Anabela Mazurek via FreeIPA-users wrote: > We are trying solve problem with certificate login using smart card to > FreeIpa kerberos added Widndows workstation. As we are testing there could be > request of using ntuser and or ipantuser class for getting sid and ntname > attribs. For now we are not sure if it is needed but when we was trying > define this for newly created objects we discovered that this is impossible > and because we are not sure if it is like this i did ask. Thank you for > answer.
So you managed to enroll a windows client into IPA and now you want to use smart cards with certificates to authenticate the users in Windows? I'm not sure anyone has tried before but you wouldn't need *user in the machine entry regardless. We don't encourage people to directly enroll windows clients into IPA. IPA is not an AD replacement. We recommend using AD trust instead. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
