<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Have you tried with /setdomain?<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><span style="font-family:arial,sans-serif;font-size:13px">ksetup /setdomain </span><a href="http://chem.byu.edu/" rel="noreferrer" target="_blank" style="font-family:arial,sans-serif;font-size:13px">CHEM.BYU.EDU</a><br style="font-family:arial,sans-serif;font-size:13px"></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">I've done like this on windows 8.1 and windows 10. I had trouble doing it on one windows 7 desktop so I upgraded to windows 10.</div><div class="gmail_extra"><br></div><div class="gmail_extra"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">​These are the only steps I did to authenticate a windows desktop via kerberos, nothing more:​</div><br></div><div class="gmail_extra"><pre style="padding:9.5px;font-family:Monaco,Menlo,Consolas,'Courier New',monospace;font-size:13px;color:rgb(51,51,51);border-top-left-radius:4px;border-top-right-radius:4px;border-bottom-right-radius:4px;border-bottom-left-radius:4px;margin-top:0px;margin-bottom:10px;line-height:20px;word-wrap:break-word;white-space:pre-wrap;background-color:rgb(245,245,245);border:1px solid rgba(0,0,0,0.14902)">1. ksetup /setdomain [REALM NAME]
2. ksetup /addkdc [REALM NAME] [kdc DNS name]
3. ksetup /addkpasswd [REALM NAME] [kdc DNS name]
4. ksetup /setcomputerpassword [MACHINE_PASSWORD] (the one used above)
5. ksetup /mapuser * *</pre></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 23, 2015 at 8:51 PM, Randolph Morgan <span dir="ltr"><<a href="mailto:randym@chem.byu.edu" target="_blank">randym@chem.byu.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">We are running a mixed environment network.  However, all of our authentication is performed via LDAP, we do not have an AD on our network, nor do we have any Windows servers, all of our servers are running RHEL.  We are working on implementing a new authentication server that is running FreeIPA, but would like to do single sign-on via Kerberos.  I have been reading posts for the better part of two weeks and can not find instructions that work, on how to get Windows (XP - 10) to authenticate via Kerberos.  Here is a list of some of the sites that I have looked at:<br>
<br>
<a href="https://support.microsoft.com/en-us/kb/837361" rel="noreferrer" target="_blank">https://support.microsoft.com/en-us/kb/837361</a><br>
<a href="https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html" rel="noreferrer" target="_blank">https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html</a><br>
<a href="https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#id2573486" rel="noreferrer" target="_blank">https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#id2573486</a><br>
<a href="http://www.freeipa.org/page/Windows_authentication_against_FreeIPA" rel="noreferrer" target="_blank">http://www.freeipa.org/page/Windows_authentication_against_FreeIPA</a><br>
<a href="https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Using_Microsoft_Windows.html" rel="noreferrer" target="_blank">https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Using_Microsoft_Windows.html</a> (This is an older post but I was getting desperate)<br>
<a href="http://www.freeipa.org/page/Implementing_FreeIPA_in_a_mixed_Environment_%28Windows/Linux%29_-_Step_by_step" rel="noreferrer" target="_blank">http://www.freeipa.org/page/Implementing_FreeIPA_in_a_mixed_Environment_%28Windows/Linux%29_-_Step_by_step</a><br>
<br>
So here is the problem, when I attempt to set the Realm on the Windows client I receive the following error:<br>
<br>
C:\Users\randym>ksetup /setrealm <a href="http://CHEM.BYU.EDU" rel="noreferrer" target="_blank">CHEM.BYU.EDU</a><br>
Setting Dns Domain<br>
Failed to set dns domain info: 0xc0000022<br>
Failed /SetRealm : 0xc0000022<br>
<br>
I have tried several varieties of this command, including setting the domain instead of the realm and always get the same result.  Can someone please put together a step by step process that includes both server side and client side for configuring Kerberos to work with Windows and FreeIPA.<br>
<br>
Thank You in advance,<br>
<br>
Randy<span class=""><font color="#888888"><br>
<br>
-- <br>
Randy Morgan<br>
CSR<br>
Department of Chemistry and Biochemistry<br>
Brigham Young University<br>
801-422-4100<br>
<br>
-- <br>
Manage your subscription for the Freeipa-users mailing list:<br>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" rel="noreferrer" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
Go to <a href="http://freeipa.org" rel="noreferrer" target="_blank">http://freeipa.org</a> for more info on the project<br>
</font></span></blockquote></div><br></div></div>