Hi all,

i am trying to configure Windows authentication against FreeIPA using this guide:

https://www.freeipa.org/page/Windows_authentication_against_FreeIPA

Everything worked so far. I added the local User the to "Remote Desktop User" group but it doesn't work with RDP. The Message says that the User is not in the Remote Desktop Group.

Now what i could find out is, that the problem is that the following command was run on the IPA Server after the initial Installation of FreeIPA: ipa-adtrust-install --add-sids --netbios-name=EXAMPLE -a

So if i understand that correctly, "--add-sids" assigns a SID identifier to all groups in FreeIPA. That's why the RDP ist not working, because the User is not mapped to the local Windows User.

How can i make it work?

1. Is it possible to add the FreeIPA User/Group to the "Remote Desktop User" Group so that RDP works? Do i have to configure something in Samba or FreeIPA?

2. Can i somehow undo the Configuration that was done with "ipa-adtrust-install --add-sids"? Can i remove the assigned SIDs?

Any help will be much appreciated. with regards,

Alexander Becker