We were having some issues trying to get our iChat server to authenticate correctly against Active Directory. The fix was rather easy so I thought I’d share. Our Leopard Server was already joined to our Domain so that’s where iChat users should authenticate. Unfortunately we were getting this login error over and over.

Picture 3
So first thing I did was setup a self signed Certificate for the SSL connections.

Picture 2

Then I found out from Apple that in order to authenticate against AD, you need to edit the following file on your iChat server.

sudo nano /etc/jabberd/c2s.xml

Find the following line of code and comment out the <cram-md5> option as shown.

<!-- <cram-md5> -->

On the client side I checked use SSL but unchecked everything else. Then start up your iChat service telling it to use your SSL Certificate and hopefully you can now authenticate against AD.

Picture 1