Kerberos, Windows and FreeIPA
Randolph Morgan
randym at chem.byu.edu
Fri Oct 23 14:58:26 EDT 2015
We are running a mixed environment network. However, all of our
authentication is performed via LDAP, we do not have an AD on our
network, nor do we have any Windows servers, all of our servers are
running RHEL. We are working on implementing a new authentication
server that is running FreeIPA, but would like to do single sign-on via
Kerberos. I have been reading posts for the better part of two weeks
and can not find instructions that work, on how to get Windows (XP - 10)
to authenticate via Kerberos. Here is a list of some of the sites that
I have looked at:
https://support.microsoft.com/en-us/kb/837361
https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html
https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#id2573486
http://www.freeipa.org/page/Windows_authentication_against_FreeIPA
https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Using_Microsoft_Windows.html
(This is an older post but I was getting desperate)
http://www.freeipa.org/page/Implementing_FreeIPA_in_a_mixed_Environment_%28Windows/Linux%29_-_Step_by_step
So here is the problem, when I attempt to set the Realm on the Windows
client I receive the following error:
C:\Users\randym>ksetup /setrealm CHEM.BYU.EDU
Setting Dns Domain
Failed to set dns domain info: 0xc0000022
Failed /SetRealm : 0xc0000022
I have tried several varieties of this command, including setting the
domain instead of the realm and always get the same result. Can someone
please put together a step by step process that includes both server
side and client side for configuring Kerberos to work with Windows and
FreeIPA.
Thank You in advance,
Randy
--
Randy Morgan
CSR
Department of Chemistry and Biochemistry
Brigham Young University
801-422-4100
More information about the Kerberos
mailing list