Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » FIXED : Active Directory Authentication does not work after 7.0.1 upgrade (Active Directory Authentication does not work after 7.0.1 upgrade)
Adam Hughes

Messages: 3
Karma: 0
Send a private message to this user
I've just updated my kerio connect server from patch 1 to 7.0.1.
The install worked fine and reported no error's, but none of the users can log in anymore.

I have tested adding a new (local) user and a new (directory service) user and only the local one works.

All my users are located in a windows 2003 active directory domain and my server is running on ubuntu 9.10.
All was working fine before the upgrade but since the upgrade the active directory authentication no longer works.

I have enabled debug (aux modules - user authentication and directory server lookup).
When I try to log on (though the webmail interface) I get the following error :

[08/Apr/2010 15:24:04][2217] {auth} Krb5: get_init_creds_password(krbtgt/QUESTLEISURE<_at_>QUESTLEISURE,[/email]): Cannot contact any KDC for requested realm, error code 0x96c73a9c (-1765328228)

[Updated on: Thu, 08 April 2010 15:35]

Adam Hughes

Messages: 3
Karma: 0
Send a private message to this user
I have found and fixed the issue.

Firstly when I restarted the server the authentication no longer worked so in an attempt to fix it I changed the domain name in teh advanced tab in the domain config from QUESTLEISURE.COM to QUESTLEISURE.

When I reverted this change and tried again I got the error :

[08/Apr/2010 15:30:48][2217] {auth} Krb5: get_init_creds_password(krbtgt/QUESTLEISURE.COM@QUESTLEISURE.COM,<_at_>QUESTLEISURE.COM): Clock skew too great, error code 0x96c73a25 (-1765328347)

So the initial issue was the fact that the server hadn't been restarted since the time change (I live in the UK and we swicthed from GMT to BST last week).

All I needed to do was bring the time on the mail server inline with the active directory server and all was okay (I have installed ntp-simple to do this for me from now on)

Previous Topic: Kerio Connect 7.0.1 Released
Next Topic: Cross-domain groups
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 04:15:25 CET 2017

Total time taken to generate the page: 0.00412 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.