[Freeipa-users] FreeIPA 4.2.0 and Windows XP
Alexander Bokovoy
abokovoy at redhat.com
Wed Jul 6 17:58:28 UTC 2016
On Wed, 06 Jul 2016, Konstantin M. Khankin wrote:
>Hi!
>
>I'm trying to set up Windows XP to get a Kerberos ticket for the user on
>login using the following docs:
>
>* http://www.freeipa.org/page/Windows_authentication_against_FreeIPA
>*
>http://www.freeipa.org/page/Implementing_FreeIPA_in_a_mixed_Environment_(Windows/Linux)_-_Step_by_step
>* Discussion at
>https://www.redhat.com/archives/freeipa-users/2008-November/msg00063.html
>
>I can obtain kerberos ticket using kinit from JRE (for some reasons I can't
>find other kinit in Windows), but I can't logon. I tried the following:
>1) ksetup /mapuser * *
>2) ksetup /mapuser * <someuser>
>3) ksetup /mapuser user at DOMAIN user
>4) logging not into Kerberos realm, but into local computer using
>user at DOMAIN login
>5) logging into Kerberos realm using "user" login
>6) logging into Kerberos realm using user at DOMAIN login
>
>With any of these I see successful attempts in krb5kdc.log (so the user
>passes pre-auth against kdc), but Windows keep saying that the username or
>password is not correct.
>
>I also tried to reset user's password in freeipa and then login - windows
>asked to change password and successfully changed it, but still doesn't let
>the user in
>
>I have no problems with this setup on 2 computers with Windows 7. Haven't
>tried other computers running Windows XP though
>
>What am I doing wrong?
No idea. We don't support this setup at all so your mileage indeed
varies a lot.
Did you look at the eventlog on Windows XP?
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list