Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Active Directory Auth seems not to work (Authentication against Active Directory with diffrent domain name does not work.)
  •  
roli8200

Messages: 2
Karma: 0
Send a private message to this user
Hello

We have installed our First Kerio Connect 9.2.x (first customer project to see if this product fits customers need in daily business) on Windows Server 2012R2
But after all reading (connect manual, forum topics, howto about user mapping, googling) authentication for AD imported users does not work.

Windows AD Domain is dowa.local.
Kerio is installed to serve the mail domain pneu-ebneter.ch.
I configured AD Directory Service as in screenshot 1.
Test Connection to AD is successful.
But logon is not possible. In Security I only get the following error: External authentication service rejected due to invalid password for authentication restriction.

Authenticated bind with an external LDAP tool and this user worked without problems (AD username: user<_at_>ad-domain as well as DN CN=username,OU=Users,DC=...)

Something seems to be wrong with Kerio connect, since it seems that I could exclude all other sources of error.

Is there a possibilit to increase the debug level of Kerio to see what it really sends to AD?

  • Attachment: Kerio1.png
    (Size: 31.33KB, Downloaded 23 times)
  •  
Brian (GFI/Kerio)

Messages: 761
Karma: 75
Send a private message to this user
Make sure that in the Advanced tab you have defined your Kerberos realm (should match your AD domain name).
Kerio Connect takes the user's credentials and attempts to authenticate against the DC. This means that the system where Kerio Connect resides needs to have permission to authenticate on behalf of those users.
For more logging you can right click inside the debug log window and choose messages. Enable the 'user authentication' option.

Brian Carmichael
Instructional Content Architect
  •  
roli8200

Messages: 2
Karma: 0
Send a private message to this user
Thanks for Your Answer.

I tried this with the AD Kerberos realm already, sadley, it didn't help in the first time.
After many other tries, I tried to restart Kerio Connect after made this setting.

It turns out, Kerio seems to need restarted after "Domain Join" in order to get it work.
Should be written in the manual.
It works now.

Previous Topic: Outlook 2016 and Kerio Offline Connector
Next Topic: Offline Connector and VPN
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Oct 17 07:42:17 CEST 2017

Total time taken to generate the page: 0.00426 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.