Yes, I had a look at the eventlog, but there are no failures and no events at all related to failed login. Maybe I can increase verbosity level somehow?
2016-07-06 20:58 GMT+03:00 Alexander Bokovoy <[email protected]>: > On Wed, 06 Jul 2016, Konstantin M. Khankin wrote: > >> Hi! >> >> I'm trying to set up Windows XP to get a Kerberos ticket for the user on >> login using the following docs: >> >> * http://www.freeipa.org/page/Windows_authentication_against_FreeIPA >> * >> >> http://www.freeipa.org/page/Implementing_FreeIPA_in_a_mixed_Environment_(Windows/Linux)_-_Step_by_step >> * Discussion at >> https://www.redhat.com/archives/freeipa-users/2008-November/msg00063.html >> >> I can obtain kerberos ticket using kinit from JRE (for some reasons I >> can't >> find other kinit in Windows), but I can't logon. I tried the following: >> 1) ksetup /mapuser * * >> 2) ksetup /mapuser * <someuser> >> 3) ksetup /mapuser user@DOMAIN user >> 4) logging not into Kerberos realm, but into local computer using >> user@DOMAIN login >> 5) logging into Kerberos realm using "user" login >> 6) logging into Kerberos realm using user@DOMAIN login >> >> With any of these I see successful attempts in krb5kdc.log (so the user >> passes pre-auth against kdc), but Windows keep saying that the username or >> password is not correct. >> >> I also tried to reset user's password in freeipa and then login - windows >> asked to change password and successfully changed it, but still doesn't >> let >> the user in >> >> I have no problems with this setup on 2 computers with Windows 7. Haven't >> tried other computers running Windows XP though >> >> What am I doing wrong? >> > No idea. We don't support this setup at all so your mileage indeed > varies a lot. > > Did you look at the eventlog on Windows XP? > > -- > / Alexander Bokovoy > -- Ханкин Константин
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
