[Freeipa-users] Windows client logon
Jimmy
g17jimmy at gmail.com
Wed Sep 14 18:49:02 UTC 2011
One thing that doesn't quite make sense about the windows config
instructions, we make a keytab, but there is no indication as to where the
keytab goes. I wouldn't think the IPA server would need the keytab as the
password is stored in the IPA server already.
On Wed, Sep 14, 2011 at 10:07 AM, Rob Crittenden <rcritten at redhat.com>wrote:
> Jimmy wrote:
>
>> Just curious about this, the guide that we both refer to provides
>> instructions for a windows client authentication but this page indicates
>> that FreeIPA doesn't support windows clients:
>>
>> http://elladeon.fedorapeople.org/ipa/guide/Using_Microsoft_Windows.html
>>
>> Which is correct?
>>
>
> The guide you referred to was contributed by another FreeIPA user showing
> one way to get Windows login working. It does this by mapping all IPA users
> to a single windows user (ipauser).
>
> This is not practical for most installations so we don't recommend it.
>
> The roadmap for the next major release of FreeIPA adds AD trust so the IPA
> realm can be trusted as part of an AD forest.
>
> rob
>
>
>> On Tue, Sep 13, 2011 at 4:08 PM, Rob Crittenden <rcritten at redhat.com
>> <mailto:rcritten at redhat.com>> wrote:
>>
>> Jimmy wrote:
>>
>> I'm setting up a WinXP system to authenticate to FreeIPA. I
>> followed the
>> directions listed here:
>>
>> http://freeipa.org/page/Implementing_FreeIPA_in_a_mixed_Environment_%28Windows/Linux%29_-_Step_by_step
>>
>> I created the host account in FreeIPA, and the user, and I do get
>> prompted to change the initial password(and it seems to work,)
>> but as
>> soon as the password is changed(or subsequent login attempts) I
>> get the
>> log in message"
>> "the system cannot log you on now because the domain is not
>> available"
>>
>>
>> The guide says this happens when you don't log in using the
>> principal name, are you using that?
>>
>> rob
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110914/9a41847f/attachment.htm>
More information about the Freeipa-users
mailing list