Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Odd Domain/AD behavior
  •  
jplotkin

Messages: 3
Karma: 0
Send a private message to this user
We're doing a new install of Kerio. Internal domain is 'domain.local' and public domain is 'domain.com'. Kerberos setting is to 'domain.local'.

Directory Service tab Username field is 'domain.local'
Active Directory field at the bottom is 'domain.local'.

I have verified that traffic is flowing properly using a telnet 'ehlo' session. However the server is unable to authenticate the domain user and is bouncing inbound mail stating "#5.5.0 smtp;550 #5.1.0 Address rejected".

The auth login command in telnet ehlo does complete effectively.

So it seems that I can log in to the Kerio server but it doesn't believe that my e-mail address is valid.

Any help would be greatly appreciated.
  •  
marook

Messages: 520

Karma: 3
Send a private message to this user
As far as my knowledge goes, you have these issues to look into:

.local doamins:
These are used for LAN broadcast names, used in huge part by the Bonjour auto-discovery features of most modern OS's and printers etc. I would never ever user a .local domain for something like this!
Use .int or .internal or something.. if you Really need to make it different.. but...

Kerberos NEEDS to resolve!
You will never ever be able to use a Kerberos auth. from outside your LAN if it's not a domain the client computer can resolve!
Or, at least the user will not be able to login when their ticket expires after (the default) 10 hours!
Do you require a VPN connection in order to Authenticate??

What we do here, is use the same domain.com on both the inside & outside, and then make sure the DNS servers on each side resolve to the right IP's!
That way, you can set up you clients to connect to a hostname, and it will always connect to the right IP nomatter where they are.. !

Regards,

Jakob Peterhänsel
Consultant - Humac A/S

Apple Certified Support Professional (ACSP)
Apple Certified Technical Coordinator (ACTC)
AppleSeed/CQF member since 1998
Kerio Messaging Partner
Previous Topic: Moving Kerio Mail Server itself to Domain
Next Topic: KOC calendar
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Oct 17 09:42:37 CEST 2017

Total time taken to generate the page: 0.00388 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.