I've set up windows with the instructions given over here: http://freeipa.com/page/Windows_authentication_against_FreeIPA
And all seems to be working fine. After I run klist I see valid tickets: Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. Alle Rechte vorbehalten. C:\Users\fh>klist Aktuelle Anmelde-ID ist 0:0x153b25 Zwischengespeicherte Tickets: (1) #0> Client: fh @ REALM Server: krbtgt/REALM @ REALM KerbTicket (Verschlüsselungstyp): AES-256-CTS-HMAC-SHA1-96 Ticketkennzeichen 0x40e10000 -> forwardable renewable initial pre_authen t name_canonicalize Startzeit: 1/4/2013 14:03:11 (lokal) Endzeit: 1/5/2013 14:03:11 (lokal) Erneuerungszeit: 1/11/2013 14:03:11 (lokal) Sitzungsschlüsseltyp: AES-256-CTS-HMAC-SHA1-96 I can do a passwordless login with the latest putty with kerberos authentication, I disabled password and key logins. And then on the host I checked klist and got this: [fh@test-server-ipa ~]$ klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_1554800011) sudo also doesn't work. To test the setup I did the same from linux host and login in, sudo, klist etc etc all work fine. So I checked the sshd -d output difference and the only difference I see is: -Postponed gssapi-with-mic for fh from 192.168.2.73 port 50334 ssh2 -debug1: Received some client credentials +Postponed gssapi-with-mic for fh from 192.168.2.56 port 49168 ssh2 +debug1: Got no client credentials Where .73 is the linux host and .56 is the windows host. What am I missing here? -- # Han
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users