Administrator's Guide - Kerio Software Archive
Administrator's Guide - Kerio Software Archive Administrator's Guide - Kerio Software Archive
Chapter 24 Kerberos Authenticationfor example:kinit -S host/mail.company.com@COMPANY.COM jsmithIf the query was processed correctly, you will be asked to enter password for the particularuser. Otherwise, an error will be reported.Authentication against Open DirectoryKerio MailServer can either be installed on the server with the Apple Open Directory directoryservice or on another server.If Kerio MailServer is installed on the same server as Open Directory, it is not necessary to performany additional configuration besides installation of the Kerio Open Directory Extensionsinstallation. If it is installed on another computer, external authentication through Kerberosto Open Directory must be set.Kerio MailServer can be installed on servers with Mac OS X 10.3 and higher. The settings aresimilar for both versions. The following description applies to configuration on Mac OS X 10.4,any discrepancies will be mentioned.External authentication is configured with a special application, Directory Access. The applicationcan be found under Applications → Utilities → Directory Access. This applicationis used to create the special edu.mit.Kerberos authentication file which is located under/Library/Preferences. The following settings must be performed to make the authenticationwork properly:1. Start the Directory Access application.2. On the Services tab, check the LDAPv3 item (see figure 24.9).3. On the Services tab, use the mouse pointer to park the DAPv3 item and click on Configure.4. In the next dialog, click New.5. This will open a dialog box where IP address and name of the server can be specified. EnterIP address or DNS name of the server where the Apple Open Directory service is running.Once the server is specified, click on the Manual button (not necessary in the Mac OS X10.3 version) and enter a name in the Configuration name text box (this item is used forreference only).6. Save the configuration and select Open Directory Server in the LDAP Mappings menu.7. Once Open Directory Server is selected, the dialog for specification of the search suffixis opened (Search Base Suffix). The suffix must be entered as shown in the example infigure 24.10:od.company.com → dc=od,dc=company,dc=com276
24.3 Kerio MailServer on Mac OSFigure 24.9Directory Access — checking LDAPThe figure implies that the suffix must be specified as follows: dc=subdomain,dc=domain.Number of subdomains in the suffix must meet the number of subdomains in the server’sname.8. Now, authentication will be set for the Open Directory server. Switch to the Authenticationtab (see figure 24.11).277
- Page 225 and 226: 20.3 Posting rulesFigure 20.4Creati
- Page 227 and 228: 20.4 Moderators and MembersAdd this
- Page 229 and 230: 20.4 Moderators and MembersAdding a
- Page 231 and 232: 20.5 Mailing list archiving2. This
- Page 233 and 234: 20.7 How to use Mailing ListsExampl
- Page 235 and 236: Chapter 21Status InformationKerio M
- Page 237 and 238: 21.2 Message queue processingFrom,
- Page 239 and 240: 21.3 Active ConnectionsActive Conne
- Page 241 and 242: 21.4 Opened FoldersComponentsThree
- Page 243 and 244: 21.5 Traffic ChartsTime rangeIn the
- Page 245 and 246: 21.6 StatisticsRefreshThis button r
- Page 247 and 248: 22.1 Log settingsFigure 22.2Save lo
- Page 249 and 250: 22.1 Log settingsLog debugSelect th
- Page 251 and 252: 22.3 MailAuth_type=’0’, Passwor
- Page 253 and 254: 22.4 SecurityMailing list messagesT
- Page 255 and 256: 22.4 SecurityAntibombingServer over
- Page 257 and 258: 22.8 Debug• From: jsmith@company.
- Page 259 and 260: 22.8 Debug• IMAP Server — commu
- Page 261 and 262: 22.9 Performance Monitor (under Win
- Page 263 and 264: 23.1 Viewing public folders in indi
- Page 265 and 266: 24.1 Kerio MailServer on WindowsFig
- Page 267 and 268: 24.1 Kerio MailServer on WindowsFig
- Page 269 and 270: 24.2 Kerio MailServer on LinuxExamp
- Page 271 and 272: 24.2 Kerio MailServer on Linuxdebug
- Page 273 and 274: 24.3 Kerio MailServer on Mac OSTo e
- Page 275: 24.3 Kerio MailServer on Mac OSFigu
- Page 279 and 280: 24.3 Kerio MailServer on Mac OSFigu
- Page 281 and 282: 24.4 Starting Open Directory and Ke
- Page 283 and 284: 24.4 Starting Open Directory and Ke
- Page 285 and 286: Figure 25.1Setting Windows NT domai
- Page 287 and 288: 25.1 Setting NTLM in MS Outlook ext
- Page 289 and 290: Chapter 26Kerio MailServer Environm
- Page 291 and 292: 26.3 FirewallFrom technical reasons
- Page 293 and 294: Chapter 27Deployment ExamplesThis c
- Page 295 and 296: 27.2 Dial-up Line + Domain Mailboxi
- Page 297 and 298: 27.4 A company with multiple sites5
- Page 299 and 300: 27.4 A company with multiple sitesF
- Page 301 and 302: 27.5 Setting up the backup mail ser
- Page 303 and 304: Chapter 28Troubleshooting in Kerio
- Page 305 and 306: 28.2 Configuration Backup and Trans
- Page 307 and 308: 29.1 Installation of Active Directo
- Page 309 and 310: 29.3 User Account DefinitionFigure
- Page 311 and 312: Chapter 30Kerio Open Directory Exte
- Page 313 and 314: Chapter 31KMS Web AdministrationKMS
- Page 315 and 316: 31.2 Setting access rights to the w
- Page 317 and 318: 31.5 Page headerFigure 31.4Web Admi
- Page 319 and 320: 31.6 Welcome pageLocalizations of K
- Page 321 and 322: 31.7 User accountsFigure 31.8Templa
- Page 323 and 324: 31.7 User accountsFigure 31.10User
- Page 325 and 326: 31.7 User accountsFigure 31.12User
24.3 <strong>Kerio</strong> MailServer on Mac OSFigure 24.9Directory Access — checking LDAPThe figure implies that the suffix must be specified as follows: dc=subdomain,dc=domain.Number of subdomains in the suffix must meet the number of subdomains in the server’sname.8. Now, authentication will be set for the Open Directory server. Switch to the Authenticationtab (see figure 24.11).277