This tutorial by Vinícius Ferrão shows us how to integrate Active Directory with FreeBSD 10, using security/sssd.
Q: What are the required steps to authenticate users from an Active Directory running on Windows Server 2012 R2 in FreeBSD 10.0 using
sssdwith the AD backend with Kerberos TGT working?
A: There are some tricky considerations to make everything works out-of-the-box. FreeBSD only supports
sssdversion 1.9.6 at this moment. So there’s no support for Enterprise Principal Names.
If you have a domain with non matched UPNs it will fail to login, since the Kerberos authentication will fail during the process, even with FreeBSD supporting Enterprise Principal Names with Kerberos, the
sssdcannot handle this case.
So in actual version of
sssdyou are limited to have the User Principal Name within the same Domain Name, for example:
Domain Name = example.com NetBIOS Name = EXAMPLE User Principal Name: firstname.lastname@example.org sAMAccountName: username
Knowing this we can describe the steps to successfully authenticate users from AD in FreeBSD.
View the full tutorial here: http://serverfault.com/questions/599200/how-to-integrate-active-directory-with-freebsd-10-0-using-security-sssd