Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » AD authentication (User can´t authenticate via AD)
  •  
robert.lesch

Messages: 6
Karma: 1
Send a private message to this user
Hi, I have several users in my Kerio Control Box (31xx) 8.5.2 and they all can authenticate via AD. Only the CEO is unable to athenticate via AD, as an internal user with the same Password everything works fine.

The debug-log Shows:

[23/Apr/2015 10:40:00] {vpnclient} Client[79.240.198.68:57032](76): service thread registered
[23/Apr/2015 10:40:00] {vpnclient} Client[79.240.198.68:57032]: client successfully added into list, assigned id = 76
[23/Apr/2015 10:40:00] {vpnclient} Client[79.240.198.68:57032](76): local TCP address = 212.126.207.36:4090
[23/Apr/2015 10:40:01] {vpnclient} Client[79.240.198.68:57032](76): received complete command
[23/Apr/2015 10:40:01] {vpnclient} Client[79.240.198.68:57032](76): received VERSION message, version = 4
[23/Apr/2015 10:40:01] {vpnclient} Client[79.240.198.68:57032](76): sending VERSION message, version = 4
[23/Apr/2015 10:40:01] {vpnclient} Client[79.240.198.68:57032](76): received complete command
[23/Apr/2015 10:40:01] {vpnclient} Client[79.240.198.68:57032](76): received USER message, user = claus
[23/Apr/2015 10:40:01] {vpnclient} Client[79.240.198.68:57032](76): sending OK message
[23/Apr/2015 10:40:02] {vpnclient} Client[79.240.198.68:57032](76): received complete command
[23/Apr/2015 10:40:02] {vpnclient} Client[79.240.198.68:57032](76): received PASSWD message
[23/Apr/2015 10:40:02] {auth} Krb5: entering auth (user: Claus<_at_>EXACT.ZZ)
[23/Apr/2015 10:40:03] {auth} Krb5: get_init_creds_password(krbtgt/EXACT.ZZ@EXACT.ZZ, Claus<_at_>EXACT.ZZ): Preauthentication failed, error code 0x96c73a18 (-1765328360)
[23/Apr/2015 10:40:03] {auth} Krb5: get_init_creds_password(krbtgt/EXACT.ZZ@EXACT.ZZ, Claus<_at_>EXACT.ZZ): Preauthentication failed, error code 0x96c73a18 (-1765328360)
[23/Apr/2015 10:40:04] {vpnclient} Client[79.240.198.68:57032](76): unable to authenticate user 'claus' - authentication failed.
[23/Apr/2015 10:40:04] {vpnclient} Client[79.240.198.68:57032](76): sending ERR message, error code = 0
[23/Apr/2015 10:15:29] Authentication: VPN Client: Client: 79.240.198.68: Invalid password for NT/Kerberos user Claus
[23/Apr/2015 10:19:00] Authentication: VPN Client: Client: 79.240.198.68: Invalid password for NT/Kerberos user Claus
[23/Apr/2015 10:23:52] Authentication: VPN Client: Client: 79.240.198.68: Invalid password for NT/Kerberos user Claus

any suggestions ??
  •  
Brian (GFI/Kerio)

Messages: 742
Karma: 71
Send a private message to this user
It may be caused by certain characters in the password (as indicated here http://forums.kerio.com/t/22641/modify-ad-password-in-kerio- connect).
Otherwise you can reserve the device's MAC address to the user so they would not need to authenticate.
http://kb.kerio.com/product/kerio-control/server-configurati on-kerio-control/configuring-automatic-user-login-1569.html

Brian Carmichael
Instructional Content Architect
  •  
robert.lesch

Messages: 6
Karma: 1
Send a private message to this user
Sorry but I have forgotten to say it is the authentication from VPN-Client
not the internal authentication.
  •  
Brian (GFI/Kerio)

Messages: 742
Karma: 71
Send a private message to this user
It looks like resetting their password in Active Directory should fix this issue (based on some Google searches).

Brian Carmichael
Instructional Content Architect
  •  
robert.lesch

Messages: 6
Karma: 1
Send a private message to this user
Thanks a lot resetting the user Password solved the Problem.
But one question is left, the local user on the control box had
the same Password as the user in the AD and that worked!
Previous Topic: Peer ID is ID_IPV4_ADDR:
Next Topic: Transfer user statistics
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Sep 25 02:55:10 CEST 2017

Total time taken to generate the page: 0.00442 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.