On 22.2.2013 09:49, Han Boetes wrote:
Regarding: http://freeipa.org/page/Windows_authentication_against_FreeIPA

I noticed that I have to create a matching user on the windows machine before
the user can log in. I don't have to set the password, but I do have to add a
user as the local admin on that windows machine. windows 7 32 bit in this case.

Am I missing something or is the documentation missing something?

You didn't miss anything. MS Windows are able to use IPA (standard Kerberos) for authentication, but there is no standard way to use external LDAP database for Windows user accounts.

For this reason you have to create local account for each user manually.

I.e. IPA != AD.

IPA <-> AD trust could work better for you, it depends on requirements. Look at pGina [1] if you don't want AD.

[1] http://pgina.org/

Petr^2 Spacek

Freeipa-users mailing list

Reply via email to