Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Can't authenticate to kerio via PAM + LDAP

Messages: 13
Karma: 0
Send a private message to this user
We are moving from an NIS environment to an LDAP environment and having trouble authenticating to Kerio. Basically, here's the deal.

Previously, we had an environment with 3 servers (NIS primary, Samba and Kerio), all using NIS to keep their user info in sync. Kerio was set to authenticate via PAM which got it's information from the replicated NIS data. No problems.

Now, though, rather than using PAM to keep our user data in sync, we're using OpenLDAP. Everything's working except for the Kerio authentication. The users have the same usernames and can log onto (via SSH) the kerio server, so I'm pretty sure that PAM is working, but I can't log on as that same user to Kerio, even though Kerio is set to authenticate via PAM.

Any help would be greatly appreciated. In my mind, this should be pretty clear cut so I'm sure that I've just overlooked something stupid.

- User can ssh into box with credentials user / password
- Kerio mail server account for user is set to authenticate via Linux PAM
- User goes to webmail and tries to login with user / password (same as the one she successfully logged in via SSH) and it bombs. I'm tailing /var/log/messages and I see the entries below when I try to login:

Jun 3 18:43:44 mail keriomail(pam_unix)[9462]: check pass; user unknown
Jun 3 18:43:44 mail keriomail(pam_unix)[9462]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=

I have a few users set to authentiate to the internal database and they're able to login with no problems at all.

The box said "Requires Windows 98 or better", so I installed Linux
Previous Topic: KMS 6.4 - OSX Server 10.4.9 and ClamXav/Clamav
Next Topic: Groups
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 09:38:24 CET 2017

Total time taken to generate the page: 0.00431 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.