El mar, 10-11-2015 a las 11:18 -0700, Randolph Morgan escribió:
> I am certain that everyone gets tired of answering the same questions
> over and over, so maybe an update to the documentation would be
> better.  
> I am trying to get my Windows machines to authenticate against a
> FreeIPA 
> server running IPA 4.2+ on RHEL 7.  I have followed the documentation
> listed on 
> https://www.freeipa.org/page/Windows_authentication_against_FreeIPA,
> but 
> there seems to be a few steps missing.
> 
> In the Configure FreeIPA you are told to create a keytab for the
> Windows 
> machine in question.  After creating the keytab, what do you do with 
> it?  It jumps from creating the keytab to configuring Windows but
> does 
> not say what to do with the keytab and the instructions never
> reference 
> it again.  Would someone please clarify this and is this something we
> would need to do for each and every Windows machine on our network?

Note that the ipa-getkeytab command is called with the -P option, so it
asks for a password: that password is used as a password for the
machine principal and is stored in the directory.

So no, the keytab is not really used anywhere else and can be deleted.
It is the act of generating (with a known password) it that needs to be
done for every windows machine in the network. Please use strong,
random and different passwords for each windows machine in the network.


-- 
Loris Santamaria   linux user #70506   xmpp:lo...@lgs.com.ve
Links Global Services, C.A.            http://www.lgs.com.ve
Tel: 0286 952.06.87  Cel: 0414 095.00.10  sip:1...@lgs.com.ve
------------------------------------------------------------
"If I'd asked my customers what they wanted, they'd have said
a faster horse" - Henry Ford

Attachment: smime.p7s
Description: S/MIME cryptographic signature

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to