[Freeipa-users] Windows XP client can't login
Simo Sorce
ssorce at redhat.com
Mon Nov 24 13:34:00 UTC 2008
On Mon, 2008-11-24 at 14:44 +0300, Konstantin Kozlov wrote:
> Hello,
>
> I had not got any reply on the last post in
> https://www.redhat.com/archives/freeipa-users/2008-November/msg00004.html
> so I start a new thread with more precise title.
>
> I have ipaserver 1.2 on Fedora 9 and ipaclient on CentOS 5 with
> recompiled rpms from RHEL. I want to let an ipauser to login to Windows
> XP box.
>
> Did anybody succeed in such a challenge?
>
> I have the host principal, I've set up the Kerberos on WinXP with
> ksetup, and got the key into krb5.keytab on ipaserver with password and
> enctype des-cbc-crc. But WinXP can't log the ipauser in.
>
> I've tried rc4-hmac but it made no difference. I have a question
> concerning this - rc4-hmac is not listed neither in kdc.conf nor in ldap
> as supported enctype but ipa-getkeytab didn't show an error when I tried
> to use this enctype. Should I add rc4-hmac in kdc.conf or ldap entry or
> it is irrelevant as WinXP is also said to support des-cbc-crc?
>
> Thank you,
I assume you also installed a GINA dll that can use the kerberos
libraris to perform a login ?
Just setting up kerberos is not enough to allow a login.
At least for test des-cbc-crc shouldn't be a problem. It would be
certainly better to use something more strong in production , but one
step at a time :)
For a start, does kinit work at all on the WinXP client ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list