Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Kerio appliance not able to authenticate to Win2k AD (AD authentication via Kerberos from Kerio not working)
  •  
plillelund

Messages: 4
Karma: 0
Send a private message to this user
Sad
we have a scenario with a quite new 7.2 VmWare Kerio virtual appliance server, where we cannot get our authentication to work.

We have no problems in importing all user information from AD via LDAP, and it seams as though passwords and all other info is cared for.

But every time we try to login via a user account that has to be authenticated in AD it fails. This is true both for WEB access or trying to set up a new mail account.

We have used setspn to verify the spn names and we have also used kinit from the same PC using the same credentials, and this works as supposed.

So there is something strange going on on the Kerio linux server.

Do anyone of you have idea to what is happening?
  •  
p0ddie

Messages: 242
Karma: -3
Send a private message to this user
Are you by any chance using the "official" centos Kerio appliance? Follow this kbase article: http://support.kerio.com/index.php?_m=knowledgebase&_a=v iewarticle&kbarticleid=382&nav=0,1,8

I had to install the packages pam_krb5, krb5-libs and krb5-workstation (2 of these were not in the VM). Then I copied over the krb5.conf file from my OS X server into /etc and rebooted. After that, kinit worked (and so did Kerberos authentication). This should be similar with Windows AD, too.
  •  
plillelund

Messages: 4
Karma: 0
Send a private message to this user
Thanks for you reply, it actually got me on track. I updated the appliance with these extra Kerberos software packages, and I could then test directly from the appliance up against over AD server. This lead me to investigate in large and small letters in the krb5.ini file, and after correcting this and using my domain name in capitals in the domain config in KERIO it actually works.
  •  
p0ddie

Messages: 242
Karma: -3
Send a private message to this user
No capitals in domain, no Kerberos Very Happy

Glad I could help.
Previous Topic: returned E-mails
Next Topic: Users/Domain Migration
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Oct 19 09:16:04 CEST 2017

Total time taken to generate the page: 0.00424 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.