We're doing a new install of Kerio. Internal domain is 'domain.local' and public domain is 'domain.com'. Kerberos setting is to 'domain.local'.
Directory Service tab Username field is 'domain.local'
Active Directory field at the bottom is 'domain.local'.
I have verified that traffic is flowing properly using a telnet 'ehlo' session. However the server is unable to authenticate the domain user and is bouncing inbound mail stating "#5.5.0 smtp;550 #5.1.0 Address rejected".
The auth login command in telnet ehlo does complete effectively.
So it seems that I can log in to the Kerio server but it doesn't believe that my e-mail address is valid.
Any help would be greatly appreciated.
As far as my knowledge goes, you have these issues to look into:
These are used for LAN broadcast names, used in huge part by the Bonjour auto-discovery features of most modern OS's and printers etc. I would never ever user a .local domain for something like this!
Use .int or .internal or something.. if you Really need to make it different.. but...
Kerberos NEEDS to resolve!
You will never ever be able to use a Kerberos auth. from outside your LAN if it's not a domain the client computer can resolve!
Or, at least the user will not be able to login when their ticket expires after (the default) 10 hours!
Do you require a VPN connection in order to Authenticate??
What we do here, is use the same domain.com on both the inside & outside, and then make sure the DNS servers on each side resolve to the right IP's!
That way, you can set up you clients to connect to a hostname, and it will always connect to the right IP nomatter where they are.. !
Consultant - Humac A/S
Apple Certified Support Professional (ACSP)
Apple Certified Technical Coordinator (ACTC)
AppleSeed/CQF member since 1998
Kerio Messaging Partner
Kerio discussion forums are intended for open communication between forum
members and may contain information and material posted by members which may
be useful in learning about Kerio products. The discussion forums are not
intended to provide technical support for any specific product. Any
information implied or expressed in the discussion forums is that of the
posting member. Kerio is in no way responsible for the information posted in
the forums, or its accuracy. Kerio employees may participate in the
discussions, but their postings do not represent an offical position of the
company on any issues raised or discussed. Kerio reserves the right to
monitor and maintain the forums to promote free and accurate exchange of