On 22.2.2013 10:04, Petr Spacek wrote:
On 22.2.2013 09:49, Han Boetes wrote:
Regarding: http://freeipa.org/page/Windows_authentication_against_FreeIPA

I noticed that I have to create a matching user on the windows machine before
the user can log in. I don't have to set the password, but I do have to add a
user as the local admin on that windows machine. windows 7 32 bit in this case.

Am I missing something or is the documentation missing something?

You didn't miss anything. MS Windows are able to use IPA (standard Kerberos)
for authentication, but there is no standard way to use external LDAP database
for Windows user accounts.

For this reason you have to create local account for each user manually.

I.e. IPA != AD.

IPA <-> AD trust could work better for you, it depends on requirements. Look
at pGina [1] if you don't want AD.

[1] http://pgina.org/

I added explanatory paragraph to

Han, could you check if is it understandable, please?

Petr^2 Spacek

Freeipa-users mailing list

Reply via email to