On 01/23/2013 05:50 PM, Eric Chennells wrote:
> Hello,
>
> I have the unfortunate requirement of needing to authenticate windows
> XP clients against freeipa.
>
> I have followed the instuctions of these two guides:
> http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Using_Microsoft_Windows.html
> http://freeipa.org/page/Windows_authentication_against_FreeIPA
>
> Kerberos is working, because I can do a kinit username and properly
> receive a krbtgt principle.
>
> However on login I get the error "The system could not log you on".
>
> For the map user step I did "ksetup /mapuser * *" and have a local
> user created with the same username as the IPA user.

I do not have windows system to check so it is a pure speculation. Can
it be that the name of the local user actually does not match?
May be there is a typo or may be the name of the user should be the full
principal or vice verse just short name and you have long one...
Anyways I would have investigated that aspect if I were in the same
situation.

>
> Is there a step I am missing? I feel as though I am close because
> kerberos is working.
>
> I am using FreeIPA 2.2 on RHEL 6.3
>
> Thanks for any tips.
>
> Eric
>
>
>
> Notice of Confidentiality: The information transmitted is intended
> only for the
> person or entity to which it is addressed and may contain confidential
> and/or
> privileged material. Any review, re-transmission, dissemination or
> other use of
> or taking of any action in reliance upon this information by persons
> or entities
> other than the intended recipient is prohibited. If you received this
> in error
> please contact the sender immediately by return electronic
> transmission and then
> immediately delete this transmission including all attachments without
> copying,
> distributing or disclosing the same.
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to