george he wrote:
I'm trying to set up a win7 as a client of my freeipa server running on
fc17. so I followed the instructions here:
But then what? The win7 is currently in a "workgroup". I tried to join
the win7 to a domain with my ipa realm name, but it failed.
IPA is not an AD replacement, you can't join any Windows machine to it.
The instructions you referenced are for installing the MIT Kerberos
package in Windows. This just lets you get a ticket from the IPA KDC
that may be usable by various applications (e.g. Firefox) but it isn't a
way to provide domain login.
Our plan for that is to do cross-realm trust with AD, see the 3.0 beta
Freeipa-users mailing list