GFI Software Aurea SMB Solutions


Home » GFI User Forums » Kerio Connect » Kerio Connect, can't authenticate with windows AD users (Authentication rejected)
Kerio Connect, can't authenticate with windows AD users [message #145711] Sun, 05 May 2019 19:36 Go to next message
clsinformatica is currently offline  clsinformatica
Messages: 1
Registered: May 2019
Hi,
here is my situation:
- Kerio Connect 9.2.9 patch 1 installed on windows server 2019.
- AD and DC running on windows server 2019 with Kerio Active Directory Extension installed.

Kerio Connect succesfully mapped into the AD. In the users field i see all the users in the DC.

When i try to connect via webmail the error is: incorrect username/password.

In the Security Log the error is:
HTTP/WebMail: Authentication failed for user xxx<_at_>domain.com. Attempt from IP address ::1. External authentication service rejected authentication due to invalid password or authentication restriction.

Somebody can help me?
Thanks
Re: Kerio Connect, can't authenticate with windows AD users [message #145811 is a reply to message #145711] Fri, 17 May 2019 22:57 Go to previous messageGo to next message
shufflez is currently offline  shufflez
Messages: 1
Registered: January 2007
Location: Amsterdam, The Netherland...
Having the exact same problem after migrating from (EOL) VMware appliance to Ubuntu 18.04.2 (version 9.2.9p1 on VMware&Ubuntu).
Re: Kerio Connect, can't authenticate with windows AD users [message #145861 is a reply to message #145811] Mon, 27 May 2019 12:22 Go to previous messageGo to next message
Maerad is currently offline  Maerad
Messages: 275
Registered: August 2013

  • Domain > AD > checked if secure connection is enabled? Test connection also works?
  • Is the specified AD User allowed to read the AD? Or even change it, depending on what you want to use?
  • Used the right login? With only one Domain, you can login with username/PW without adding Domain\ etc.
  • Did you create the users in Kerio or used the "activate exsiting user in AD ..."?

Also go to debug in logs and enable auth etc. msgs.

[Updated on: Mon, 27 May 2019 12:23]

Report message to a moderator

Re: Kerio Connect, can't authenticate with windows AD users [message #145919 is a reply to message #145711] Wed, 05 June 2019 14:38 Go to previous messageGo to next message
ITC Solutions GmbH is currently offline  ITC Solutions GmbH
Messages: 14
Registered: August 2015
Location: Geroldswil
hello

i have the same problem. Confused
Re: Kerio Connect, can't authenticate with windows AD users [message #145953 is a reply to message #145919] Thu, 13 June 2019 16:19 Go to previous messageGo to next message
Maerad is currently offline  Maerad
Messages: 275
Registered: August 2013
Yeah. More information would be helpfull...

BTW. I saw something - connection from ::1. You might need to add the local ipv6 address to the IP ranges of kerio (to accept the connection of users in that network)
Re: Kerio Connect, can't authenticate with windows AD users [message #145955 is a reply to message #145711] Thu, 13 June 2019 20:47 Go to previous messageGo to next message
robert.koscak is currently offline  robert.koscak
Messages: 6
Registered: May 2009
Location: Zagreb

I have the same problem on server 2012 R2 and now on server 2016, I reported the error has over a year of support Mad , they did nothing, they just drove me to the circuit now on 2016 and I do not believe it will solve the problem. GFI / Kerio became totally uninterested in its product, error, partners and users. They are in some of their bad movies. Cool
Re: Kerio Connect, can't authenticate with windows AD users [message #145962 is a reply to message #145955] Fri, 14 June 2019 12:30 Go to previous messageGo to next message
ian.bugeja is currently offline  ian.bugeja
Messages: 246
Registered: March 2017
Location: Malta
Hi all

Was the C:\Program Files\Kerio\MailServer\ldapmap\gal_ads.map modified?

Is the domain name identical to the email address domain or is it different?



Ian Bugeja
GFI Software
Re: Kerio Connect, can't authenticate with windows AD users [message #145963 is a reply to message #145955] Fri, 14 June 2019 13:23 Go to previous message
Maerad is currently offline  Maerad
Messages: 275
Registered: August 2013
robert.koscak wrote on Thu, 13 June 2019 20:47
I have the same problem on server 2012 R2 and now on server 2016, I reported the error has over a year of support Mad , they did nothing, they just drove me to the circuit now on 2016 and I do not believe it will solve the problem. GFI / Kerio became totally uninterested in its product, error, partners and users. They are in some of their bad movies. Cool
Yeah... no. The problems lies within your system, not kerio. And yes, I'm sure of it. I'm using here a 2012 AD/DC with kerio on a server 2012 R2. AD works for ANY kind of auth. - no matter if webinterface, outlook, kerio client, active sync etc. for YEARS. I even did a testmigration to 2016 and also had no problems.

And with the amount of information given here, it's IMPOSSIBLE to support anything. The error msg from the OP could also be, that he can't login locally, because ::1 is seen as external connection. Or something else is fucked up. IPV6 turned off? Those are config problems, not program errors or bugs.

Give me more details, like the errors from the AD, the auth debug, AD debug etc. and maybe we can get rid of the error.

Did you ever check the AD user? AD user needs rw access to the user tree, otherwise it wont work. That's also why you should use a secured connection.
Previous Topic: Folders moving ON THEIR OWN -HELP!
Next Topic: Fail2Ban and IPtables
Goto Forum:
  


Current Time: Thu Aug 22 22:30:04 CEST 2019

Total time taken to generate the page: 0.02980 seconds