We were having some issues trying to get our iChat server to authenticate correctly against Active Directory. The fix was rather easy so I thought I’d share. Our Leopard Server was already joined to our Domain so that’s where iChat users should authenticate. Unfortunately we were getting this login error over and over.

So first thing I did was setup a self signed Certificate for the SSL connections.

Then I found out from Apple that in order to authenticate against AD, you need to edit the following file on your iChat server.

sudo nano /etc/jabberd/c2s.xml

Find the following line of code and comment out the <cram-md5> option as shown.

<traditional>
<!-- <cram-md5> -->
</traditional>

On the client side I checked use SSL but unchecked everything else. Then start up your iChat service telling it to use your SSL Certificate and hopefully you can now authenticate against AD.