Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » I JUSTA CANT GET IT TO WORK
  •  
rjamesm

Messages: 1
Karma: 0
Send a private message to this user
I HAVE BEEN READING OVER AND OVER THE ONLINE MANUAL AND THE STEP BY STEP GUIDE FOR INSTALL AND I CANT GET IT TO WORK.

SIMPLE AS THIS I HAVE 2 NIC.

NIC 1> ADSL INTERNET WITH PUBLIC IP

NIC 2> PRIVATE IP 192.168.1.1
SUB NET: 225.225.225.0
D/GATEWAY: NONE
DNS: 192.168.1.2

I HAVE SET THE WINROUTE FIREWALL 6 AS THE MANUAL SAIDS AND I CANT GET A SINGLE CLIENT TO ACCESS THE INTERNET.
WHATS GOING ON HERE PLEASE HELP
  •  
yemendomain

Messages: 3

Karma: 0
Send a private message to this user
what about your trafic policy?
have you allowed authentication ( i like this because it allows me to know if i can reach the kerio server or not) getting the connection or not is another issue. but forcing authentication allows the admin to know if he is reachable to the kerio winroute firewall. once this step is achived you can wonder why you are not connected


yours....!
  •  
ebatte

Messages: 175
Karma: 0
Send a private message to this user
I'm having a similar issue and I'm not sure what you mean when you ask, "have you allowed authentication?" What traffic policy should actually be in place?

1. I have AD auth enabled and the correct domain etc. entered.
2. The KWF box is a member of the domain
3. KWF service is set to run with specific user credentials

The error that appears in the debug log is:
{auth} authenticating user [USERNAME], error: Logon failure: the user has not been granted the requested logon type at this computer., code: c000015b, 0

If I set user options to assume user at a specific IP then the client can access the firewall. The user is logged into the domain on the client computer, but the browser does not authenticate with AD via KWF.

[Updated on: Thu, 21 September 2006 18:34]

  •  
Kerio_ktrumbull

Messages: 597
Karma: 2
Send a private message to this user
ebatte wrote on Thu, 21 September 2006 09:32


The error that appears in the debug log is:
{auth} authenticating user [USERNAME], error: Logon failure: the user has not been granted the requested logon type at this computer., code: c000015b, 0

If I recall correctly, I believe that error message indicates that the KWF machine is not properly joined to the AD domain. Or maybe it means that the client machine is not properly joined to the domain.

Kevin Trumbull
Kerio Technical Support Team Leader
http://support.kerio.com
  •  
ebatte

Messages: 175
Karma: 0
Send a private message to this user
That's what I thought, yet both appear to be joined properly.

Do you know how else I should go about confirming proper joining of the domain?
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
I looks like you have a DNS server inside the LAN (192.168.1.2). The other client in the LAN have most likely the same DNS server specified. Make sure the DNS server on 192.168.1.2 can access the DNS servers of your provider.

name: DNS
source: 192.168.1.2
dest: internet
service: DNS
translation: NAT default outgoing.

This way a url can be resolved to an ip addess and ie can get the page.
  •  
ebatte

Messages: 175
Karma: 0
Send a private message to this user
Is that a response to me or the other guy?

All clients (including my DNS server) can resolve HTTP requests properly, but only if the IP is entered manually on the user dialog in KWF. I already have a default NAT outgoing poicy as you described above.

Still don't know what "allowed for authentication" means.

[Updated on: Thu, 21 September 2006 19:47]

  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Call me crazy and perhaps I misunderstand, but if you're entering IP addresses directly there's no need for any DNS resolving so sure, that works.
  •  
ebatte

Messages: 175
Karma: 0
Send a private message to this user
Here is the resolution:

Problem #1: The local security policy on the KWF box was not allowing all users to have the right to "access this computer from the network". this policy must be enabled for all users who are trying to authenticate against the AD server, which is actually another box.

Problem #2: in Advance Options->Web Interface/SSL-VPN the http interface was unchecked. I spoke with Kerio support and they said that if the web interface was not enabled then KWF could not present login forms, access denied forms, etc.

Once I set the XP local security policy correctly AND enabled the web interface in KWF everything was back to normal.

I hope this information is helpful to others who might experience similar issues.

Eric
  •  
yemendomain

Messages: 3

Karma: 0
Send a private message to this user
i meant by are the users getting authenticated is the following:

do you know that yo can call all your domain users to get stored in the kerio user data base with same names and passwords. so authentication happens from the kerio server not active directory server. you can also set up automatic updates for those users so when a user name is changed or password it is automatically changed in the kerio database.

how

got users and groups--->users
configure te authentication options tab and the active directory tab. once all info is filled up users can get authenticated with the same username and password used to login into the domain.


cheers...
Previous Topic: Antispyware at the Gateway
Next Topic: PPPoE & sat connections via KWF
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Nov 23 17:41:48 CET 2017

Total time taken to generate the page: 0.00455 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.