Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Authenticate users to AD from DMZ
  •  
JK

Messages: 2
Karma: 0
Send a private message to this user
Hi,
I am trying to authenticate users from Kerio Connect placed in an DMZ to a AD server in LAN. The Kerio server is not a domain member, because I don't want to open all the ports from DMZ to LAN, only the ports necessary for Kerberos and LDAP. The authentication always fails, is this configuration supported?
Thanks

Jan

[Updated on: Mon, 04 April 2016 13:28]

  •  
Spacey

Messages: 156
Karma: -8
Send a private message to this user
Other thing: I'd not put the Kerio Connect in an DMZ - not necessary -> Just open the needed (!) ports from the services page. For example you don't want to show the backend login to the public or unsecure pop/imap/smtp/http submission ports to the public.

That would give you the chance to put the kerio within your LAN and make the whole email system a bit safer. Think of the other open ports from the host OS itself which are open to the public in the DMZ as well - not very nice.
  •  
JK

Messages: 2
Karma: 0
Send a private message to this user
Thanks for the tip, but my DMZ is secured. I only allow HTTPS and SMTP from the Internet to the Kerio server in the DMZ. The DMZ is there only to further protect the LAN, if the mail server gets compromised. That's why I don't want to have the mail server as a member server of AD -> that needs a LOT of ports open from the DMZ to the LAN.
Previous Topic: Sophos AV - why am I paying for this?
Next Topic: High CPU for Kerio Outlook Connector
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Oct 23 19:23:03 CEST 2017

Total time taken to generate the page: 0.00420 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.