Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » AD Sync

Messages: 14
Karma: 0
Send a private message to this user
hi folks,

I have been playing around with KMS 6.0.10 and so far I am very impressed with the usability factor. Anyways a question in regards to the computer where KMS is installed.

<Start of Explaination>
I have a snapgear SG575 where the DMZ has port forwarding of LDAP and kerberos 88 and 464 to the LAN Windows 2003 DC. Since i am only forwarding these ports and nothing else...initially I could import users but they weren't getting authenticated using Kerb 5. Then I unplugged the computer from the DMZ to the LAN (obviously changed ip addr etc) and made it a member of the domain and then plugged it back into the DMZ(reverted back to class A /30 network). now the authentication happens no probs as the host machine where KMS is installed is part of the domain.) I did it this way as I didn't want to defeat the purpose of the DMZ. the domain for the mail is still "localhost" for testing purposes before I do live trails...
</end of explaination>

Now the question I have is would the host where KMS is installed lose its trust if it doesn't communicate with the DC in the LAN as there are no other ports forwarded.. would this happen in in a couple of weeks , months??? As all is fine now but I don't want any surprises when 1 or 2 months down the line the users that use Kerberos 5 authentication can't login anymore as the PC has communicated with the DC in such a long time. or does initial forwarding I am doing be enough???

I hope someone can shed some light into this. if something isn't clear I try to explain again...

Cheers ALL.

Messages: 852
Karma: 1
Send a private message to this user

I think you need to get the AD comms working to the DMZ.

I have done this before and from what I can remember the computer account loses sync (might be 30days or 90days) and so does not have the right to access the DC anymore.

Be very careful

Messages: 14
Karma: 0
Send a private message to this user
thanks for the reply...
which ports are required for AD sync... am not to sure about this??

Previous Topic: Webmail & Firefox: attached MS Office get corrupted...
Next Topic: HTTP access
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 07:53:44 CET 2017

Total time taken to generate the page: 0.00436 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.