Results 1 to 6 of 6

Thread: AD authentication failing for one account

  1. #1
    KenVM is offline Active Member
    Join Date
    Feb 2007
    Posts
    28
    Rep Power
    8

    Default AD authentication failing for one account

    We have ~ 400 accounts in Zimbra that all authenticate against Active Directory.

    1 new account is unable to authenticate. I can use the AD auth to log into another service (terminal server) but it won't connect to Zimbra. Keeps giving a bad username/password message.

    The only message I can find is from audit.log:

    2008-06-23 10:21:17,275 WARN [http-443-Processor34] [ip=<SNIPPED>;ua=ZimbraWebClient - FF3.0 (Win)/undefined;] security - cmd=Auth; account=ACCOUNTNAME; protocol=soap; error=authentication failed for ACCOUNTNAME;

    I've checked all the settings in Zimbra and Active Directory and I've recreated the account in Zimbra. Recreating the account in Active Directory isn't an option.

    I did find a bug report: Bug 16933 &ndash; AD Authentication Not working for some users

    Which sounds like the same problem I'm having, but I can't find a solution anywhere.

    Any suggestions on fixing this or troubleshooting it further?

    Our version is: Release 4.5.6_GA_1024.RHEL4_20070627170556 RHEL4 NETWORK edition

    Thanks!

  2. #2
    KenVM is offline Active Member
    Join Date
    Feb 2007
    Posts
    28
    Rep Power
    8

    Default

    Just had a second account this morning that stopped working. Nothing has changed on the account since it was working, except possibly a password reset.

    I've tried resetting the password in AD and changing the Zimbra password to match in case it was somehow falling through.

    This account I was able to delete and re-create, which does seem to have fixed the problem. Unfortunately, I can't do that with the other account that I'm having a problem with.

    No one has run into similar problems?

  3. #3
    bdial's Avatar
    bdial is offline Moderator
    Join Date
    Jul 2007
    Location
    Baltimore
    Posts
    1,649
    Rep Power
    11

    Default

    i dont kknow much about windows but is there something you can use to see whats happening on the AD side? Like with openldap you can turn the log level up to print out more debugging info than you could ever want, or like in novell using dstrace.

  4. #4
    KenVM is offline Active Member
    Join Date
    Feb 2007
    Posts
    28
    Rep Power
    8

    Default

    I'm not familiar with anything on the AD side that would help. I was hoping someone here would have some pointers.

  5. #5
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,506
    Rep Power
    57

    Default

    In the bug report you mention above there are a couple of comments that ask for information (specifically 8 & 9). Can you do an ldapsearch from the zimbra server using one of the failing account credentials, does it return any valid results or do you get a failure? Does the information that's asked for in comment 9 exist in the failing account?

    As you're on 4.5.6, is there any possibility that you will upgrade to the most recent Zimbra release any time soon?

    If you are hitting this bug then you'll need to open a support case and refer to that bug report, you're likely to get the upgrade suggestion first.

    PS Which version of AD are you actually authenticating against?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    KenVM is offline Active Member
    Join Date
    Feb 2007
    Posts
    28
    Rep Power
    8

    Default

    Turns out there was a difference in the account.

    The problem account was limited to what servers it could log in to. Once I removed this limitation the logins worked fine.

    Does anyone know what entry I would have to put in to the allow list so that I could limit logins but still allow access to zimbra mail? I've tried the obvious ones (name of server, zimbra) but no dice.

    Thanks,

    -Ken

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Zimbra logwatch.
    By nishith in forum Administrators
    Replies: 5
    Last Post: 06-10-2009, 04:42 PM
  2. IMAP authentication failure on an Apple server mail account
    By mgrabowski in forum General Questions
    Replies: 1
    Last Post: 03-18-2008, 01:40 PM
  3. Authentication failing
    By SyndicateAssasin in forum Administrators
    Replies: 1
    Last Post: 11-25-2007, 12:07 AM
  4. Replies: 3
    Last Post: 09-18-2007, 06:55 AM
  5. IMAP SSL Authentication failing
    By moniker in forum Administrators
    Replies: 1
    Last Post: 08-23-2006, 08:25 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •