[Freeipa-users] Windows client logon

Jimmy g17jimmy at gmail.com
Wed Sep 14 18:49:02 UTC 2011 

One thing that doesn't quite make sense about the windows config
instructions, we make a keytab, but there is no indication as to where the
keytab goes. I wouldn't think the IPA server would need the keytab as the
password is stored in the IPA server already.

On Wed, Sep 14, 2011 at 10:07 AM, Rob Crittenden <rcritten at redhat.com>wrote:

> Jimmy wrote:
>
>> Just curious about this, the guide that we both refer to provides
>> instructions for a windows client authentication but this page indicates
>> that FreeIPA doesn't support windows clients:
>>
>> http://elladeon.fedorapeople.org/ipa/guide/Using_Microsoft_Windows.html
>>
>> Which is correct?
>>
>
> The guide you referred to was contributed by another FreeIPA user showing
> one way to get Windows login working. It does this by mapping all IPA users
> to a single windows user (ipauser).
>
> This is not practical for most installations so we don't recommend it.
>
> The roadmap for the next major release of FreeIPA adds AD trust so the IPA
> realm can be trusted as part of an AD forest.
>
> rob
>
>
>> On Tue, Sep 13, 2011 at 4:08 PM, Rob Crittenden <rcritten at redhat.com
>> <mailto:rcritten at redhat.com>> wrote:
>>
>>    Jimmy wrote:
>>
>>        I'm setting up a WinXP system to authenticate to FreeIPA. I
>>        followed the
>>        directions listed here:
>>
>> http://freeipa.org/page/Implementing_FreeIPA_in_a_mixed_Environment_%28Windows/Linux%29_-_Step_by_step
>>
>>        I created the host account in FreeIPA, and the user, and I do get
>>        prompted to change the initial password(and it seems to work,)
>>        but as
>>        soon as the password is changed(or subsequent login attempts) I
>>        get the
>>        log in message"
>>        "the system cannot log you on now because the domain is not
>>        available"
>>
>>
>>    The guide says this happens when you don't log in using the
>>    principal name, are you using that?
>>
>>    rob
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110914/9a41847f/attachment.htm>

More information about the Freeipa-users mailing list