Are there any reasons why I can't implement this after already having a live Zimbra server? I currently use Windows 2003 for network authentication, and am running Ubuntu 8.04 and Zimbra 5.0.13.
Printable View
Are there any reasons why I can't implement this after already having a live Zimbra server? I currently use Windows 2003 for network authentication, and am running Ubuntu 8.04 and Zimbra 5.0.13.
You can certainly implement this with a live Zimbra server. i just did. However, unless you have your users' passwords in cleartext or the Windows hash of same, you won't be able to use their passwords for Windows logon until they've updated their passwords through Zimbra.
First I want to say thank you to all the contributors of this thread and msghaleb in particuliar.;)
I installed zimbra 5.0.15 and Samba on separate Ubuntu 6.06 VMware guests. Everything went fine, except towards the end : my samba domain name would not appear under Samba in the Zimbra admin gui.
To solve, I just needed to had the zimbra server to the /etc/hosts file of the samba server. Sometimes, we forget about the basics...
Cheers
Hi all,
I've successfully installed a zimbra server for ldap authentication.
Samba and posix account are integrated in the zimbra accounts.
But I have this problem: If a user is created with "password must change" flag, and if that user does not log in the zimbra webmail server (for example, logs by ssh into a machine that gets its users from the zimbra ldap server), the user is not asked to change the password.
Any ideias to workaround this?
I need to add a second ubuntu based file server on the same domain and subnet. Nothing tricky, the PDC is samba ldap and zimbra on one machine. The second machine will be a fileserver which will use the PDC for authentication.
The environment is mostly Windows XP Pro machines which will logon using the PDC
Do I need to set up the second machine as a BDC, or simply a server?
Can someone please give me a smb.conf example to setup the fileserver?
My PDC smb.conf is the one used in Greg's HOWTO.
Thanks,
Mark
Simply setup the second server as you setup the samba ldap on the first server. No need for a BDC. The samba on the second server just need to authenticate through ldap on the first server.
You should be able to just copy the /etc/ldap and the smb.conf(edited a bit) from the first server to the second server. It's dead easy.
We have a few servers here that all auth up against the zimbra ldap and have split up the samba config file into smb.conf and smb-shares.conf. Just use the 'include = /etc/samba/smb-shares.conf' option in the smb.conf.
Quote:
Originally Posted by gtr33m
Does this mean that I have openldap setup on the second server, or is it authenticating against the PDC using it's ldap. I would guess that it's the later, but not sure why I copy /etc/ldap over.
The second machine is currently running zimbra, but will be decomissioned as the new one is brought online, so copying /etc/ldap over will be fine, but I don't want to screw up the current zimbra install until then.
Hmm... it was under my impression that the first server was running both Samba PDC and Zimbra.Quote:
Originally Posted by gtr33m
This is how it works :
Zimbra has an LDAP server which has all the users with their password. The Samba PDC uses the Zimbra LDAP server to lookup users and check passwords. Since it's a PDC it will handle Windows logons. That is basically the only difference between a normal Samba server and a Samba PDC. When a normal Samba server then has to check users/passwords when they access the shares, it will use the same process as the Samba PDC. It will look up in the Zimbra LDAP server. It's not excactly a BDC since it doesn't have anything to do with the Window logon process.
Compared to a Windows setup the second server doesn't need to join the domain and have a good relation to the PDC to do lookups. You can stop the Samba PDC server and the secondary servers will still be able to authenticate users for shares, as long as the Zimbra LDAP is running.
Sorry, I should have clarified.
The final config will be:
Machine 1: PDC, zimbra, LDAP
Machine 2: fileserver, webserver
Currently though, machine 1 is setup as above, but the zimbra is not live. I still need to move users over from machine 2. Machine 2 is currently live as zimbra, and has samba installed, though not linked in any way to zimbra.
Once machine 1 is live with zimbra running, I will wipe machine 2 and set it up as above.
Ok, but then I would suggest you kill LDAP on machine 1 since Zimbra already has an LDAP server for storing users in. You can easily have the PDC lookup users from the Zimbra on Machine 2.Quote:
Originally Posted by gtr33m