[Freeipa-users] Ipa-client error (windows XP)
mahen
mahendra at latticenetworks.com
Tue Mar 17 11:47:49 UTC 2009
Hi,
Thanks a lot. It worked. Everything is fine now.
Can I have ADS type of effect for IPA-Server. I don't want to create
local users or to map all IPA users to a single user.
Thanks...
Mahendra
On Tue, 2009-03-17 at 12:04 +0300, Konstantin Kozlov wrote:
> Hi,
>
> reply to the list also.
>
> I am also on FC9 and with ipa 1.2.1 from yum. Have you installed the
> repo "updates new key"? Do that if no and update everything from there
> before ipa install. Also if possible install on FC10 or (FC11 Beta), or
> even CentOS 5, compiling ipa-server from source. It was reported that
> FC9->FC10 upgrade may brake LDAP database.
>
> Also, did you read the how to for windows on freeipa.org? And list
> archives - there were a couple of disscussions about winxp.
>
> mahen wrote:
> > Hi,
> > Thanks for quick reply.
> >
> > I think my IPA-Server is not supporting -P (password) switch with
> > ipa-getkeytab.
> >
> > I have installed ipa-server through yum and it installed
> > ipa-server-1.0.0-4.fc9.i386.
> >
> > Can I do this task with this version of IPA?
> >
> > Is there any easy way to upgrade ipa1.0 to ipa 1.2.
> >
>
> Look at the top of the letter for binaries. RPM does upgrade of other
> things, at least it did for me.
>
> > One more question. Is it required to keep the keytab file in windows
> > system? If yes then where should I place this?
>
> No, windows uses password instead (so keytab doesn't really matter).
>
> Best regards,
>
> Kostya
>
> >
> > Thanks again..
> > mahendra
> >
> > On Tue, 2009-03-17 at 11:01 +0300, Konstantin Kozlov wrote:
> >> Hi,
> >>
> >> you've missed password stuff!
> >>
> >> mahen wrote:
> >>> Hi,
> >>> I am using IPA-Server on FC9.
> >>>
> >>> I am trying to log in to ipa server through windows xp(as client). If it
> >>> is a new user in ipa-server, windows xp asks me to change the password
> >>> and change happens successfully but xp fails to login. It give error
> >>> message saying...
> >>> "Windows cannot connect to the domain, either because the domain
> >>> controller is down or otherwise unavailable, or because your computer
> >>> account was not found."
> >>>
> >>> Step-by-Step Procedure followed ( in IPA-Server)
> >>> 1. ipa-addservice host/client.example.com)
> >>> 2. ipa-getkeytab -s server.example.com -p host/client.example.com -e
> >>> des-cbc-crc -k krb5.keytab.txt
> >>>
> >>> IN Windows XP
> >>> 1. ksetup /setrealm EXAMPLE.COM
> >>> 2. ksetup /addkdc EXAMPLE.COM server.example.com
> >>> 3. ksetup /setmachpassword <password> (I dont know why this is used. since all my passwords are same it can match to any user)
> >> This machine password not user password. It is set up on ipa-server in
> >> step 2 as:
> >>
> >> ipa-getkeytab -s server.example.com -p host/client.example.com -e
> >> des-cbc-crc -k krb5.keytab.txt -P <password>
> >>
> >>> 4. ksetup /mapuser * ipauser
> >>>
> >> Mapping individula users works if you name him ipauser at EXAMPLE.COM.
> >>
> >> Best regards,
> >>
> >> Kostya
> >>
> >>> Thanks..
> >>> Mahendra
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> Freeipa-users mailing list
> >>> Freeipa-users at redhat.com
> >>> https://www.redhat.com/mailman/listinfo/freeipa-users
> >>>
> >>
> >
> >
>
>
More information about the Freeipa-users
mailing list