[Freeipa-users] Windows client logon

Mon Sep 19 15:33:31 UTC 2011

I just found that the FreeIPA user 'admin' can log in with no issues on the
Windows system, with no changes from the config that I was attempting to use
with a newly created IPA user. So authentication from the workstation works
if the user has a known, non-expired password. It seems the kpasswd function
is not working. I will test more and post results. Here are logs from a
successful login for admin:

Sep 19 15:27:03 csp-idm.pdh.csp krb5kdc[1246](info): AS_REQ (7 etypes {18 17
23 3 1 24 -135}) 192.168.201.9: NEEDED_PREAUTH: admin at PDH.CSP for
krbtgt/PDH.CSP at PDH.CSP, Additional pre-authentication required
Sep 19 15:27:03 csp-idm.pdh.csp krb5kdc[1246](info): AS_REQ (7 etypes {18 17
23 3 1 24 -135}) 192.168.201.9: ISSUE: authtime 1316446023, etypes {rep=18
tkt=18 ses=18}, admin at PDH.CSP for krbtgt/PDH.CSP at PDH.CSP
Sep 19 15:27:03 csp-idm.pdh.csp krb5kdc[1246](info): TGS_REQ (7 etypes {18
17 23 3 1 24 -135}) 192.168.201.9: ISSUE: authtime 1316446023, etypes
{rep=18 tkt=18 ses=18}, admin at PDH.CSP for host/ews1.pdh.csp at PDH.CSP

On Mon, Sep 19, 2011 at 11:13 AM, Simo Sorce <simo at redhat.com> wrote:

> On Mon, 2011-09-19 at 10:58 -0400, Jimmy wrote:
> > I think you're on to something here. I just reset the user's password
> > on IPA and get the "password expired" message but I get that
> > regardless of what I enter for the user's password. I'm confused as to
> > why I can make the user auth work with a normal KDC but I'm having so
> > much trouble with IPA-KDC. Going to wipe the Win7 config and start
> > fresh on that system.
>
> Not sure wht you are having trouble, the KDC component of IPA is a stock
> MIT KDC with LDAP backend.
> >
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110919/4ca15341/attachment.htm>