Has anyone successfully set up authentication and authorization between MacOS X and FreeIPA?
An old revision of the FreeIPA documentation explains how to get it working in 10.4 and nothing in their current documentation indicates it can't be made to work; but so far I'm unsuccessful getting it working.
The outdated FreeIPA guide is here: http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Macintosh_OS_X.html
Following this guide I've successfully got Directory Services browsing the LDAP repository, Directory Services can authenticate as a user in LDAP, and 'kinit ' works on the command line. However I can not login over ssh or the login screen as a Kerberos user. The console provides no indication what the error is, and tcpdump'ing kinit and ssh login they both appear to be sending very similar data over the wire.
Any troubleshooting tips or pointer to relevant guides would be appreciated. Thanks!