Yes, I had a look at the eventlog, but there are no failures and no events
at all related to failed login. Maybe I can increase verbosity level
2016-07-06 20:58 GMT+03:00 Alexander Bokovoy <aboko...@redhat.com>:
> On Wed, 06 Jul 2016, Konstantin M. Khankin wrote:
>> I'm trying to set up Windows XP to get a Kerberos ticket for the user on
>> login using the following docs:
>> * http://www.freeipa.org/page/Windows_authentication_against_FreeIPA
>> * Discussion at
>> I can obtain kerberos ticket using kinit from JRE (for some reasons I
>> find other kinit in Windows), but I can't logon. I tried the following:
>> 1) ksetup /mapuser * *
>> 2) ksetup /mapuser * <someuser>
>> 3) ksetup /mapuser user@DOMAIN user
>> 4) logging not into Kerberos realm, but into local computer using
>> user@DOMAIN login
>> 5) logging into Kerberos realm using "user" login
>> 6) logging into Kerberos realm using user@DOMAIN login
>> With any of these I see successful attempts in krb5kdc.log (so the user
>> passes pre-auth against kdc), but Windows keep saying that the username or
>> password is not correct.
>> I also tried to reset user's password in freeipa and then login - windows
>> asked to change password and successfully changed it, but still doesn't
>> the user in
>> I have no problems with this setup on 2 computers with Windows 7. Haven't
>> tried other computers running Windows XP though
>> What am I doing wrong?
> No idea. We don't support this setup at all so your mileage indeed
> varies a lot.
> Did you look at the eventlog on Windows XP?
> / Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project