Mailing List CGatePro@mail.stalker.com Message #92294
From: <alexandergv@esvc.co.cu>
Subject: Re: Kerberos - Working!!
Date: Wed, 22 Aug 2007 12:17:03 -0500
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: Microsoft Outlook Express 6.00.3790.1830
Good Luck!  Andy...
The second part of the Book is open Webmail, SIP clients as Windows Messenger, and maybe on the future Pronto! if can.
Try!


----- Original Message ----- From: "Andy Kunkle" <akunkle@aimengr.com>
To: "CommuniGate Pro Discussions" <CGatePro@mail.stalker.com>
Sent: Wednesday, August 22, 2007 11:03 AM
Subject: Re: Kerberos - Working!!


Ok, so in case anyone is interested, or was having the same problems I was
with getting Kerberos to work, here's the solution:

I had to go through every combination of ptypes and crypto's and
-TrustEncryp to get it to work.

The key was to run kerbtray from your AD machine. This gives you a clue as
to what kind of encryption it is expecting. If you run that command (Start  >
Run > kerbtray), and then open the Tray Icon it creates, you'll see a tab
for "Encryption Types". On the server that was working, it says etype 0, but
on my production AD server it says RSADSI RC4-HMAC. So this means it's
looking for a HMAC key. Then the money shot if you will was the following
line:

ktpass -princ imap/mail.server.com@SERVER.COM -mapuser cgatepro@server.com
-pass xxxx -out imapadc.data -crypto RC4-HMAC-NT -ptype KRB5_NT_SRV_HST
-TrustEncryp RC4

Once that was run, I was able to launch Outlook and it logged me in using
Kerberos.

Now I just have to figure out how to get the webmail to work in the same, or
similar fashion...

Hope this helps.

Andy Kunkle
IT Administrator
AIM Engineering & Surveying, Inc.
5300 Lee Blvd
Lehigh Acres, FL 33971
239-332-4569


-----Original Message-----
From: CommuniGate Pro Discussions [mailto:CGatePro@mail.stalker.com] On
Behalf Of Andy Kunkle
Sent: Tuesday, August 21, 2007 9:30 AM
To: CommuniGate Pro Discussions
Subject: Kerberos - Again!!

Hey Guys (and Tech support??)

I'm back trying to get Kerberos working on my existing Windows 2003 AD
server and I cannot get it working. If you recall, I was able to get
Kerberos to function when I installed a new Win2k3 server and set
things up.
My question is, what's the difference?

Below is the log I get when I try to log in. I set everything up the
same
exact way that I did on the test machine but it won't work.

Help!!!!

Andy


09:23:24.320 5 IMAP-000001([192.168.0.132]) out: * OK CommuniGate Pro
IMAP
Server 5.1.11 at mail.aimengr.com ready\r\n
09:23:24.320 5 IMAP-000001([192.168.0.132]) inp: 00000001 STARTTLS
09:23:24.320 5 IMAP-000001([192.168.0.132]) out: 00000001 OK begin TLS
negotiation\r\n
09:23:24.329 5 IMAP-000001([192.168.0.132]) TLS inp 22: (65) 01 00 00
3D 03
01 46 CA E7 88 75 8C 62 7A 26 40 92 21 4B 56 DD 63 05 75 60 BD 0C 65 40
DB
B1 96 38 0A 74 42 D2 85 00 00 16 00 04 00 05 00 0A 00 09 00 64 00 62 00
03
00 06 00 13 00 12 00 63 01 00

09:23:24.329 4 IMAP-000001([192.168.0.132]) TLSv1 client hello:
method=RC4_MD5, residual=0, session=3 < 00 00 00 03 46 CA E7 4C 87 5B
37 79
38 52 A9 5C D0 F8 30 EB 47 9D 0C D0 0C 1E CF EF ED 4E 88 66>
09:23:24.329 4 IMAP-000001([192.168.0.132]) TLS handshake: sending
'server_hello'
09:23:24.329 5 IMAP-000001([192.168.0.132]) TLS out 22: (74) 02 00 00
46 03
01 46 B2 E7 4C 30 30 30 30 A5 BA BE 51 11 11 11 91 CD BA BE 51 11 11 11
8A
D2 D6 8E 11 D2 C6 47 44 20 00 00 00 03 46 CA E7 4C 87 5B 37 79 38 52 A9
5C
D0 F8 30 EB 47 9D 0C D0 0C 1E CF EF ED 4E 88 66 00 04 00
09:23:24.329 4 IMAP-000001([192.168.0.132]) TLS handshake: sending the
certificate
09:23:24.329 5 IMAP-000001([192.168.0.132]) TLS out 22: (559) 0B 00 02
2B 00
02 28 00 02 25 30 82 02 21 30 82 01 CB 02 02 1E 61 30 0D 06 09 2A 86 48
86
F7 0D 01 01 04 05 00 30 81 B0 31 22 30 20 06 03 55 04 0A 13 19 43 6F 6D
6D
75 6E 69 47 61 74 65 20 53 79 73 74 65 6D 73 2C 20 49 6E 63 2E 31 0B 30
09:23:24.329 4 IMAP-000001([192.168.0.132]) TLS handshake: sending
'hello_done'
09:23:24.329 5 IMAP-000001([192.168.0.132]) TLS out 22: (4) 0E 00 00 00
09:23:24.471 5 IMAP-000001([192.168.0.132]) TLS inp 22: (70) 10 00 00
42 00
40 AD 44 D3 CA 24 D9 77 FA 7E 61 B8 6B EA C1 57 67 4C D2 C0 B1 F6 E6 B3
BF
B2 A4 22 CF 7A CA BD 90 AE 9C 7F C2 AB B8 F1 6B D2 E7 39 AB FC D8 B3 25
AE
36 15 AA 62 84 A3 BE BE 30 83 F3 F8 38 15 FC
09:23:24.472 4 IMAP-000001([192.168.0.132]) TLS client key exchange
processed
09:23:24.472 4 IMAP-000001([192.168.0.132]) security initiated
09:23:24.472 5 IMAP-000001([192.168.0.132]) TLS inp 20: (1) 01
09:23:24.472 4 IMAP-000001([192.168.0.132]) TLS 'change cipher'
processed
09:23:24.472 4 IMAP-000001([192.168.0.132]) TLS 'change cipher' sending
09:23:24.472 5 IMAP-000001([192.168.0.132]) TLS out 20: (1) 01
09:23:24.472 5 IMAP-000001([192.168.0.132]) TLS inp 22: (32) FF 2A 6C
FE 0C
DB 7D 56 9F C5 F0 45 5A DE 16 29 6D C6 E1 48 6B 4F 0F 96 A2 0E 08 4D 5F
AD
E6 0C
09:23:24.472 4 IMAP-000001([192.168.0.132]) TLS 'finish handshake'
processed
09:23:24.472 4 IMAP-000001([192.168.0.132]) TLS handshake: sending
'finished'
09:23:24.472 5 IMAP-000001([192.168.0.132]) TLS out 22: (32) 8E 15 3E
7E C3
E2 FD 93 53 4B 7D 9A 29 E5 60 CB C6 EA 18 AB 88 09 A0 4F 6B 35 63 96 A3
41
1A F2
09:23:24.472 4 IMAP-000001([192.168.0.132]) TLS(RC4_MD5) connection
accepted
for 'mail.aimengr.com', session 3
09:23:24.743 5 IMAP-000001([192.168.0.132]) TLS inp 23: (1791) 00 6B 7E
DC
2C C9 5D C9 6F B2 4F 75 3C 4E 1C E7 9C 8F 72 6A 7A A1 0D 5A 3A 55 10 86
B4
E5 C3 BE 69 71 90 68 91 B6 10 0A 0E 11 EC 2F 7B 8D 9F 49 B3 CE 77 5A B3
2E
5E E5 5F 1D 32 27 84 D6 29 24 00 98 85 85 74 D1 B1 77 92 84 51 13 21 81
C5
09:23:24.744 5 IMAP-000001([192.168.0.132]) inp: 00000002 AUTHENTICATE
GSSAPI
YIIFGAYJKoZIhvcSAQICAQBuggUHMIIFA6ADAgEFoQMCAQ6iBwMFACAAAACjggQzYYIELzC
CBCug
AwIBBaENGwtBSU1FTkdSLkNPTaIjMCGgAwIBAqEaMBgbBGltYXAbEG1haWwuYWltZW5nci5
jb22j
ggPuMIID6qADAgEDoQMCAQKiggPcBIID2ByQ3NuBV+tBj6mzg0zfoguf49eDQirC124mWF
09:23:24.744 5 IMAP-000001([192.168.0.132]) SASL(GSSAPI) ini: 60 82 05
18 06
09 2A 86 48 86 F7 12 01 02 02 01 00 6E 82 05 07 30 82 05 03 A0 03 02 01
05
A1 03 02 01 0E A2 07 03 05 00 20 00 00 00 A3 82 04 33 61 82 04 2F 30 82
04
2B A0 03 02 01 05 A1 0D 1B 0B 41 49 4D 45 4E 47 52 2E 43 4F 4D A2 23 30
09:23:24.744 5 IMAP-000001([192.168.0.132]) s-out: 00000002 NO
Kerberos:
failed to verify data integrity\r\n
09:23:24.744 5 IMAP-000001([192.168.0.132]) TLS out 23: (71) 13 FC 08
04 74
C0 0A E5 6D 5F 16 84 7F 10 9B 54 3D 05 6D 6B 88 6B 09 1E CF E1 2B 33 26
80
C0 05 9D 92 5D 70 23 C4 9F C4 15 D0 40 57 7F C8 59 2D F8 FE D6 7D 35 37
52
F3 4B DE 03 2D 96 DD F1 D1 10 2C 1C A1 C0 96 27
09:23:24.744 3 IMAP-000001([192.168.0.132]) read failed. Error
Code=connection closed by peer

Andy Kunkle
IT Administrator
AIM Engineering & Surveying, Inc.
5300 Lee Blvd
Lehigh Acres, FL 33971
239-332-4569




#############################################################
This message is sent to you because you are subscribed to
  the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-
digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-
index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>



#############################################################
This message is sent to you because you are subscribed to
 the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster