemistry
> Brigham Young University
> 801-422-4100
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151024/d4e7b49a/attachment.htm>

More information about the Freeipa-users mailing list