GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Control » AD authentication (User can´t authenticate via AD)
AD authentication [message #121091] Tue, 05 May 2015 07:58 Go to next message
robert.lesch is currently offline  robert.lesch
Messages: 6
Registered: January 2014
Hi, I have several users in my Kerio Control Box (31xx) 8.5.2 and they all can authenticate via AD. Only the CEO is unable to athenticate via AD, as an internal user with the same Password everything works fine.

The debug-log Shows:

[23/Apr/2015 10:40:00] {vpnclient} Client[79.240.198.68:57032](76): service thread registered
[23/Apr/2015 10:40:00] {vpnclient} Client[79.240.198.68:57032]: client successfully added into list, assigned id = 76
[23/Apr/2015 10:40:00] {vpnclient} Client[79.240.198.68:57032](76): local TCP address = 212.126.207.36:4090
[23/Apr/2015 10:40:01] {vpnclient} Client[79.240.198.68:57032](76): received complete command
[23/Apr/2015 10:40:01] {vpnclient} Client[79.240.198.68:57032](76): received VERSION message, version = 4
[23/Apr/2015 10:40:01] {vpnclient} Client[79.240.198.68:57032](76): sending VERSION message, version = 4
[23/Apr/2015 10:40:01] {vpnclient} Client[79.240.198.68:57032](76): received complete command
[23/Apr/2015 10:40:01] {vpnclient} Client[79.240.198.68:57032](76): received USER message, user = claus
[23/Apr/2015 10:40:01] {vpnclient} Client[79.240.198.68:57032](76): sending OK message
[23/Apr/2015 10:40:02] {vpnclient} Client[79.240.198.68:57032](76): received complete command
[23/Apr/2015 10:40:02] {vpnclient} Client[79.240.198.68:57032](76): received PASSWD message
[23/Apr/2015 10:40:02] {auth} Krb5: entering auth (user: Claus<_at_>EXACT.ZZ)
[23/Apr/2015 10:40:03] {auth} Krb5: get_init_creds_password(krbtgt/EXACT.ZZ@EXACT.ZZ, Claus<_at_>EXACT.ZZ): Preauthentication failed, error code 0x96c73a18 (-1765328360)
[23/Apr/2015 10:40:03] {auth} Krb5: get_init_creds_password(krbtgt/EXACT.ZZ@EXACT.ZZ, Claus<_at_>EXACT.ZZ): Preauthentication failed, error code 0x96c73a18 (-1765328360)
[23/Apr/2015 10:40:04] {vpnclient} Client[79.240.198.68:57032](76): unable to authenticate user 'claus' - authentication failed.
[23/Apr/2015 10:40:04] {vpnclient} Client[79.240.198.68:57032](76): sending ERR message, error code = 0
[23/Apr/2015 10:15:29] Authentication: VPN Client: Client: 79.240.198.68: Invalid password for NT/Kerberos user Claus
[23/Apr/2015 10:19:00] Authentication: VPN Client: Client: 79.240.198.68: Invalid password for NT/Kerberos user Claus
[23/Apr/2015 10:23:52] Authentication: VPN Client: Client: 79.240.198.68: Invalid password for NT/Kerberos user Claus

any suggestions ??
Re: AD authentication [message #121103 is a reply to message #121091] Tue, 05 May 2015 16:33 Go to previous messageGo to next message
Kerio/GFI Brian is currently offline  Kerio/GFI Brian
Messages: 852
Registered: March 2004
Location: California
It may be caused by certain characters in the password (as indicated here http://forums.kerio.com/t/22641/modify-ad-password-in-kerio- connect).
Otherwise you can reserve the device's MAC address to the user so they would not need to authenticate.
http://kb.kerio.com/product/kerio-control/server-configurati on-kerio-control/configuring-automatic-user-login-1569.html


Brian Carmichael
Instructional Content Architect
Re: AD authentication [message #121105 is a reply to message #121103] Tue, 05 May 2015 16:42 Go to previous messageGo to next message
robert.lesch is currently offline  robert.lesch
Messages: 6
Registered: January 2014
Sorry but I have forgotten to say it is the authentication from VPN-Client
not the internal authentication.
Re: AD authentication [message #121115 is a reply to message #121091] Tue, 05 May 2015 19:00 Go to previous messageGo to next message
Kerio/GFI Brian is currently offline  Kerio/GFI Brian
Messages: 852
Registered: March 2004
Location: California
It looks like resetting their password in Active Directory should fix this issue (based on some Google searches).

Brian Carmichael
Instructional Content Architect
Re: AD authentication [message #121133 is a reply to message #121115] Wed, 06 May 2015 13:41 Go to previous message
robert.lesch is currently offline  robert.lesch
Messages: 6
Registered: January 2014
Thanks a lot resetting the user Password solved the Problem.
But one question is left, the local user on the control box had
the same Password as the user in the AD and that worked!
Previous Topic: Peer ID is ID_IPV4_ADDR:
Next Topic: Transfer user statistics
Goto Forum:
  


Current Time: Fri Sep 29 19:01:30 CEST 2023

Total time taken to generate the page: 0.06753 seconds