Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Connect with kerberos
  •  
phl

Messages: 12
Karma: 0
Send a private message to this user
Hello,

My Kerio Connect server in in Virtual Appliance. It's working fine

My LDAP DataBase is OpenDirectory on Mac OS 10.9.4 Server.
Kerberos in active and working fine too (I tested it).

When I want to authenticate on Kerio with LDAP, in debug message, I've this error :

Krb5: get_init_creds_password(krbtgt/SERVER.DOMAIN.COM@SERVER.DOMAIN.COM, testkerio<_at_>SERVER.DOMAIN.COM): Cannot contact any KDC for requested realm, error code 0x96c73a9c (-1765328228)

I think "SERVER.DOMAIN.COM<_at_>XXXXXXXXXX" should be lowercase instead of uppercase.

Do you have any idea about it?
  •  
Pavel Dobry (Kerio)

Messages: 5180
Karma: 245
Send a private message to this user
Do you have correct configuration in edu.mit.Kerberos file? It seems the Kerberos client cannot locate KDC servers for SERVER.DOMAIN.COM realm.

Knowledge Base: http://kb.kerio.com/.
Technical support: http://www.kerio.com/support
------------------
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
phl

Messages: 12
Karma: 0
Send a private message to this user
Yes it is, like this :

[libdefaults]
default_realm = DOMAIN.COM
ticket_lifetime = 600
dns_fallback = no
[realms]
DOMAINE.COM = {
kdc = server.domain.com. :88
admin_server = server.domain.com.
}

  •  
Pavel Dobry (Kerio)

Messages: 5180
Karma: 245
Send a private message to this user
Kerberos realm you filed in email domain setting is SERVER.DOMAIN.COM, not DOMAIN.COM.

Knowledge Base: http://kb.kerio.com/.
Technical support: http://www.kerio.com/support
------------------
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
phl

Messages: 12
Karma: 0
Send a private message to this user
This change has not changed anything.
Reminder: Kerberos works perfectly on the Mac server.
All tests passed without problems.

But when I do the test:
kinit-V-S host/SERVER.DOMAIN.COM@SERVER.DOMAINE.COM od_user<_at_>SERVER.DOMAINE.COM
the server returns an error.
In contrast:
kinit-V-S host/server.domain.com@SERVER.DOMAINE.COM od_user<_at_>SERVER.DOMAINE.COM
Works perfectly.

I think the problem is in the syntax sent by Kerio
  •  
phl

Messages: 12
Karma: 0
Send a private message to this user
Hello,

Is anybody has a solution to this problem ? Crying or Very Sad Crying or Very Sad
  •  
Pavel Dobry (Kerio)

Messages: 5180
Karma: 245
Send a private message to this user
phl wrote on Mon, 22 September 2014 09:54
This change has not changed anything.
Reminder: Kerberos works perfectly on the Mac server.
All tests passed without problems.

But when I do the test:
kinit-V-S host/SERVER.DOMAIN.COM<_at_>SERVER.DOMAINE.COM od_user<_at_>SERVER.DOMAINE.COM
the server returns an error.
In contrast:
kinit-V-S host/server.domain.com<_at_>SERVER.DOMAINE.COM od_user<_at_>SERVER.DOMAINE.COM
Works perfectly.

I think the problem is in the syntax sent by Kerio


Kerio Connect uses the hostname as it is returned by the system. Perhaps your server (hosts file) uses hostname in upper case?

Knowledge Base: http://kb.kerio.com/.
Technical support: http://www.kerio.com/support
------------------
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
Previous Topic: iCal: status of attendants to a meeting not visible for others?
Next Topic: Kerio Messages marked as junk not being moved to junk folder
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Mar 27 04:50:17 CEST 2017

Total time taken to generate the page: 0.01066 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.