[Freeipa-users] Windows authentication against FreeIPA documentation question.
Petr Spacek
pspacek at redhat.com
Fri Feb 22 09:04:36 UTC 2013
On 22.2.2013 09:49, Han Boetes wrote:
> Regarding: http://freeipa.org/page/Windows_authentication_against_FreeIPA
>
> I noticed that I have to create a matching user on the windows machine before
> the user can log in. I don't have to set the password, but I do have to add a
> user as the local admin on that windows machine. windows 7 32 bit in this case.
>
> Am I missing something or is the documentation missing something?
You didn't miss anything. MS Windows are able to use IPA (standard Kerberos)
for authentication, but there is no standard way to use external LDAP database
for Windows user accounts.
For this reason you have to create local account for each user manually.
I.e. IPA != AD.
IPA <-> AD trust could work better for you, it depends on requirements. Look
at pGina [1] if you don't want AD.
[1] http://pgina.org/
--
Petr^2 Spacek
More information about the Freeipa-users
mailing list