| Active Directory Auth seems not to work [message #136439] |
Thu, 10 August 2017 16:51  |
roli8200
Messages: 4
Registered: August 2017
Location: Kreuzlingen
|
|
|
|
Hello
We have installed our First Kerio Connect 9.2.x (first customer project to see if this product fits customers need in daily business) on Windows Server 2012R2
But after all reading (connect manual, forum topics, howto about user mapping, googling) authentication for AD imported users does not work.
Windows AD Domain is dowa.local.
Kerio is installed to serve the mail domain pneu-ebneter.ch.
I configured AD Directory Service as in screenshot 1.
Test Connection to AD is successful.
But logon is not possible. In Security I only get the following error: External authentication service rejected due to invalid password for authentication restriction.
Authenticated bind with an external LDAP tool and this user worked without problems (AD username: user<_at_>ad-domain as well as DN CN=username,OU=Users,DC=...)
Something seems to be wrong with Kerio connect, since it seems that I could exclude all other sources of error.
Is there a possibilit to increase the debug level of Kerio to see what it really sends to AD?
-
Attachment: Kerio1.png
(Size: 31.33KB, Downloaded 959 times)
|
|
|
|
|
|
| Re: Active Directory Auth seems not to work [message #136448 is a reply to message #136445] |
Fri, 11 August 2017 07:59  |
roli8200
Messages: 4
Registered: August 2017
Location: Kreuzlingen
|
|
|
|
Thanks for Your Answer.
I tried this with the AD Kerberos realm already, sadley, it didn't help in the first time.
After many other tries, I tried to restart Kerio Connect after made this setting.
It turns out, Kerio seems to need restarted after "Domain Join" in order to get it work.
Should be written in the manual.
It works now.
|
|
|
|
|
|
| Re: Active Directory Auth seems not to work [message #144519 is a reply to message #136448] |
Thu, 29 November 2018 17:13 |
Maerad
Messages: 275
Registered: August 2013
|
|
|
|
roli8200 wrote on Fri, 11 August 2017 07:59Thanks for Your Answer.
I tried this with the AD Kerberos realm already, sadley, it didn't help in the first time.
After many other tries, I tried to restart Kerio Connect after made this setting.
It turns out, Kerio seems to need restarted after "Domain Join" in order to get it work.
Should be written in the manual.
It works now.
I dunno what you did, but it actually works without a reboot. If you added the server itself to the AD / domain and didn't restart after, this has nothing to do with kerio. That is an expected behavior.
Also 2 things - first please use a special account for Kerio with limited write/read rights for the ad, not the admin account (also any password change would fuck kerio up). And enable secure LDAPS connection. Even if it's intern, the AD connection should be secured at all times 
|
|
|
|
Members
Search
Help
Register
Login
Home
