[Freeipa-users] How does one authenticate Windows login against IPA
Michael ORourke
mrorourke at earthlink.net
Wed May 18 23:49:10 UTC 2016
What about using the pGina project on the Windows side?
Reference:
http://blog.zwiegnet.com/linux-server/configure-pgina-windows-7-openldap-authentication/
-Mike
-----Original Message-----
>From: John Meyers <john+freeipa at themeyers.us>
>Sent: May 18, 2016 5:19 PM
>To: freeipa-users at redhat.com
>Subject: [Freeipa-users] How does one authenticate Windows login against IPA
>
>All,
>
>FreeIPA as we've discovered has some wonderful Windows integration
>capability, but it is all predicated on Windows AD being the
>authoritative source of user information. 2-Way trusts are great, but
>they only work for kerberotized applications, not native Windows rights
>(that would require FreeIPA to act as global catalog as I learned from
>Alexander). The winsync capability does not, as it turns out, sync
>native IPA users to AD.
>
>The million dollar question is if you are 90% Linux shop and FreeIPA is
>your authoritative user repository (AD is a blank slate), how do you
>perform local Windows login authentication for the 10% of Windows
>machines against FreeIPA?
>
>Thank you all!
>
>John
>
>
>--
>Manage your subscription for the Freeipa-users mailing list:
>https://www.redhat.com/mailman/listinfo/freeipa-users
>Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list