I am attempting to follow this guide (https://www.rootusers.com/how-to-login-to-windows-with-a-freeipa-account/) to add a windows box to my cluster of FreeIPA-managed linux (rhel 8/9 and ubuntu) boxes.
I have gotten to the point where I have a user account on the windows box connected to FreeIPA, I change the password (since it always starts expired) but then I am hit with this error:
“To sign in remotely, you need the right to sign in through Remote Desktop Services. By default, members of the Remote Desktop Users group have this right. If the group you’re in doesn’t have this right, or if the right has been removed from the Remote Desktop Users group, you need to be granted this right manually.”
My user account is in the "Remote Desktop Users" and I have verified that this group has the correct permissions to allow logon via RDP (as well as verifying that no user groups are denied from logging onto the box).
I also added the user to the Remote Desktop Services group policy, but that did not work.
I am able to RDP in as Administrator, so I tried adding the user to Administrator just to ensure it had the right permissions, but that did not work.
I have been able to replicate this behavior with a fresh box and different FreeIPA accounts.
Any help, advice, or resources would be greatly appreciated. TIA
freeipa-users@lists.fedorahosted.org