[Freeipa-users] Windows clients problem
Konstantin Kozlov
kozlov at spbcas.ru
Fri Nov 7 11:54:34 UTC 2008
Thank you for the help!
After another round of googling I've found that XP uses rc4-hmac...I'll
try that next day.
Johan Venter wrote:
> Konstantin Kozlov wrote:
>> Hello,
>>
>> Johan Venter wrote:
>>> Konstantin Kozlov wrote:
>>>> WinXP machine asks to login to Kerberos realm at login screen, but
>>>> doesn't let me in. The krb5 log file on IPA server shows that ticket
>>>> was issued. I can get ticket with MIT Kerberos from WinXP machine
>>>> but I can't access samba share.
>>>
>>> I had to add -e des-cbc-crc to the ipa-getkeytab command line I used
>>> to generate the Windows host principal and set the password before
>>> Windows login to the Kerberos realm would work.
>>>
>>> Windows XP/Server 2003 doesn't support useful encryption mechanisms.
>>>
>>
>> I did that also and that didn't work. Do I need to install the keytab
>> on WinXP machine? If yes, how?
>>
>
> Hmm .. I had to use the latest version of ipa-getkeytab (which supported
> the password option - I compiled my own RPMs for CentOS) and between
> that, then -e option and ksetup /setcomputerpassword it finally worked
> on my Windows Server 2003 machines.
>
> Maybe there is something different with XP machines, all I can suggest
> is try the different encryption types and see what works (DES generally,
> no AES or SHA hashes).
>
> Johan
>
--
Konstantin Kozlov
Department of Computational Biology,
Center for Advanced Studies,
SPb State Polytechnical University,
195251, Polytechnicheskaya ul., 29,
bld 4, office 204,
St.Petersburg, Russia.
Tel./fax: +7 812 596 2831
More information about the Freeipa-users
mailing list