[Freeipa-users] Windows authentication against FreeIPA documentation question.
Regarding: http://freeipa.org/page/Windows_authentication_against_FreeIPA I noticed that I have to create a matching user on the windows machine before the user can log in. I don't have to set the password, but I do have to add a user as the local admin on that windows machine. windows 7 32 bit in this case. Am I missing something or is the documentation missing something? # Han -- ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Windows authentication against FreeIPA documentation question.
On 22.2.2013 09:49, Han Boetes wrote: Regarding: http://freeipa.org/page/Windows_authentication_against_FreeIPA I noticed that I have to create a matching user on the windows machine before the user can log in. I don't have to set the password, but I do have to add a user as the local admin on that windows machine. windows 7 32 bit in this case. Am I missing something or is the documentation missing something? You didn't miss anything. MS Windows are able to use IPA (standard Kerberos) for authentication, but there is no standard way to use external LDAP database for Windows user accounts. For this reason you have to create local account for each user manually. I.e. IPA != AD. IPA <-> AD trust could work better for you, it depends on requirements. Look at pGina [1] if you don't want AD. [1] http://pgina.org/ -- Petr^2 Spacek ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] Windows authentication against FreeIPA documentation question.
On 22.2.2013 10:04, Petr Spacek wrote: On 22.2.2013 09:49, Han Boetes wrote: Regarding: http://freeipa.org/page/Windows_authentication_against_FreeIPA I noticed that I have to create a matching user on the windows machine before the user can log in. I don't have to set the password, but I do have to add a user as the local admin on that windows machine. windows 7 32 bit in this case. Am I missing something or is the documentation missing something? You didn't miss anything. MS Windows are able to use IPA (standard Kerberos) for authentication, but there is no standard way to use external LDAP database for Windows user accounts. For this reason you have to create local account for each user manually. I.e. IPA != AD. IPA <-> AD trust could work better for you, it depends on requirements. Look at pGina [1] if you don't want AD. [1] http://pgina.org/ I added explanatory paragraph to http://freeipa.org/page/Windows_authentication_against_FreeIPA Han, could you check if is it understandable, please? -- Petr^2 Spacek ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] Fwd: Windows authentication against FreeIPA documentation question.
That is the perfect explanation. For redundancy sake I would recommend to add change this part: 7. *** REBOOT *** 8. Log in as [user]@[REALM] with the initial password, you will be prompted to change the password then logged in. to 7. *** REBOOT *** 8. If you don't use an AD-trust add user accounts for all users that need to be able to log in. Do not set up a password for those users. 9. Log in as [user]@[REALM] with the initial password, you will be prompted to change the password then logged in. # Han ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] IPA with ILO
Just curious if anyone has configured HP ILO to authenticate against IPA. I'm just starting out and the fact that the ILO configuration screen has a section for a "SID" has me a bit concerned. -- The government is going to read our mail anyway, might as well make it tough for them. GPG Public key ID: B6A1A7C6 ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] IPA with ILO
On Fri, Feb 22, 2013 at 4:52 PM, KodaK wrote: > Just curious if anyone has configured HP ILO to authenticate against > IPA. I'm just starting out and the fact that the ILO configuration > screen has a section for a "SID" has me a bit concerned. i have not touched new HP gear for a while, but on our HP ILO of g5/6 proliants there is an ldap option, so you should be able to use that. -- natxo ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] IPA with ILO
On Fri, Feb 22, 2013 at 10:05 AM, Han Boetes wrote: > Hi Kodak, > > The question is: Which authentication mechanisms does HP ILO support? Their documentation kind of blurs the lines. It appears that the only directory that exists (according to HP) is AD, so they freely mix LDAP, AD and directory when talking about it in their documentation. It's a moot point now, though, because I brought it up that I needed a directory license for ILO to the Windows admins (who also "own" the hardware) and they nixed it -- they want to use AD or nothing. Sigh. Thanks, --Jason ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users