In our evironment we have very limited amount of shared virtual Windows 7 machines. We haven't really seen any value in setting up an AD domain for them, but have been relying on pure Kerberos authentication using the ksetup procedure (http://www.freeipa.org/page/Windows_authentication_against_FreeIPA).
Recently the LDAP in our FreeIPA 3.0 was updated with the task to add SIDs to all old user accounts (the newer ones would already have a SID), but that made the Kerberos logon stop working for remote desktop connections. Logging on to the console using the same Kerberos credentials would still work... This seems to be directly related to the addition of SIDs in LDAP, as removing the object class ipantuserattrs and the SID would get it back in order again. Are there any known tricks that could be applied to the Windows machines (or to FreeIPA for that matter) that would make this work again? Best regards Nicklas Björk _______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users