I'm trying to set up Windows XP to get a Kerberos ticket for the user on
login using the following docs:

* http://www.freeipa.org/page/Windows_authentication_against_FreeIPA
* Discussion at

I can obtain kerberos ticket using kinit from JRE (for some reasons I can't
find other kinit in Windows), but I can't logon. I tried the following:
1) ksetup /mapuser * *
2) ksetup /mapuser * <someuser>
3) ksetup /mapuser user@DOMAIN user
4) logging not into Kerberos realm, but into local computer using
user@DOMAIN login
5) logging into Kerberos realm using "user" login
6) logging into Kerberos realm using user@DOMAIN login

With any of these I see successful attempts in krb5kdc.log (so the user
passes pre-auth against kdc), but Windows keep saying that the username or
password is not correct.

I also tried to reset user's password in freeipa and then login - windows
asked to change password and successfully changed it, but still doesn't let
the user in

I have no problems with this setup on 2 computers with Windows 7. Haven't
tried other computers running Windows XP though

What am I doing wrong?


Konstantin Khankin
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to