Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » AD sync - password didnt work
  •  
mikael.lofgren

Messages: 4
Karma: 0
Send a private message to this user
After upgrading to 6.2.1 our clients couldnt login, the
logfile did say wrong password. Kerio is on a Mac, and the
user (LDAP) is from a AD server running Windows 2003.

All the users did show up and Kerio said the connection
to the AD server worked, so we was struggling to get this
to work again, we did downgrade Kerio and the AD plugins,
and still no luck.

But then we find it, and thats what I want to share:
the Kerberos doesnt allow different time from the server to the AD server.
I think its max 5 minutes difference. Somehow they hade gone out of sync.
So we did sync the time and all worked again.

On the Mac we did set the clock to use the AD servers ip number as a timeserver
(NTP-server). Maybe this helps someone!

But it whould be great if Kerio could check this when you
check the connection to the AD-server.
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
mikael.lofgren wrote on Tue, 22 August 2006 14:23


the Kerberos doesnt allow different time from the server to the AD server. I think its max 5 minutes difference.

But it whould be great if Kerio could check this when you
check the connection to the AD-server.



This is normal for Kerberos. The time is checked as part of the security. All member servers and client workstations on a Windows domain should sync the time with the domain controllers, including non-Windows machines that authenticate with Active Directory in any fashion.

Kerio doesn't need to worry about the time. If Kerberos authentication succeeds, the clocks are set right.

Scott
Previous Topic: Entourage Calendar Sharing
Next Topic: Webmail wont start after upgrade to 6.2.1
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 20:48:58 CET 2017

Total time taken to generate the page: 0.00429 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.