Overview
Kerberos authentication is not working and Kerio Connect users are unable to authenticate their accounts.
The security log shows the following errors:
[25/Aug/2019 01:32:02] HTTP/CardDav: Authentication failed for user username1@domain.com. Attempt from IP address x.x.x.x. External authentication service rejected authentication due to invalid password or authentication restriction.
[25/Aug/2019 01:32:17] HTTP/CardDav: Authentication failed for user username2@domain.com. Attempt from IP address x.x.x.x. External authentication service rejected authentication due to invalid password or authentication restriction.
This article provides the steps to establish a proper Kerberos connection and a reference document to the Kerberos login tags.
Prerequisites
- Kerio Connect installed on CentOS.
- Join Active Directory using Kerberos.
- Access to both Kerio Connect Webadmin and server.
Process
- Follow the article Configuring krb5.conf File on Linux to establish the Kerberos connection properly.
- Add the following lines to your krb5.conf file:
[login]
krb4_convert = true
krb4_get_tickets = false
An example of a modified file is below:
NOTE: Please check the Kerberos V5 System Administration Guide for more detailed information about the [login]
section.
Confirmation
Kerio Connect users can now access their accounts. Security log does not show any entries about external authentication service rejection.