[Freeipa-users] FreeIPA 4.1.4 and Windows Groups
Zach McNeilly
zmcneilly at elys.com
Mon Apr 27 16:21:27 UTC 2015
Hi all,
First I'd like to say thank you for the fantastic product. We've been
using FreeIPA since v 1 and it's been fantastic.
Recently we've hit a slight snag, however. We used this document
(https://www.freeipa.org/page/Windows_authentication_against_FreeIPA) to
setup Windows to use FreeIPA for it's back end authentication. This
works really well and we are really happy with it.
To integrate a CIFS server with FreeIPA we ran 'ipa-adtrust-install' on
our FreeIPA servers, this added several attributes to every user as
expected. However, now when users try to log on to a Windows machine
with their FreeIPA credentials they can log on but they are no longer
in any Windows groups (Administrators or Remote Desktop Users in this
case). This was working before running ipa-adtrust-install.
If you remove the following attributes from the user Windows works again
but samba no longer does:
objectclass=ipantuserattrs
ipantsecurityidentifier=<SID>
I've been banging my head against the wall on this for a while, and
can't seem to get everything to mesh. Can anyone make any recommendations?
Best,
Zach
More information about the Freeipa-users
mailing list