<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 11/15/2011 04:01 PM, Jimmy wrote:
<blockquote
cite="mid:CAG8E47RwiukWzHN7Q221zQp41hmx6yytCRCyF3oc6zEFk_R3eQ@mail.gmail.com"
type="cite">I know the Windows systems don't have full integration
with FreeIPA, but I have Windows systems authenticating to FreeIPA
the same as they would to a regular MIT Kerberos system. The are
not using the same config that is posted on the FreeIPA website
where the IPA users are mapped to a single workstation user.
<div>
<br>
</div>
</blockquote>
<br>
Would you mind sharing your configuration and steps with us?<br>
<br>
<br>
Thank you<br>
Dmitri<br>
<br>
<blockquote
cite="mid:CAG8E47RwiukWzHN7Q221zQp41hmx6yytCRCyF3oc6zEFk_R3eQ@mail.gmail.com"
type="cite">
<div>Jimmy<br>
<br>
<div class="gmail_quote">On Tue, Nov 15, 2011 at 3:40 PM, Steven
Jones <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:Steven.Jones@vuw.ac.nz">Steven.Jones@vuw.ac.nz</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
Hi,<br>
<br>
I dont think there is much realistic hope of getting windows
to authenticate to freeIPA......the others should be able to
and the fedora docs on the freeipa documentation web page
list a specific method for macs for one (but I have not
tried it yet, but I will be)....ubuntu has been mentioned
before....I have to try/do that as well....<br>
<br>
Siggi sent me some notes a while back,<br>
<br>
=============<br>
<br>
Ubuntu client install<br>
<br>
<br>
<a moz-do-not-send="true"
href="https://help.ubuntu.com/10.04/serverguide/C/kerberos.html"
target="_blank">https://help.ubuntu.com/10.04/serverguide/C/kerberos.html</a><br>
<br>
<br>
sudo apt-get install krb5-user libpam-krb5 libpam-ccreds
auth-client-config<br>
<br>
<br>
maybe also need libpam-ldap libnss-ldap<br>
<br>
<br>
Use ipa-getkeytab on a IPA server to retrieve the keytab for
the host, and copy this to /etc/krb5.keytab on the Ubuntu
client.<br>
<br>
[root@ipa1 ~]# ipa-getkeytab -s <a moz-do-not-send="true"
href="http://ipa1.ix.test.com" target="_blank">ipa1.ix.test.com</a>
-p host/<a moz-do-not-send="true"
href="http://ubuntu-client.ix.test.com" target="_blank">ubuntu-client.ix.test.com</a>
-k /tmp/buntuclient_krb5.keytab<br>
<br>
If you prefer you can use something like CFengine to
automate the whole process.<br>
<br>
=============<br>
<br>
Hope that helps.............<br>
<br>
<br>
regards<br>
<br>
Steven Jones<br>
<br>
Technical Specialist - Linux RHCE<br>
<br>
Victoria University, Wellington, NZ<br>
<br>
0064 4 463 6272<br>
<br>
________________________________<br>
From: <a moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a>
[<a moz-do-not-send="true"
href="mailto:freeipa-users-bounces@redhat.com">freeipa-users-bounces@redhat.com</a>]
on behalf of Boris Epstein [<a moz-do-not-send="true"
href="mailto:borepstein@gmail.com">borepstein@gmail.com</a>]<br>
Sent: Wednesday, 16 November 2011 9:03 a.m.<br>
To: <a moz-do-not-send="true"
href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
Subject: [Freeipa-users] LDAP authentication into FreeIPA<br>
<div>
<div class="h5"><br>
Hello all,<br>
<br>
This may be my general LDAP illiteracy - I only dealth
with it briefly years ago - but I am trying to set up a
FreeIPA server on Fedora 16 to have my Macs and Ubuntu
Linux machines as well as a couple of Windows boxes to
authenticate to - and seem not to be making much forward
progress. Is there a step-by-step writeup on how to do
that sort of thing?<br>
<br>
Thanks for any and all help.<br>
<br>
Boris.<br>
<br>
</div>
</div>
_______________________________________________<br>
Freeipa-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
</blockquote>
</div>
<br>
</div>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>