[Freeipa-users] Ipa-client error (windows XP)

Konstantin Kozlov kozlov at spbcas.ru
Tue Mar 17 09:04:39 UTC 2009 

Hi,

reply to the list also.

I am also on FC9 and with ipa 1.2.1 from yum. Have you installed the 
repo "updates new key"? Do that if no and update everything from there 
before ipa install. Also if possible install on FC10 or (FC11 Beta), or 
even CentOS 5, compiling ipa-server from source. It was reported that 
FC9->FC10 upgrade may brake LDAP database.

Also, did you read the how to for windows on freeipa.org? And list 
archives - there were a couple of disscussions about winxp.

mahen wrote:
> Hi,
> Thanks for quick reply.
> 
> I think my IPA-Server is not supporting -P (password) switch with
> ipa-getkeytab.
> 
> I have installed ipa-server through yum and it installed
> ipa-server-1.0.0-4.fc9.i386.
> 
> Can I do this task with this version of IPA?
> 
> Is there any easy way to upgrade ipa1.0 to ipa 1.2.
> 

Look at the top of the letter for binaries. RPM does upgrade of other 
things, at least it did for me.

> One more question. Is it required to keep the keytab file in windows
> system? If yes then where should I place this?

No, windows uses password instead (so keytab doesn't really matter).

Best regards,

Kostya

> 
> Thanks again..
> mahendra
> 
> On Tue, 2009-03-17 at 11:01 +0300, Konstantin Kozlov wrote:
>> Hi,
>>
>> you've missed password stuff!
>>
>> mahen wrote:
>>> Hi,
>>> I am using IPA-Server on FC9.
>>>
>>> I am trying to log in to ipa server through windows xp(as client). If it
>>> is a new user in ipa-server, windows xp asks me to change the password
>>> and change happens successfully but xp fails to login. It give error
>>> message saying...
>>> "Windows cannot connect to the domain, either because the domain
>>> controller is down or otherwise unavailable, or because your computer
>>> account was not found."
>>>
>>> Step-by-Step Procedure followed ( in IPA-Server)
>>> 1. ipa-addservice host/client.example.com)
>>> 2. ipa-getkeytab -s server.example.com  -p host/client.example.com -e
>>> des-cbc-crc -k krb5.keytab.txt
>>>
>>> IN Windows XP
>>> 1. ksetup /setrealm EXAMPLE.COM
>>> 2. ksetup /addkdc EXAMPLE.COM server.example.com
>>> 3. ksetup /setmachpassword <password> (I dont know why this is used. since all my passwords are same it can match to any user)
>> This machine password not user password. It is set up on ipa-server in 
>> step 2 as:
>>
>> ipa-getkeytab -s server.example.com  -p host/client.example.com -e 
>> des-cbc-crc -k krb5.keytab.txt -P <password>
>>
>>> 4. ksetup /mapuser * ipauser
>>>
>> Mapping individula users works if you name him ipauser at EXAMPLE.COM.
>>
>> Best regards,
>>
>> Kostya
>>
>>> Thanks..
>>> Mahendra
>>>
>>>
>>>
>>> _______________________________________________
>>> Freeipa-users mailing list
>>> Freeipa-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>
>>
> 
> 


-- 
Konstantin Kozlov
Department of Computational Biology,
Center for Advanced Studies,
SPb State Polytechnical University,
195251, Polytechnicheskaya ul., 29,
bld 4, office 204,
St.Petersburg, Russia.

Tel./fax: +7 812 596 2831

More information about the Freeipa-users mailing list