Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Active Directory authentication not working
  •  
rbodenstaff

Messages: 3
Karma: 0
Send a private message to this user
Hello,

I followed the manual regarding connecting Kerio to active directory:
ttp://kb.kerio.com/product/kerio-connect/virtual-appliance-l inux/joining-kerio-connect-running-on-linux-to-open-director y-or-active-directory-308.html#packages

I can select the users I want in Kerio and everything seems fine. On the linux machine the following commands return no errors:
kinit username
kinit -S host/mail.company.com<_at_>DC.EXAMPLE.COM

The problem is however that user cannot login user Kerio Connect web client(or any other means). When I enable debug logging for User authentication and LDAP server I get the following error message:
Krb5: init_context(): failed, error code 0x00000016 (22)

Unfortunately I can't find anything about this error message. Logging in via SSH with active directory credentials do succeed and the machine can also be found in the active directory under computers.

Thanks in advance for your help
  •  
Think Fixed

Messages: 463

Karma: 28
Send a private message to this user
Have you tried to join Kerio Connect to AD using the Kerio web admin in the Domains section? When you double-click your domain, there is a Directory Service tab. This is what I have always used to join Kerio Connect to AD or OD.

Howie Isaacks
Systems Engineer | Apple Solutions Consultant
Think Fixed LLC, Dallas and Fort Worth

www.thinkfixed.com
  •  
rbodenstaff

Messages: 3
Karma: 0
Send a private message to this user
Hello,

I forgot to mention but I also followed the link below(can't post links so you need to add the h in front):
ttp://kb.kerio.com/product/kerio-connect/server-configuratio n/ldap-and-directory-services/connecting-kerio-connect-to-di rectory-service-1130.html#sect-mad

I can already load the user from my AD but when I try to login with one of them I can't. Then I get the message in the log saying:
Krb5: init_context(): failed, error code 0x00000016 (22)
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
rbodenstaff wrote on Mon, 01 February 2016 10:15
Hello,

I forgot to mention but I also followed the link below(can't post links so you need to add the h in front):
ttp://kb.kerio.com/product/kerio-connect/server-configuratio n/ldap-and-directory-services/connecting-kerio-connect-to-di rectory-service-1130.html#sect-mad

I can already load the user from my AD but when I try to login with one of them I can't. Then I get the message in the log saying:
Krb5: init_context(): failed, error code 0x00000016 (22)


Please double check content of /etc/krb5.conf file (following that KB article). Also make sure that no other config files are used (eg. /etc/krb5.keytab etc.).
  •  
rbodenstaff

Messages: 3
Karma: 0
Send a private message to this user
Hello Pavel,

Correct that was the issue thanks for you responds!
  •  
giocal

Messages: 9
Karma: 0
Send a private message to this user
Hi, I have the same situation.
How do you solved that?
Previous Topic: Antivirus Module: SSL certificate problem
Next Topic: Huge CPU use after Update to 9.1.1
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Jul 23 02:43:57 CEST 2017

Total time taken to generate the page: 0.00447 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.