Authentication on Windows using FreeIPA is already possible although not recommended by the FreeIPA project. There are several guides for doing so a Google search away.

The FreeIPA project recommended solution is to deploy Active Directory either via a Windows server or Samba4 and then create a cross realm trust between AD and FreeIPA.

Yeah, I've pointed Windows directly at an MIT KRB5 KDC several times in the past, but it's not reliable enough for real use.

And I don't want to have to pay for Windows Server just to authenticate on a couple of Windows machines. Plus is it even safe to put AD DS on the Internet?