[Freeipa-users] Windows authentication against FreeIPA documentation question.

Petr Spacek pspacek at redhat.com
Fri Feb 22 12:55:19 UTC 2013


On 22.2.2013 10:04, Petr Spacek wrote:
> On 22.2.2013 09:49, Han Boetes wrote:
>> Regarding: http://freeipa.org/page/Windows_authentication_against_FreeIPA
>>
>> I noticed that I have to create a matching user on the windows machine before
>> the user can log in. I don't have to set the password, but I do have to add a
>> user as the local admin on that windows machine. windows 7 32 bit in this case.
>>
>> Am I missing something or is the documentation missing something?
>
> You didn't miss anything. MS Windows are able to use IPA (standard Kerberos)
> for authentication, but there is no standard way to use external LDAP database
> for Windows user accounts.
>
> For this reason you have to create local account for each user manually.
>
> I.e. IPA != AD.
>
> IPA <-> AD trust could work better for you, it depends on requirements. Look
> at pGina [1] if you don't want AD.
>
> [1] http://pgina.org/

I added explanatory paragraph to
http://freeipa.org/page/Windows_authentication_against_FreeIPA

Han, could you check if is it understandable, please?

-- 
Petr^2 Spacek




More information about the Freeipa-users mailing list