Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Distributed Domains with OS X and CentOS and OD - Problems

Messages: 242
Karma: -3
Send a private message to this user
Hi there,

I have a strange problem with distributed domains I want to set up.

TL;DR: I can authenticate to the second server and a newly created user works like a charm, but when I migrate a user over, I can't access the files in the mailstore.

More thorough explanation:

I have an Xserve with 10.6.4 server as an Open Directory master (who also has an OD replica) that hosts Kerio 7.2.2. This is the master server, referred to as server 1 from now on. All Kerio users are from the OD with Kerberos authentication, this also works like a charm.

I have installed the newest official Kerio VM with CentOS in VMWare Fusion on the same machine to act as a secondary server for distributed domains (specific reasons to do this). This is server 2.

Anyway, I set up the CentOS machine with its hostname and IP stuff, everything ok. Updated Kerio (the update script didn't do that, so I installed the rpm myself) -ok.

Clicked the distributed domains button and set up the distributed domain - ok.

After having had authentication problems I checked with Patrick from German Kerio support and he pointed me to Kbase 382 ( iewarticle&kbarticleid=382&nav=0,1,8) to correctly set up Kerberos authentication.

So what I did is install the packages pam_krb5, krb5-libs and krb5-workstation (2 of these were not in the VM). Then I copied over the krb5.conf file from the OS X server into /etc and rebooted. After that, kinit worked.

Authentication via Kerberos works for the CentOS VM: I can add an OD user directly on the VM and log in via webmail, send mails to it, send mails from it etc.

I can also create a user on server 1, then migrate it over to server 2 and log in successfully.

The problem arrives when I migrate an long existing user over from server 1 to server 2 (I tried with 2 different users): It shows the user, I click "migrate here", the machines copy over everything (looking into the mailstore on server 2 reveals every file has been copied, also looking at the user in Kerio webadmin shows the exact number of objects and amount of data), but when I log into webmail I can only see the inbox with 0 objects and the public folders. Clicking on the mail address in the top left corner gives me an error that the folders could not be accessed. The Kerio log on server 2, unfortunately, only show "could not open folder".

The permissions on server 2's mailstore seem to be ok, owned by root (and the mailserver, as stated earlier, sees all the files). I also tried the "administrative headshot" of chmod -R 777 the entire mailstore, no dice.

What weirds me out is the fact that a freshly created, then migrated user from server 1 to server 2 works, but not an existing one.

Could it be something ACL related? I didn't check thoroughly, but it could be "the other admin" propagated some ACLs on the mailstore on the OS X server (yeah, I know) and those come back and bite me now since they get copied over to server 2 and server 2 doesn't know what to do with them...

Help please!
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Both servers must be properly licensed.

Messages: 242
Karma: -3
Send a private message to this user
Hehe yeah, your 2nd level support told me after bouncing logs back and forth. Good to know for the next time. Usually, I don't enter the license until I can make sure the server works the way I want it too. My suggestion: Put it in the manual (if it's not in there already, in that case I need to buy some reading glasses).

Everything works like a charm now.

Previous Topic: How to support multiple contact folders in Apple Address Book
Next Topic: Good news on 7.2
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 07:43:52 CET 2017

Total time taken to generate the page: 0.00544 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.