Re: [Freeipa-users] FreeIPA 4.2.0 and Windows XP
On Wed, 06 Jul 2016, Konstantin M. Khankin wrote: Yes, I had a look at the eventlog, but there are no failures and no events at all related to failed login. Maybe I can increase verbosity level somehow? Try to intercept network traffic between Windows XP and IPA master. May be it tries to use DCE RPC over SMB as well? -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIPA 4.2.0 and Windows XP
Yes, I had a look at the eventlog, but there are no failures and no events at all related to failed login. Maybe I can increase verbosity level somehow? 2016-07-06 20:58 GMT+03:00 Alexander Bokovoy : > On Wed, 06 Jul 2016, Konstantin M. Khankin wrote: > >> Hi! >> >> I'm trying to set up Windows XP to get a Kerberos ticket for the user on >> login using the following docs: >> >> * http://www.freeipa.org/page/Windows_authentication_against_FreeIPA >> * >> >> http://www.freeipa.org/page/Implementing_FreeIPA_in_a_mixed_Environment_(Windows/Linux)_-_Step_by_step >> * Discussion at >> https://www.redhat.com/archives/freeipa-users/2008-November/msg00063.html >> >> I can obtain kerberos ticket using kinit from JRE (for some reasons I >> can't >> find other kinit in Windows), but I can't logon. I tried the following: >> 1) ksetup /mapuser * * >> 2) ksetup /mapuser * >> 3) ksetup /mapuser user@DOMAIN user >> 4) logging not into Kerberos realm, but into local computer using >> user@DOMAIN login >> 5) logging into Kerberos realm using "user" login >> 6) logging into Kerberos realm using user@DOMAIN login >> >> With any of these I see successful attempts in krb5kdc.log (so the user >> passes pre-auth against kdc), but Windows keep saying that the username or >> password is not correct. >> >> I also tried to reset user's password in freeipa and then login - windows >> asked to change password and successfully changed it, but still doesn't >> let >> the user in >> >> I have no problems with this setup on 2 computers with Windows 7. Haven't >> tried other computers running Windows XP though >> >> What am I doing wrong? >> > No idea. We don't support this setup at all so your mileage indeed > varies a lot. > > Did you look at the eventlog on Windows XP? > > -- > / Alexander Bokovoy > -- Ханкин Константин -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIPA 4.2.0 and Windows XP
On Wed, 06 Jul 2016, Konstantin M. Khankin wrote: Hi! I'm trying to set up Windows XP to get a Kerberos ticket for the user on login using the following docs: * http://www.freeipa.org/page/Windows_authentication_against_FreeIPA * http://www.freeipa.org/page/Implementing_FreeIPA_in_a_mixed_Environment_(Windows/Linux)_-_Step_by_step * Discussion at https://www.redhat.com/archives/freeipa-users/2008-November/msg00063.html I can obtain kerberos ticket using kinit from JRE (for some reasons I can't find other kinit in Windows), but I can't logon. I tried the following: 1) ksetup /mapuser * * 2) ksetup /mapuser * 3) ksetup /mapuser user@DOMAIN user 4) logging not into Kerberos realm, but into local computer using user@DOMAIN login 5) logging into Kerberos realm using "user" login 6) logging into Kerberos realm using user@DOMAIN login With any of these I see successful attempts in krb5kdc.log (so the user passes pre-auth against kdc), but Windows keep saying that the username or password is not correct. I also tried to reset user's password in freeipa and then login - windows asked to change password and successfully changed it, but still doesn't let the user in I have no problems with this setup on 2 computers with Windows 7. Haven't tried other computers running Windows XP though What am I doing wrong? No idea. We don't support this setup at all so your mileage indeed varies a lot. Did you look at the eventlog on Windows XP? -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] FreeIPA 4.2.0 and Windows XP
Hi! I'm trying to set up Windows XP to get a Kerberos ticket for the user on login using the following docs: * http://www.freeipa.org/page/Windows_authentication_against_FreeIPA * http://www.freeipa.org/page/Implementing_FreeIPA_in_a_mixed_Environment_(Windows/Linux)_-_Step_by_step * Discussion at https://www.redhat.com/archives/freeipa-users/2008-November/msg00063.html I can obtain kerberos ticket using kinit from JRE (for some reasons I can't find other kinit in Windows), but I can't logon. I tried the following: 1) ksetup /mapuser * * 2) ksetup /mapuser * 3) ksetup /mapuser user@DOMAIN user 4) logging not into Kerberos realm, but into local computer using user@DOMAIN login 5) logging into Kerberos realm using "user" login 6) logging into Kerberos realm using user@DOMAIN login With any of these I see successful attempts in krb5kdc.log (so the user passes pre-auth against kdc), but Windows keep saying that the username or password is not correct. I also tried to reset user's password in freeipa and then login - windows asked to change password and successfully changed it, but still doesn't let the user in I have no problems with this setup on 2 computers with Windows 7. Haven't tried other computers running Windows XP though What am I doing wrong? Thanks! -- Konstantin Khankin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project