Hi Alexander! Thanks for the fast response. > FreeIPA team does not support enrolling Windows systems into FreeIPA. > > I assume you are referring to > https://www.freeipa.org/page/Windows_authentication_against_FreeIPA
I know that, and yes, I referring to https://www.freeipa.org/page/Windows_authentication_against_FreeIPA. > This is not supported and any problems reported aren't going to be > solved. Since Samba AD is a fairly good AD replacement, our > recommendation is to enroll Windows systems to Samba AD and then > establish trust between Samba AD and FreeIPA. I don't need the infrastructure of Samba AD because the users deployed with Windows are too few that not worth the effort. > FYI, for about a decade FreeIPA default krb5.conf configuration forces > use of TCP > > [libdefaults] > udp_preference_limit = 0 When I try to login on Windows, they start the connection with the UDP protocol. I don't know why. Setting those configurations in the Windows machine works in my environment. > This is not needed at all. Please follow the documentation: > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/... > > In essence, in RHEL 8: > > # update-crypto-policies --set DEFAULT:AD-SUPPORT > > and in RHEL 9: > > # update-crypto-policies --set DEFAULT:AD-SUPPORT-LEGACY I don't know if I doing something wrong, but running that command doesn't work in my case. The "/etc/krb5.conf.d/crypto-policies" file (link symbolized to /usr/share/crypto-policies/DEFAULT/krb5.txt) doesn't change. The only reason for writing this thread was for help people running the same case, but I understand if the documentation is not going to be updated. _______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
