Hello everybody,
i've done configuration like the "Scalix Server Setup & Configuration Guide" tells us. Without success. So I have read every thread in this forum today, with has the keywords shown in Subject or something near by.
What we have:
Scalix 11.3 Standard Edition with License
AD on 2 Windows 2003 R2 Servers and some Member-Servers + 40 Clients
Scalix is installed on FC7 i386. Everything works fine, syncing with AD is no problem, but authenticating against the AD is my last problem before migrating to fully to scalix.
The ktpass key is done with:
Code: Select all
C:\Program Files\Support Tools>ktpass -princ scalix-ual/srv-vm-mail.ratingen.hanshennig.de@RATINGEN.HANSHENNIG.DE -mapuser scalix-ual-srv-vm-mail -pass ******* -out scalix-ual-srv-vm-mail.keytab -kvno 3 /DesOnly /crypto DES-CBC-CRC /ptype KRB5_NT_PRINCIPALand copied via ssh to the Scalix-Machine. ommergekeys is done succesfully. ktutil shows:
Code: Select all
[root@srv-vm-mail ~]# ktutil
ktutil: rkt /etc/krb5.keytab
ktutil: l
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 3 scalix-ual/srv-vm-mail.ratingen.hanshennig.de@RATINGEN.HANSHENNIG.DE
ktutil:
kinit works:
Code: Select all
[root@srv-vm-mail ~]# kinit c.lahme@RATINGEN.HANSHENNIG.DE
Password for c.lahme@RATINGEN.HANSHENNIG.DE:
[root@srv-vm-mail ~]#sxpamauth does this:
Code: Select all
[root@srv-vm-mail ~]# sxpamauth c.lahme@RATINGEN.HANSHENNIG.DE
om_debug: authenticate: PAM_USER = "LahmeChristianmailChristian Lahme"
om_debug: authenticate: PAM_AUTHTOK not set
om_krb5 (authenticate):
user_unknown="Please ignore underlying account module"
service="scalix_ual"
om_krb5: authid = "c.lahme@RATINGEN.HANSHENNIG.DE"
Kerberos Password:
om_krb5: service principal: "scalix-ual/srv-vm-mail.ratingen.hanshennig.de"
om_krb5: authentication successful, set PAM_AUTHTOK
om_krb5: Success
om_auth: authenticate:
nullok: no
recordbad: no
om_auth: use existing password
om_auth: save non-empty password in PAM_AUTHTOK
om_auth: bad password count now 1 (not recorded)
om_auth: Authentication failure
om_auth: acct_mgmt
max_age=-1
exclude=<default>
nocheck=<default>
expiry
om_auth: Successual.remote is like this:
Code: Select all
[root@srv-vm-mail pam.d]# cat ual.remote
auth required om_krb5 user_unknown=ignore
auth optional om_auth nullok use_first_pass
account required om_auth
password required om_krb5 user_unknown=ignore
password optional om_authsmtpd.auth, pop3 and omslapdeng have same content because they are only symlinks to ual.remote
When i try to make a new outlook profile, the profile manager prompts to get username & password. If i type my name, login or complete uid (c.lahme@RATINGEN.HANSHENNIG.DE) in, in combination with empty password or even with my AD password, it tells me that the username or password is wrong.
If I'm right, it should not prompt my for any input because i have done the whole SSO-Config yet.
Has anybody any ideas? Please help me get working this.