On 01/24/2013 04:36 PM, Eric Chennells wrote: > Hi Christian / Dmitri, > > Yes I have confirmed in the KDC logs that when I attempt to login that the > kerberos server is recognizing the request and issuing a ticket. > > Is anyone aware of if there is an LDAP related configuration needed? It > seems like only setting up the kerberos authentication is not enough.
Have you compared the name of the local user you created on the windows system to the name of the IPA user you are using? Do they match? > > Eric > > > On 2013-01-23 11:10 PM, "Christian Horn" <ch...@fluxcoil.net> wrote: > > >Hi, > > > >On Wed, Jan 23, 2013 at 02:50:06PM -0800, Eric Chennells wrote: > >> > >> I have followed the instuctions of these two guides: > >> > >>http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Using_Mi > >>cro > >> soft_Windows.html > >> http://freeipa.org/page/Windows_authentication_against_FreeIPA > >> > >> Kerberos is working, because I can do a kinit username and properly > >>receive > >> a krbtgt principle. > >> > >> However on login I get the error "The system could not log you on". > >> > >> For the map user step I did "ksetup /mapuser * *" and have a local user > >> created with the same username as the IPA user. > >> > >> Is there a step I am missing? I feel as though I am close because > >>kerberos > >> is working. > > > >Looking at the KDC logs when you try to login might bring a pointer, > >no idea apart from that.. > > > >Christian > > > >_______________________________________________ > >Freeipa-users mailing list > >Freeipa-users@redhat.com > >https://www.redhat.com/mailman/listinfo/freeipa-users > > > > Notice of Confidentiality: The information transmitted is intended > only for the > person or entity to which it is addressed and may contain confidential > and/or > privileged material. Any review, re-transmission, dissemination or > other use of > or taking of any action in reliance upon this information by persons > or entities > other than the intended recipient is prohibited. If you received this > in error > please contact the sender immediately by return electronic > transmission and then > immediately delete this transmission including all attachments without > copying, > distributing or disclosing the same. > > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
