Ray R via FreeIPA-users wrote:
> Hello, I encountered an issue with Windows10 integration with FreeIPA server
> where at desktop login it says, user name or password is incorrect. RDP
> session is successful but login to the desktop fails with user name or
> password is incorrect. The windows client has successfully joined the FreeIPA
> server. IPA server is also the DNS server. The same user can login linux IPA
> client successfully.
>
> krb5 log shows (the last line)-
> Jun 12 14:01:29 ipa-server.dc1.abc.com krb5kdc[11611](info): TGS_REQ (5
> etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17),
> DEPRECATED:arcfour-hmac(23), DEPRECATED:arcfour-hmac-exp(24),
> UNSUPPORTED:(-135)}) 10.2.1.23: ISSUE: authtime 1686603689, etypes
> {rep=aes256-cts-hmac-sha1-96(18), tkt=aes256-cts-hmac-sha1-96(18),
> ses=aes256-cts-hmac-sha1-96(18)}, [email protected] for
> host/[email protected]
>
> I followed the steps from
> https://www.freeipa.org/page/Windows_authentication_against_FreeIPA and
> https://www.rootusers.com/how-to-login-to-windows-with-a-freeipa-account/#comment-11012
> but desktop login failed. Any suggestion is appreciated.
Direct Windows integration is not something we test or support. If you
have an AD server the recommendation is to setup a trust instead.
Quoting from the freeipa wiki link you provided:
Note also that the described configuration is not supported by FreeIPA
development team and also is not supported by Red Hat Enterprise Linux
Identity Management product.
rob
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
