<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 01/24/2013 04:36 PM, Eric Chennells wrote:
<blockquote cite="mid:CD26E7DF.FDF8%25eric@zymeworks.com"
type="cite">
Hi Christian / Dmitri,<br>
<br>
Yes I have confirmed in the KDC logs that when I attempt to login
that the<br>
kerberos server is recognizing the request and issuing a ticket.<br>
<br>
Is anyone aware of if there is an LDAP related configuration
needed? It<br>
seems like only setting up the kerberos authentication is not
enough.<br>
</blockquote>
<br>
<br>
Have you compared the name of the local user you created on the
windows system to the name of the IPA user you are using?<br>
Do they match?<br>
<br>
<blockquote cite="mid:CD26E7DF.FDF8%25eric@zymeworks.com"
type="cite">
<br>
Eric<br>
<br>
<br>
On 2013-01-23 11:10 PM, "Christian Horn"
<a class="moz-txt-link-rfc2396E" href="mailto:chorn@fluxcoil.net"><chorn@fluxcoil.net></a> wrote:<br>
<br>
>Hi,<br>
><br>
>On Wed, Jan 23, 2013 at 02:50:06PM -0800, Eric Chennells
wrote:<br>
>> <br>
>> I have followed the instuctions of these two guides:<br>
>> <br>
>><a class="moz-txt-link-freetext" href="http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Using_Mi">http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Using_Mi</a><br>
>>cro<br>
>> soft_Windows.html<br>
>>
<a class="moz-txt-link-freetext" href="http://freeipa.org/page/Windows_authentication_against_FreeIPA">http://freeipa.org/page/Windows_authentication_against_FreeIPA</a><br>
>> <br>
>> Kerberos is working, because I can do a kinit username
and properly<br>
>>receive<br>
>> a krbtgt principle.<br>
>> <br>
>> However on login I get the error "The system could not
log you on".<br>
>> <br>
>> For the map user step I did "ksetup /mapuser * *" and
have a local user<br>
>> created with the same username as the IPA user.<br>
>> <br>
>> Is there a step I am missing? I feel as though I am close
because<br>
>>kerberos<br>
>> is working.<br>
><br>
>Looking at the KDC logs when you try to login might bring a
pointer,<br>
>no idea apart from that..<br>
><br>
>Christian<br>
><br>
>_______________________________________________<br>
>Freeipa-users mailing list<br>
><a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a><br>
><a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
<br>
<br>
<br>
Notice of Confidentiality: The information transmitted is intended
only for the<br>
person or entity to which it is addressed and may contain
confidential and/or<br>
privileged material. Any review, re-transmission, dissemination or
other use of <br>
or taking of any action in reliance upon this information by
persons or entities<br>
other than the intended recipient is prohibited. If you received
this in error<br>
please contact the sender immediately by return electronic
transmission and then<br>
immediately delete this transmission including all attachments
without copying,<br>
distributing or disclosing the same.<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a class="moz-txt-link-abbreviated" href="http://www.redhat.com/carveoutcosts/">www.redhat.com/carveoutcosts/</a>
</pre>
</body>
</html>