That, too, is in the first document I linked, plus it also lists the option of standing up a Samba 4 to emulate an AD domain that trusts FreeIPA.




From: "grace rante thompson" <***@gmail.com>
To: "Jason Nance" <***@tresgeek.net>
Cc: freeipa-***@redhat.com
Sent: Friday, March 24, 2017 10:58:06 AM
Subject: Re: [Freeipa-users] Authenticating windows users

sorry, I guess I should have been more clear that we needed more than just Kerberos. Somebody suggested pGina so I'll give it a shot.
thanks


On Thu, Mar 23, 2017 at 11:52 AM, Jason B. Nance < [ mailto:***@tresgeek.net | ***@tresgeek.net ] > wrote:




BQ_BEGIN

Thanks Jason, but those documents need AD as the primary authenticator. This is not the case for us.



I think you need to read them a bit closer. Very first line of first link says:

"This article describes direct integration between FreeIPA and Windows machine, i.e. without involving Active Directory server."



BQ_BEGIN


On Thu, Mar 23, 2017 at 11:46 AM, Jason B. Nance < [ mailto:***@tresgeek.net | ***@tresgeek.net ] > wrote:

BQ_BEGIN


BQ_BEGIN

We are primarily linux/osx shop and we currently have FreeIPA/IDM (ver 4.2) as our master. I will need to add a handful of windows machines and been trying to figure out how to authenticate our windows users with FreeIPA/IDM. Is this even possible? I know Global Catalogs may not happen anytime soon (sad face). I'm open to -all- ideas, even if it is a paid solution (not sure if centrify and the likes can sync up to FreeIPA/IDM).

BQ_END

I would start here:

[ https://www.freeipa.org/page/Windows_authentication_against_FreeIPA | https://www.freeipa.org/page/Windows_authentication_against_FreeIPA ]

[ https://www.freeipa.org/page/Implementing_FreeIPA_in_a_mixed_Environment_(Windows/Linux)_-_Step_by_step | https://www.freeipa.org/page/Implementing_FreeIPA_in_a_mixed_Environment_(Windows/Linux)_-_Step_by_step ]


BQ_END


BQ_END



BQ_END