[Freeipa-users] Windows authentication against FreeIPA documentation question.

[Han Boetes]

Regarding: http://freeipa.org/page/Windows_authentication_against_FreeIPA

I noticed that I have to create a matching user on the windows machine
before the user can log in. I don't have to set the password, but I do have
to add a user as the local admin on that windows machine. windows 7 32 bit
in this case.

Am I missing something or is the documentation missing something?




# Han
--
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Windows authentication against FreeIPA documentation question.

[Petr Spacek]

On 22.2.2013 09:49, Han Boetes wrote:

Regarding: http://freeipa.org/page/Windows_authentication_against_FreeIPA

I noticed that I have to create a matching user on the windows machine before
the user can log in. I don't have to set the password, but I do have to add a
user as the local admin on that windows machine. windows 7 32 bit in this case.

Am I missing something or is the documentation missing something?


You didn't miss anything. MS Windows are able to use IPA (standard Kerberos) 
for authentication, but there is no standard way to use external LDAP database 
for Windows user accounts.


For this reason you have to create local account for each user manually.

I.e. IPA != AD.

IPA - AD trust could work better for you, it depends on requirements. Look 
at pGina [1] if you don't want AD.


[1] http://pgina.org/

--
Petr^2 Spacek

___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users