Hi! I'm trying to set up Windows XP to get a Kerberos ticket for the user on login using the following docs:
* http://www.freeipa.org/page/Windows_authentication_against_FreeIPA * http://www.freeipa.org/page/Implementing_FreeIPA_in_a_mixed_Environment_(Windows/Linux)_-_Step_by_step * Discussion at https://www.redhat.com/archives/freeipa-users/2008-November/msg00063.html I can obtain kerberos ticket using kinit from JRE (for some reasons I can't find other kinit in Windows), but I can't logon. I tried the following: 1) ksetup /mapuser * * 2) ksetup /mapuser * <someuser> 3) ksetup /mapuser user@DOMAIN user 4) logging not into Kerberos realm, but into local computer using user@DOMAIN login 5) logging into Kerberos realm using "user" login 6) logging into Kerberos realm using user@DOMAIN login With any of these I see successful attempts in krb5kdc.log (so the user passes pre-auth against kdc), but Windows keep saying that the username or password is not correct. I also tried to reset user's password in freeipa and then login - windows asked to change password and successfully changed it, but still doesn't let the user in I have no problems with this setup on 2 computers with Windows 7. Haven't tried other computers running Windows XP though What am I doing wrong? Thanks! -- Konstantin Khankin
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project