The Single Sign On (SSO) capability was added in server version 5.5, allowing customers to user their current Active Directory (AD) logins for logging into the K1000 user interface.
Join to the domain failed. Please check the error log
ERROR: Could not authenticate as email@example.com
VAS_ERR_DNS: Unable to discover ANY domain controllers.
KRB5_KDC_UNREACH (-1765328228): Cannot contact any KDC for requested realm
Reason: unable to reach any KDC in realm MYDOMAIN.ORG
The following is a list of ports that need to be open in the firewall from the K1000 to the AD controller.
port 389 (UDP and TCP) - LDAP
port 464 (TCP) - Kerberos Kpasswd
port 88 (UDP and TCP) - Kerberos Traffic
port 3268 (TCP) - Global Catalog
For more information on these ports, please see the below Microsoft Technet article:
For addtional information on troubleshooting SSO, please see the following KB:
For additional information on what ports are required for the K1000, please see the following KB: