Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » OD user, Kerberos auth and DNS conf (authentication)
  •  
adm2p2l

Messages: 6
Karma: 0
Send a private message to this user
Hi

heres the debug log file i get when im trying to log with an OD user via webmail, dont know if its a kerberos or DNS error

[18/Nov/2010 16:20:37][2982424576] {dns} Searching DNS for PTR records for IP address 213.30.xx.xx
[18/Nov/2010 16:20:37][2982424576] {dns} Querying server no. 1, address 192.168.165.10
[18/Nov/2010 16:20:37][2982424576] {dns} Got answer
[18/Nov/2010 16:20:37][2982424576] {dns} Valid answer arrived
[18/Nov/2010 16:20:37][2982424576] {dns} PTR record: IP=213.30.xx.xx, name=reverse.completel.net
[18/Nov/2010 16:20:37][2982424576] {dns} Searching DNS for PTR records for IP address 213.30.xx.xx
[18/Nov/2010 16:20:37][2982424576] {dns} Querying server no. 1, address 192.168.165.10
[18/Nov/2010 16:20:37][2982424576] {dns} Got answer
[18/Nov/2010 16:20:37][2982424576] {dns} Valid answer arrived
[18/Nov/2010 16:20:37][2982424576] {dns} PTR record: IP=213.30.xx.xx, name=reverse.completel.net
[18/Nov/2010 16:20:37][2983481344] {dns} Searching DNS for PTR records for IP address 213.30.xx.xx
[18/Nov/2010 16:20:37][2983481344] {dns} Querying server no. 1, address 192.168.165.10
[18/Nov/2010 16:20:37][2983481344] {dns} Got answer
[18/Nov/2010 16:20:37][2983481344] {dns} Valid answer arrived
[18/Nov/2010 16:20:37][2983481344] {dns} PTR record: IP=213.30.xx.xx, name=reverse.completel.net
[18/Nov/2010 16:20:37][2984538112] {dns} Searching DNS for PTR records for IP address 213.30.xx.xx
[18/Nov/2010 16:20:37][2984538112] {dns} Querying server no. 1, address 192.168.165.10
[18/Nov/2010 16:20:37][2984538112] {dns} Got answer
[18/Nov/2010 16:20:37][2984538112] {dns} Valid answer arrived
[18/Nov/2010 16:20:37][2984538112] {dns} PTR record: IP=213.30.xx.xx, name=reverse.completel.net
[18/Nov/2010 16:20:37][2985594880] {dns} Searching DNS for PTR records for IP address 213.30.xx.xx
[18/Nov/2010 16:20:37][2985594880] {dns} Querying server no. 1, address 192.168.165.10
[18/Nov/2010 16:20:37][2985594880] {dns} Got answer
[18/Nov/2010 16:20:37][2985594880] {dns} Valid answer arrived
[18/Nov/2010 16:20:37][2985594880] {dns} PTR record: IP=213.30.xx.xx, name=reverse.completel.net
[18/Nov/2010 16:20:37][2986651648] {dns} Searching DNS for PTR records for IP address 213.30.xx.xx
[18/Nov/2010 16:20:37][2986651648] {dns} Querying server no. 1, address 192.168.165.10
[18/Nov/2010 16:20:37][2986651648] {dns} Got answer
[18/Nov/2010 16:20:37][2986651648] {dns} Valid answer arrived
[18/Nov/2010 16:20:37][2986651648] {dns} PTR record: IP=213.30.xx.xx, name=reverse.completel.net
[18/Nov/2010 16:20:37][2999332864] {ldapdb} 00FB281B-ABCF-4F44-91A1-44B40E26A84E: Looking up in cache...
[18/Nov/2010 16:20:37][2999332864] {ldapdb} 00FB281B-ABCF-4F44-91A1-44B40E26A84E: found in cache admin<_at_>2p2l.info
[18/Nov/2010 16:20:42][2986651648] {ldapdb} jeff<_at_>2p2l.info: Looking up in cache...
[18/Nov/2010 16:20:42][2986651648] {ldapdb} Acquired connection to the LDAP server: "MAIL.2P2L.DOC". Pool slot: 0; Thread ID: 2986651648
[18/Nov/2010 16:20:42][2986651648] {ldapdb} LDAP search request: filter=" (&(objectclass=apple-user)(&(uid=jeff))(kerio-Mail-A ctive=*)) ", base DN="cn=users,dc=mail,dc=2p2l,dc=doc", scope=2. ThreadId: 2986651648
[18/Nov/2010 16:20:42][2986651648] {ldapdb} Performing LDAP search using no server side controls. Thread Id: 2986651648.
[18/Nov/2010 16:20:42][2986651648] {ldapdb} Result of last LDAP search is 0. Thread Id: 2986651648.
[18/Nov/2010 16:20:42][2986651648] {ldapdb} LDAP search result: (0) "Success". ThreadId: 2986651648
[18/Nov/2010 16:20:42][2986651648] {ldapdb} LDAP search request: filter="(memberUid=jeff)", base DN="cn=groups,dc=mail,dc=2p2l,dc=doc", scope=2. ThreadId: 2986651648
[18/Nov/2010 16:20:42][2986651648] {ldapdb} Performing LDAP search using no server side controls. Thread Id: 2986651648.
[18/Nov/2010 16:20:42][2986651648] {ldapdb} Result of last LDAP search is 0. Thread Id: 2986651648.
[18/Nov/2010 16:20:42][2986651648] {ldapdb} LDAP search result: (0) "Success". ThreadId: 2986651648
[18/Nov/2010 16:20:42][2986651648] {ldapdb} LDAP connection was returned back to pool slot: 0. ThreadId: 2986651648
[18/Nov/2010 16:20:42][2986651648] {auth} Krb5: entering auth (user: jeff<_at_>2P2L.INFO)
[18/Nov/2010 16:20:42][2986651648] {auth} Krb5: get_init_creds_password(krbtgt/2P2L.INFO@2P2L.INFO, jeff<_at_>2P2L.INFO): Cannot resolve network address for KDC in requested realm, error code 0x96c73adc (-1765328164)

any clue ?

tia

Jeff
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Show us your krb5.conf.
  •  
adm2p2l

Messages: 6
Karma: 0
Send a private message to this user
good question
i cant get my hands on it Confused
where is this file on 10.6 ?
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Ooops. Kerberos on 10.6 is a mess. Up to and including 10.5, the OS X Kerberos was apparently just the MIT software some nice tools from Apple, but now can't make heads or tails of it. Sorry. I'm on a Macbook Pro with 10.6 and I'm lost. Hit Google ...
  •  
adm2p2l

Messages: 6
Karma: 0
Send a private message to this user
yeah think i need to read and make a clean install again
my issue is DNS config only
i'll be back or not Wink
tnx a lot
  •  
adm2p2l

Messages: 6
Karma: 0
Send a private message to this user
Laughing
SUCCEEEEESSSSSSSS !!!!!!
heres the new debug log file
[24/Nov/2010 14:47:39][2984005632] {ldapdb} jeff<_at_>2p2l.info: Looking up in cache...
[24/Nov/2010 14:47:39][2984005632] {ldapdb} Acquired connection to the LDAP server: "MAIL.2P2L.INFO". Pool slot: 0; Thread ID: 2984005632
[24/Nov/2010 14:47:39][2984005632] {ldapdb} LDAP search request: filter=" (&(objectclass=apple-user)(&(uid=jeff))(kerio-Mail-A ctive=*)) ", base DN="cn=users,dc=mail,dc=2p2l,dc=info", scope=2. ThreadId: 2984005632
[24/Nov/2010 14:47:39][2984005632] {ldapdb} Performing LDAP search using no server side controls. Thread Id: 2984005632.
[24/Nov/2010 14:47:39][2984005632] {ldapdb} Result of last LDAP search is 0. Thread Id: 2984005632.
[24/Nov/2010 14:47:39][2984005632] {ldapdb} LDAP search result: (0) "Success". ThreadId: 2984005632
[24/Nov/2010 14:47:39][2984005632] {ldapdb} LDAP search request: filter="(memberUid=jeff)", base DN="cn=groups,dc=mail,dc=2p2l,dc=info", scope=2. ThreadId: 2984005632
[24/Nov/2010 14:47:39][2984005632] {ldapdb} Performing LDAP search using no server side controls. Thread Id: 2984005632.
[24/Nov/2010 14:47:39][2984005632] {ldapdb} Result of last LDAP search is 0. Thread Id: 2984005632.
[24/Nov/2010 14:47:39][2984005632] {ldapdb} LDAP search result: (0) "Success". ThreadId: 2984005632
[24/Nov/2010 14:47:39][2984005632] {ldapdb} LDAP connection was returned back to pool slot: 0. ThreadId: 2984005632
[24/Nov/2010 14:47:39][2984005632] {auth} Krb5: entering auth (user: jeff<_at_>2P2L.INFO)
[24/Nov/2010 14:47:39][2984005632] {auth} Krb5: user jeff<_at_>2P2L.INFO authenticated.

[24/Nov/2010 14:47:49][2985062400] {dns} Searching cache for MX records for host 2p2l.com
[24/Nov/2010 14:47:49][2985062400] {smtpc} Sending email to SMTP server relay1.completel.fr, delivering mail from <jeff<_at_>2p2l.info>
[24/Nov/2010 14:47:49][2985062400] {dns} Searching cache for A records for host relay1.completel.fr
[24/Nov/2010 14:47:49][2985062400] {smtpc} Connecting to 213.245.2.2 (relay1.completel.fr)...
[24/Nov/2010 14:47:49][2985062400] {smtpc} Connected to relay1.completel.fr
[24/Nov/2010 14:47:49][2985062400] {smtpc} Received greeting: 220 mx8.cptl.sdv.fr ESMTP Postfix
[24/Nov/2010 14:47:49][2985062400] {smtpc} Sending EHLO
[24/Nov/2010 14:47:49][2985062400] {smtpc} Sent MAIL command
[24/Nov/2010 14:47:49][2985062400] {smtpc} Got reply: 250 2.1.0 Ok
[24/Nov/2010 14:47:49][2985062400] {smtpc} Sent RCPT TO: <jeff<_at_>2p2l.com>
[24/Nov/2010 14:47:49][2985062400] {smtpc} Got reply: 550 5.1.8 <jeff<_at_>2p2l.info>: Sender address rejected: Domain not found
[24/Nov/2010 14:47:49][2985062400] {smtpc} Recipient <jeff@2p2l.com> not accepted: 550 5.1.8 <jeff<_at_>2p2l.info>: Sender address rejected: Domain not found
[24/Nov/2010 14:47:49][2985062400] {smtpc} No recipient succeeded
[24/Nov/2010 14:47:49][2985062400] {smtpc} QUIT sent, got reply: 221 2.0.0 Bye
[24/Nov/2010 14:47:49][2985062400] {smtpc} Sending email to SMTP server relay2.completel.fr, delivering mail from <jeff<_at_>2p2l.info>
[24/Nov/2010 14:47:49][2985062400] {dns} Searching cache for A records for host relay2.completel.fr
[24/Nov/2010 14:47:49][2985062400] {smtpc} Connecting to 213.245.2.2 (relay2.completel.fr)...
[24/Nov/2010 14:47:49][2985062400] {smtpc} Connected to relay2.completel.fr
[24/Nov/2010 14:47:49][2985062400] {smtpc} Received greeting: 220 mx7.cptl.sdv.fr ESMTP Postfix
[24/Nov/2010 14:47:49][2985062400] {smtpc} Sending EHLO
[24/Nov/2010 14:47:49][2985062400] {smtpc} Sent MAIL command
[24/Nov/2010 14:47:49][2985062400] {smtpc} Got reply: 250 2.1.0 Ok
[24/Nov/2010 14:47:49][2985062400] {smtpc} No recipient succeeded
[24/Nov/2010 14:47:49][2985062400] {smtpc} QUIT sent, got reply: 221 2.0.0 Bye

whats exactly missing ?
tia

Jeff
  •  
id t

Messages: 50
Karma: 0
Send a private message to this user
TorW wrote on Tue, 23 November 2010 19:46
Ooops. Kerberos on 10.6 is a mess. Up to and including 10.5, the OS X Kerberos was apparently just the MIT software some nice tools from Apple, but now can't make heads or tails of it. Sorry. I'm on a Macbook Pro with 10.6 and I'm lost. Hit Google ...


why you say so? I just upgraded to 10.6 and moved my mail server to Ubuntu; Kerio on linux correctly authenticates to OD master/replica via Kerberos, it took no more than 30 minutes to set up (once the DNS is right).
  •  
adm2p2l

Messages: 6
Karma: 0
Send a private message to this user
just modifiy the reverse DNS at my ISP
it worx now !!!!!!
Very Happy Laughing Cool Surprised
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
id t wrote on Wed, 24 November 2010 20:45

why you say so? I just upgraded to 10.6 and moved my mail server to Ubuntu; Kerio on linux correctly authenticates to OD master/replica via Kerberos, it took no more than 30 minutes to set up (once the DNS is right).


I have absolutely no doubts that it works, but in 10.5 and lower it was a breeze to configure when coming from Unix/Linux. Now it's not so easy since Apple apparently changed the tools and the location of the config files. My earlier statement was just my two cents, so to speak.
Previous Topic: Users are seeing other users mailboxes in Webmail since 7.1.0
Next Topic: BES express
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 06:32:49 CET 2017

Total time taken to generate the page: 0.00469 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.