Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » LDAP/ActiveDirectory Users Unable To Authenticate - Invalid Password
  •  
mdhmi

Messages: 62
Karma: 0
Send a private message to this user
Just thought I'd pass this along. This is the second time I've been bitten in the butt by this..

LDAP users unable to authenticate. The Kerio logs just show "Invalid password". When you test the ActiveDirectory connection via the Admin Console the test completes properly.

This just tells you that ActiveDirectory (the LDAP portion) is working, it doesn't verify user authentication.

If there is a time difference between the ActiveDirectory server and your Kerio server kerberos authentication will fail.

It turns out our ActiveDirectory server was off by five minutes.. That's all it took.

If you suspect you might have this problem you can verify it by running the following :

kinit user<_a.t_>ADDOMAIN.COM 


If kerberos authentication is failing because of a drift you should receive a message like this:

kinit(v5): Clock skew too great while getting initial credentials


The solution is to correct the system date/time (preferably with NTP on all of your servers).

Just thought I'd pass this along this troubleshooting tidbit.

Cheers,

Mark



Previous Topic: Backup and restore
Next Topic: sdk toolkit
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Nov 23 08:38:18 CET 2017

Total time taken to generate the page: 0.00326 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.