[Freeipa-users] Windows client authentication with OTP not supported
Felix Chu
felix.chu at bbpos.com
Fri May 12 03:46:47 UTC 2017
Thanks your info. So it means we cannot use FreeIPA server if we require MFA under Windows 2012?
Because our environment is under PCI-DSS cert, PCI-DSS 3.2 has new requirement forcing MFA on non-console access to servers. That's why we look for FreeIPA.
-----Original Message-----
From: Alexander Bokovoy [mailto:abokovoy at redhat.com]
Sent: Thursday, May 11, 2017 3:43 PM
To: Felix Chu
Cc: 'freeipa-users at redhat.com'
Subject: Re: [Freeipa-users] Windows client authentication with OTP not supported
On to, 11 touko 2017, Felix Chu wrote:
>Hi , I would like to implement SSO for my Linux+Windows2012 machines
>with MFA.
>
>I have installed FreeIPA, it works well for my Linux client
>authentication with OTP enabled. However, for Windows client, I can
>only make it works with FreeIPA without OTP.
>
>The Windows machines are 2012 R2 without AD(workgroup only). When I
>login Windows using FreeIPA user accounts enabled with OTP, it shows
>"An unsupported preauthentication mechanism was presented to the
>Kerberos package", is that not supported ? or something I configured
>wrong?
Windows does not support OTP in Kerberos the same way how MIT Kerberos does implement it.
--
/ Alexander Bokovoy
[http://www.bbpos.com/images/marketing/signature_banner.jpg]<http://bbpos.com>
More information about the Freeipa-users
mailing list