Kerberos authentication is not working and Kerio Connect users are unable to authenticate their accounts.
The security log shows the following errors:
[25/Aug/2019 01:32:02] HTTP/CardDav: Authentication failed for user firstname.lastname@example.org. Attempt from IP address x.x.x.x. External authentication service rejected authentication due to invalid password or authentication restriction.
[25/Aug/2019 01:32:17] HTTP/CardDav: Authentication failed for user email@example.com. Attempt from IP address x.x.x.x. External authentication service rejected authentication due to invalid password or authentication restriction.
This article provides the steps to establish a proper Kerberos connection and a reference document to the Kerberos login tags.
- Kerio Connect installed on CentOS.
- Join Active Directory using Kerberos.
- Access to both Kerio Connect Webadmin and server.
- Follow the article Configuring krb5.conf File on Linux to establish the Kerberos connection properly.
- Add the following lines to your krb5.conf file:
krb4_convert = true
krb4_get_tickets = false
An example of a modified file is below:
NOTE: Please check the Kerberos V5 System Administration Guide for more detailed information about the
Kerio Connect users can now access their accounts. Security log does not show any entries about external authentication service rejection.