Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » NTLM verification using Outlook with multiple domains
  •  
mike65537

Messages: 4
Karma: 0
Send a private message to this user
I have the following problem:

I want users to login to Keriomail using safe password verification. One of the adaptions I have to make for that is to put my Windows NT domain name in the advanced tab of the domainsettings.

It all works fine with just one domain. However if I also add that windows NT domain name (the same domain) in one of the other domains I have it doesn't work.
If I try to login then a mailbox with the other domainname is automatically generated. I then logon to a empty mailbox from that other domainname.
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
Is the server a member of the domain that NTLM is working for?

If I remember right, in order for NTLM authentication to work, the server must belong to the domain you are trying to authenticate against. That would give you the ability to use NTLM for only one domain per KMS server.

Scott
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
I probably should have read that more thoroughly. At first I thought you had two Windows domains, and two email domains configured on KMS.

It sounds like you're trying to get two email domains to authenticate against the same Windows domain. That won't work. If you have two domains that both reference the same NT domain, the system has no way of knowing which e-mail domain you want to log in to since the same authentication is set to apply to two domains.

In other words, if user jsmith tries to authenticate with KMS, is that for domain A that references the Windows domain, or domain B that references the Windows domain?

It might work if users are logging in, say to webmail, with a full e-mail address as the user name (I have never tried or tested this), but that information is not available with NTLM authentication.

Scott
  •  
rinzwind

Messages: 145
Karma: 1
Send a private message to this user
I have the same problem (already posted a topic about it). Kerio MailServer does obvious know which e-mail domain belongs to which user. I imported my e-mail users from AD (Kerberos 5 authentication).
KOC AD authentication works for primary e-mail domains, but fails for others. Manually entering the full e-mail address en password works, but defeats the purpose of AD credentials...

The authentication itself succeeds according to the logs. It just insists on returning a primary e-mail domain, which fails because there isn't one for this user (there is a alias, but that is something different).

I have an open call, no success up to now.
  •  
jledbett

Messages: 61
Karma: 0
Send a private message to this user
If you figure this out I would be very interested as well. I have one AD domain, but 7 email domains. Everytime I try to import an AD account for one domain, it creates an email address in every domain, thus using 7 licenses for one email user. Sad
  •  
rinzwind

Messages: 145
Karma: 1
Send a private message to this user
I don't use the AD extension because it seemed not up to the task of handling multiple e-mail domains of users from one AD domain.

However, I later read something about using different OU's and changing the Kerio config file.

Didn't look into it as you can simply import AD users as groupware users into Kerio and configure them from there. That way you don't have to hassle with the AD plugin.

You can change passwords, Kerio will authenticate against AD so no problem there. Except with KOC as mentioned above.
Previous Topic: Verizon Delivery issues
Next Topic: iSync Duplication
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 08:35:26 CET 2017

Total time taken to generate the page: 0.00398 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.