Scalix Forums

Skip to content

AD authentication against primary and secondary server

Discuss the Scalix Server software

Moderators: ScalixSupport, admin

Post Reply
bbryan
Posts: 43
Joined: Thu Aug 23, 2007 5:47 pm
Location: California

AD authentication against primary and secondary server

Postby bbryan » Wed Jan 16, 2008 3:55 pm

We are currently authenticating against our primary AD server. I want to set scalix to authenticate against both the primary and secondary in case one goes down. Has anyone done this? Is it simply a matter of generating the keytab for the secondary server and running ommergekeys and omkrbconf again?

Thanks.
Ben
Top
Valerion
Scalix Star
Scalix Star
Posts: 2730
Joined: Thu Feb 26, 2004 7:40 am
Location: Johannesburg, South Africa
Contact:
Contact Valerion

Postby Valerion » Thu Jan 17, 2008 3:37 am

From what I could see from traffic a DNS lookup gets done for the KDC even when one is specified in krb5.conf. So I think it will fall back automatically. But I am not 100% sure - you will have to test this, maybe.
Top
bbryan
Posts: 43
Joined: Thu Aug 23, 2007 5:47 pm
Location: California

Postby bbryan » Thu Jan 17, 2008 1:45 pm

We recently took the primary AD server down for maintenance and everyone lost email until we were able to bring it back up because they couldn't authenticate.

By primary and secondary AD servers I mean we have one at server1.domain.local and another at server2.domain.local. I want to configure Scalix to fall back to server2 if server1 is down.

Thanks.
Top
Valerion
Scalix Star
Scalix Star
Posts: 2730
Joined: Thu Feb 26, 2004 7:40 am
Location: Johannesburg, South Africa
Contact:
Contact Valerion

Postby Valerion » Mon Jan 21, 2008 3:18 am

Mmm ... in that case I can't help you. Maybe someone else with more AD experience can comment on this? Alternatively you will have to ask Scalix Support for a solution.
Top
mhoroschun
Posts: 46
Joined: Wed Jun 14, 2006 7:45 am

Postby mhoroschun » Mon Jan 21, 2008 5:48 am

bbryan wrote:We recently took the primary AD server down for maintenance and everyone lost email until we were able to bring it back up because they couldn't authenticate.

By primary and secondary AD servers I mean we have one at server1.domain.local and another at server2.domain.local. I want to configure Scalix to fall back to server2 if server1 is down.

Thanks.


Do you have both KDC's specified in /etc/krb5.conf? I'm pretty confident that that is all that is required. e.g.

Code: Select all

[libdefaults]
  default_realm = DOMAIN.LOCAL

[realms]
 DOMAIN.LOCAL = {
  kdc = server2.domain.local:88
  kdc = server1.domain.local:88
  admin_server = server2.domain.local:749
  default_domain = domain.local
 }
Top
lordzik

Postby lordzik » Thu Jan 24, 2008 8:59 am

Hi,
could you please point me to documents you've used to configure authentication against AD?

Thanx in advance.
Top
bbryan
Posts: 43
Joined: Thu Aug 23, 2007 5:47 pm
Location: California

Postby bbryan » Thu Jan 24, 2008 5:38 pm

lordzik wrote:Hi,
could you please point me to documents you've used to configure authentication against AD?

Thanx in advance.


Scalix Setup Guide, look under Authentication.
Top
lordzik

Postby lordzik » Fri Jan 25, 2008 5:15 am

Thank you - i've already found it and integrated Scalix with AD.

There's also great video tutorial:
http://www.netometer.com/video/indexkey ... /index.php
Top
Post Reply

Return to “Scalix Server”



Who is online

Users browsing this forum: No registered users and 6 guests

Powered by phpBB® Forum Software © phpBB Limited
 

 

cron