Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Active Directory ldap authentication
  •  
mailcall

Messages: 1
Karma: 0
Send a private message to this user
Hi guys, here goes our first post! Right, we have a newly created AD domain. We have set the domain up in Kerio Connect and configured "Directory Services".
Tests work fine and can add AD users both from the console and from AD Users and Computers (using Kerio AD extensions).
But we can't logon (authenticate) AD users!

We get erros like below:

HTTP/WebMail: Invalid password for user XXXXX

Cannot activate user, error code: 801.

UserManFacade::activateUsers: Failed with error: Failed to activate user, see logs for more info.

Do we have to configure Kerberos? (we really prefer not to cause we don't want to manage tickets, etc).

Any help much appreciated

Sam
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
I recommend contacting our technical support at http://support.kerio.com.
Check if the Active Directory Extension is properly installed and that the user used for authentication in Directory Services has a write (administrative) access to the Active Directory. Enable debug log for Directory Service Lookup (how to do that is described in the manual). It will show you the reason of the error.
  •  
s.lebrun62

Messages: 6
Karma: 0
Send a private message to this user
When you created your user, did you unchecked "user must change password at next logon" else the user you just created is not enable. Verify also that user is member of "domain user" (hope this is the right translation because I have a french AD) group.
  •  
giampos

Messages: 187
Karma: 2
Send a private message to this user
I have problems too, with authentication to Active Directory server, In the domain tab of Kerio the connection to AD is ok, users are imported and visible real time, when I create in the AD. But I can't authenticate via web mail. AD extension are installed, the user is enable to kerio service. The server is 2008. And my Kconnect version is 7.0.1.

The user configured to ad service is administrator<_at_>domain.com of windows server, so I think it has administrative access to AD.
  •  
dreniarb

Messages: 5
Karma: 0
Send a private message to this user
You might check these settings. I had emailed tech support about problems with SPA authentication in outlook and this was their response.
Quote:
For SPA to work, there are four requirements that must be satisfied:

1) KMS must be running on Windows

2) The client computer must be a member of the domain

3) In the web administration interface, in Configuration -> Domains -> edit domain -> Advanced -> Windows NT domain. The NTLM field must contain the correct value. On the AD Controller, go to Domains and Trusts, right-click on the domain name and left-click on Properties. You should see the pre-Windows 2000 domain name listed there. That is what you want to use as the NT Domain value

4) The 'Allow NTLM authentication for users with Kerberos authentication (for Active Directory users)' must be checked
(i.e. Configuration -> Advanced Options -> Security Policy)

Please check these items to verify they are configured correctly. Then try it again


For me steps 3 and 4 were what fixed my problem.
  •  
martinbelga

Messages: 5
Karma: 0
Send a private message to this user
same problem os centos..ad win2003...
  •  
martinbelga

Messages: 5
Karma: 0
Send a private message to this user
  •  
martinbelga

Messages: 5
Karma: 0
Send a private message to this user
Problem solved /etc/krb5.conf needs to be adapted
  •  
clevergod

Messages: 13

Karma: 0
Send a private message to this user
martinbelga wrote on Mon, 20 September 2010 22:18
Problem solved /etc/krb5.conf needs to be adapted

Tell the solution read more
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
clevergod wrote on Tue, 30 September 2014 06:11
martinbelga wrote on Mon, 20 September 2010 22:18
Problem solved /etc/krb5.conf needs to be adapted

Tell the solution read more


http://kb.kerio.com/product/kerio-connect/virtual-appliance- linux/how-do-i-join-kerio-connect-running-on-linux-to-open-d irectory-or-active-directory-308.html#krb5conf
Previous Topic: Performance Problems With Kerio Connect 8.3.1
Next Topic: Account Assistant on OS X
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Aug 18 12:32:17 CEST 2017

Total time taken to generate the page: 0.00446 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.