Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Kerio - Active Directory - Webmail Broken
  •  
bfrawley

Messages: 55
Karma: 0
Send a private message to this user
I am working in a test environment making sure that switching from local kerio user accounts to AD user accounts won't break anything in our setup.

I started out setting up a mock Domain Controller in a random test domain. I joined a second test system to the domain and installed Kerio. I installed the Kerio AD extensions on the DC and everything seemed to be working fine. I then removed the mock Kerio mail server from the domain, since my production mail server isn't a member of the domain, and webmail broke.

Only local users are able to login to webmail. If i go to the directory Service configuration settings for the domain I can still successfully test the connection. I create new users in AD and they show up in Kerio as LDAP users but none of them can log in to webmail. The only thing i see in the logs are warnings for invalid passwords.

I have tried uninstalling and re-intalling both the AD extensions and the entire mail server app.

Any ideas or is it as simple as the server needs to be a member of the domain?
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
By leaving ActiveDirectory domain the server probably lost configuration for Kerberos authentication. LDAP access for mapping user from AD works correctly but no-one can authenticate from that server to domain. This is not a webmail issue - it's a misconfiguration on the server. Make sure that Kerberos authentication is configured properly or -better- make join the server to AD domain.
  •  
bfrawley

Messages: 55
Karma: 0
Send a private message to this user
Actually my origional hunch appears to be correct. I found this in the install guide.

"Kerio MailServer is a member of the domain to be authenticated against. If Kerio MailServer is not the domain member, the Kerberos system will not be working and the users will have to use a local password, i.e. different from the password for the domain. "

According to that it won't work unless it is a member of the domain.
Previous Topic: Windows Active Directory Authentication Problem
Next Topic: Kerio webmail/ server functionality
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 05:31:15 CET 2017

Total time taken to generate the page: 0.00458 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.