| Authenticate users to AD from DMZ [message #128773] |
Mon, 04 April 2016 13:28  |
JK
Messages: 2
Registered: April 2016
|
|
|
|
Hi,
I am trying to authenticate users from Kerio Connect placed in an DMZ to a AD server in LAN. The Kerio server is not a domain member, because I don't want to open all the ports from DMZ to LAN, only the ports necessary for Kerberos and LDAP. The authentication always fails, is this configuration supported?
Thanks
Jan
[Updated on: Mon, 04 April 2016 13:28] Report message to a moderator |
|
|
|
| Re: Authenticate users to AD from DMZ [message #128774 is a reply to message #128773] |
Mon, 04 April 2016 14:51  |
Spacey
Messages: 143
Registered: July 2011
|
|
|
|
Other thing: I'd not put the Kerio Connect in an DMZ - not necessary -> Just open the needed (!) ports from the services page. For example you don't want to show the backend login to the public or unsecure pop/imap/smtp/http submission ports to the public.
That would give you the chance to put the kerio within your LAN and make the whole email system a bit safer. Think of the other open ports from the host OS itself which are open to the public in the DMZ as well - not very nice.
|
|
|
|
| Re: Authenticate users to AD from DMZ [message #128775 is a reply to message #128774] |
Mon, 04 April 2016 15:00 |
JK
Messages: 2
Registered: April 2016
|
|
|
|
|
Thanks for the tip, but my DMZ is secured. I only allow HTTPS and SMTP from the Internet to the Kerio server in the DMZ. The DMZ is there only to further protect the LAN, if the mail server gets compromised. That's why I don't want to have the mail server as a member server of AD -> that needs a LOT of ports open from the DMZ to the LAN.
|
|
|
|
Members
Search
Help
Register
Login
Home
