One thing that doesn't quite make sense about the windows config instructions, we make a keytab, but there is no indication as to where the keytab goes. I wouldn't think the IPA server would need the keytab as the password is stored in the IPA server already.
On Wed, Sep 14, 2011 at 10:07 AM, Rob Crittenden <[email protected]>wrote: > Jimmy wrote: > >> Just curious about this, the guide that we both refer to provides >> instructions for a windows client authentication but this page indicates >> that FreeIPA doesn't support windows clients: >> >> http://elladeon.fedorapeople.org/ipa/guide/Using_Microsoft_Windows.html >> >> Which is correct? >> > > The guide you referred to was contributed by another FreeIPA user showing > one way to get Windows login working. It does this by mapping all IPA users > to a single windows user (ipauser). > > This is not practical for most installations so we don't recommend it. > > The roadmap for the next major release of FreeIPA adds AD trust so the IPA > realm can be trusted as part of an AD forest. > > rob > > >> On Tue, Sep 13, 2011 at 4:08 PM, Rob Crittenden <[email protected] >> <mailto:[email protected]>> wrote: >> >> Jimmy wrote: >> >> I'm setting up a WinXP system to authenticate to FreeIPA. I >> followed the >> directions listed here: >> >> http://freeipa.org/page/Implementing_FreeIPA_in_a_mixed_Environment_%28Windows/Linux%29_-_Step_by_step >> >> I created the host account in FreeIPA, and the user, and I do get >> prompted to change the initial password(and it seems to work,) >> but as >> soon as the password is changed(or subsequent login attempts) I >> get the >> log in message" >> "the system cannot log you on now because the domain is not >> available" >> >> >> The guide says this happens when you don't log in using the >> principal name, are you using that? >> >> rob >> >> >> >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
