Scalix Forums

Hello Folks,

we have a Scalixserver Ver 11.2 running. Now we want to authentificates our users against AD 2003 using Kerberos V5. Everthing wents fine, but only with new users.

Existing user can't authenicate. When they try to open Outlook - we use XP and 2003 - , appears a window with this message:

Postname des Benutzers ist gesperrt - Anmeldung abgelehnt

in english (sorry for the bad translation)

Username is locked - login denied

If the window is closed, next window requires the AD- password and OL will open. But next time the password is changed, we have the same procedere.

Somebody has an idea whats wrong?

Hi

When you import users from AD via omldapsync their Scalix entry is created with a unique ID, and Scalix atyributes which are the same as created in AD (via your AD foreestprep). Existing Scalix users which were created before your intergration do not have the correct uniqu ID and atributes to authenticate via Kerebos.

If you want to authenticate these users you will have to.
1) Use sxmboxexp to export their mailboxs
2) Delete the user
3) Run omldapsync to recreate the user from AD
4) Use sxmboximp to get the mailbox data back

Mike

Hi Mike,

thank you a lot for your response. We will try your proposal and give you info about success or no success.

Hero

Hi Mike,

we are successfully. There was a mistake in making of the keytab.

Pls. use following line:
ktpass -princ scalix-ual/servername.domain@DOMAIN -mapuser scalix-ual -pass PASSWORD -out home/scalix.keytab /DesOnly /crypto DES-CBC-CRC /ptype KRB5_NT_PRINCIPAL