Page 1 of 1
Scalix and Active Directory (Win2003) for authentication
Posted: Mon Feb 26, 2007 1:11 pm
by asd_itops
I have a fresh install of Scalix 11.0.1, and on its own it is working fine. However, trying to configure AD for authentication (don't want to synch because of dirty AD structure with non-user accounts intermixed) is not working. I have followed the directions for Kerberos, without SSO... but no luck. No errors that I can find either? Please help?
Scalix 11.0.1
RHEL 4
Confirmed connectivity between Scalix and Windows Servers
Only on screen (WEBMAIL) error is invalid password generic
Update
Posted: Mon Feb 26, 2007 1:26 pm
by asd_itops
I also wanted to let you know that testing via kinit shows successful authentication
RESOLVED
Posted: Mon Feb 26, 2007 2:18 pm
by asd_itops
See FAQ's for Scalix 11:
SWA uses SMTP authentication
SWA now authenticates with the SMTP Relay. If you are using external authentication such as OpenLDAP or Active Directory, you will need to make sure that the changes you made to /var/opt/scalix/NN/s/sys/pam.d/ual.remote is also applied to /var/opt/scalix/NN/s/sys/pam.d/smtpd.auth and the SMTP Relay is restarted.
If this is not configured, you may find that users are unable to send messages using SWA.
Thanks.... left the post up and the resolution in case anyone else runs across this...
Posted: Wed Feb 28, 2007 5:46 am
by Valerion
Glad you got it sorted out.
As an aside, for other people doing troubleshooting, is to use sxpamauth. Create a file in ~/sys/pam.d called pamcheck, containing your rules (copy ual.remote to this file). Right at the top add
auth required om_debug
then run
sxpamauth "User Name"
I managed to trace a Kerberos authentication failure to a clock skew issue this way. Useful if you're not sure where the exact problem is.