Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Can't authenticate against LDAP after server migration / version upgrade
  •  
atsc

Messages: 3
Karma: 0
Send a private message to this user
Dear,

We are currently testing a server migration from Kerio Connect 7.1.2 build 2260 to 8.0.1 build 1028. We did a RSYNC for all the data manually recreated the mailserver.cfg config file. When i try to connect with an Outlook 2010 client (Latest Kerio Connect plugin installed) i see this message in the security.log file

HTTP/KOFF: Invalid password for user user<_at_>domain.com. Attempt from IP address 10.10.10.3.

It looks like it's trying to authenticate against the local user database while the domain is configured for LDAP authentication (LDAP test connection is succesfull). Any help would be appreciated.

Kind regards

[Updated on: Fri, 05 April 2013 16:26]

  •  
atsc

Messages: 3
Karma: 0
Send a private message to this user
It looks like Kerberos wasn't configured, i followed the instruction at KB "Working with the Kerio Connect Virtual Appliance" section "How to set up Kerberos user authentication against Active Directory" but still no luck.

I registered the kerio connect server / appliance at the master domain controller and klist shows a valid principal

Kerberos authentication port 88 of the domain controller defined as kdc is reachable but the administration port 749 is not reachable by the kerio connect server / appliance.
  •  
Jeff Wadlow (Kerio)

Messages: 193
Karma: 6
Send a private message to this user
Try enabling 'User Authentication' logging in the Debug log:

In the Kerio Connect WebAdmin, go to Logs -> Debug
Right-click in the right window
Left-click on 'Messages'
Check the box for 'User Authentication'
Click OK
Right-click again and clear the log.

Watch the Debug log while trying to log into WebMail as a user mapped from Active Directory.

This should produce a Kerberos error that you need to troubleshoot and fix.

Make sure the TCP/IP settings on the computer running Kerio Connect point to the domain controller for the DNS server setting.

  •  
atsc

Messages: 3
Karma: 0
Send a private message to this user
Changed / corrected the Kerberos realm and now everything works fine, thanks for the support!
Previous Topic: Folders to sync in new webmail?
Next Topic: XMPP Service not Starting
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Oct 19 16:40:07 CEST 2017

Total time taken to generate the page: 0.00412 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.