Users can login

**TrinityEMS** · 07-24-2008, 07:11 AM

Sorry, that's users CANNOT login. We are just starting our migration to Zimbra. All users have accounts, but only those with Administrator permissions can log into their webmail. We are not using LDAP authentication. Any ideas?

**soxfan** · 07-24-2008, 07:36 AM

You say you are not using LDAP authentication. Does that mean you are using the Zimbra Internal authentication?

I'd start by looking in /opt/zimbra/log/mailbox.log for clues on why the regular users can't login.

**uxbod** · 07-24-2008, 07:42 AM

Welcome to the forums

Are you able to login if you use user@domain.com or the short name of just user ?

**TrinityEMS** · 07-24-2008, 07:46 AM

Actually, normal users are using LDAP. It seems that once a user is switched to Administrator, they do not use LDAP to login, so that was confusing. Users cannot login using user@domain.com or user.

**TrinityEMS** · 07-24-2008, 07:55 AM

When a user attempts to login, I get this in the /opt/zimbra/log/maillog.log:

2008-07-23 12:53:46,208 INFO [btpool0-0] [ua=zclient/5.0.4_GA_2101.RHEL5;oip=10.18.53.166;] SoapEngine - handler exception: authentication failed for user@domain.com, external LDAP auth failed, [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893^@]

**soxfan** · 07-24-2008, 08:05 AM

I don't use LDAP authentication, but it sounds like a configuration issue with the LDAP set-up.

**phoenix** · 07-24-2008, 08:30 AM

Originally Posted by TrinityEMS

Actually, normal users are using LDAP. It seems that once a user is switched to Administrator, they do not use LDAP to login, so that was confusing. Users cannot login using user@domain.com or user.

Have you actually created the use accounts in Zimbra? You'll need to provision them in Zimbre before they will be able to login.

**TrinityEMS** · 07-24-2008, 09:13 AM

yes, the users are all configured in Zimbra with local passwords, but the GAL and the authentication are set for Active Directory. I have not been able to get any authentication scheme to test properly using either the GAL test or the Authentication test.

**phoenix** · 07-24-2008, 10:30 AM

Well, in that case the authentication error you've posted above is correct. You would appear to have a problem with the credentials you're passing to AD. Have a look at the DN you need to pass and modify them in the authentication wizard, see this wiki article for finding the DN: LDAP Active Directory - Zimbra :: Wiki

**TrinityEMS** · 07-25-2008, 12:36 PM

Still having problems. I confirmed the proper DN using the ADSI Edit tool, so I still don't know why this is failing. I have the following settings which were based on another implementation that is working fine:

GAL mode: External
Most results returned by GAL search: 100
Server type: LDAP
LDAP filter:* (|(cn=%s*)(sn=%s*)(gn=%s*)(mail=%s*))
Autocomplete filter: (|(cn=%s*)(sn=%s*)(gn=%s*)(mail=%s*))
LDAP search base: dc=domain,dc=local
LDAP URL: ldap://trinity.domain.local:3268
Bind DN: cn=administrator,cn=users,dc=domain,dc=local

Authentication mechanism: External Active Directory
LDAP bind DN template: %u@domain.local
LDAP URL: ldap://trinity.domain.local:389

I'm lost as to why this would not be working. Please help.

Zimbra

Thread: Users can login

LinkBack

Thread Tools

Search Thread

Display

Users can login

Thread Information

Users Browsing this Thread

Similar Threads

[SOLVED] Last login times for users

Login showing wrong users email

[SOLVED] Export users, last login, cos and quota

Can Ldap autheticate user's system login

get a login user's phone number from GAL

Posting Permissions