Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Samba Group...?

  1. #1
    NoDoze is offline Elite Member
    Join Date
    Feb 2008
    Location
    San Francisco
    Posts
    360
    Rep Power
    7

    Default Samba Group...?

    I'm setting up the zimbra integration with samba, and on this tutorial:
    Zimbra Integration With Samba - Ubuntu Based (Similar To AD And Exchange) - Page 3 | HowtoForge - Linux Howtos and Tutorials

    In the section: 12 - Creating Linux and Samba groups using Zimbra Admin UI
    I do not have the Samba Group tab like how it's shown in the images...

    How and what am I missing? I've followed all the steps...I think...heh. And have had no issues...Is image of an older version of zimbra? Has a newer version of zimbra dropped this tab?

    please explain....

    Thanks!

  2. #2
    NoDoze is offline Elite Member
    Join Date
    Feb 2008
    Location
    San Francisco
    Posts
    360
    Rep Power
    7

    Exclamation

    Uhmmm...ok.....

    I went on to the next step...assuming the image was outdated....

    So i:
    Next, log in to Zimbra Admin UI, click on Aliases and remove root@tm.local alias. Then run the following on the Samba server.

    smbpasswd -a root

    You need then to grant privileges to the domain admins group.

    Run the following command as root on your Samba server. Put your domain name instead of TM.

    More information on this topic is available in Official Samba HOWTO Reference Guide (The Official Samba 3.2.x HOWTO and Reference Guide).

    Run the following command, it will ask for a password; enter the password you entered in the prevoius step:

    net rpc rights grant "TM\Domain Admins" SeAddUsersPrivilege SeMachineAccountPrivilege SePrintOperatorPrivilege
    And wammo! I'm locked out of the zimbra admin ui!?!?!

    Ughhhhhhh!!!

    So....

    why did this happen?
    How do I restore the root@tm.local account?

    I feel like I'm making it worse...

    PLEASE HELP!

    Thanks.

  3. #3
    ArcaneMagus's Avatar
    ArcaneMagus is offline Moderator
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    Did you install the zimbra_samba admin extension? The samba tab comes from that.
    How are you "locked out" of the admin console? Is it not accepting your username/password?
    Did any of the zimbra accounts show up on your samba server when you ran `getent passwd`?

    To add the alias back run the following command as the zimbra user on the zimbra server:
    Code:
    zmprov aaa admin@tm.local root@tm.local
    Edit: You might also want to check out UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI - Zimbra :: Wiki

  4. #4
    NoDoze is offline Elite Member
    Join Date
    Feb 2008
    Location
    San Francisco
    Posts
    360
    Rep Power
    7

    Exclamation

    Yes, the username/pasword I use isn't allowing me to login, it says Authentication Failed

    I tried:
    zmprov aaa admin@domain.com root@domain.com
    But get:
    ERROR: account.NO_SUCH_ACCOUNT (no such account: admin@domain.com)


    I added the zimbra_samba admin extension, and the samba domains showed up, but not the samba group tab....?

    And yes, I'm using BOTH turtorials....

  5. #5
    ArcaneMagus's Avatar
    ArcaneMagus is offline Moderator
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    Does your administrative account show up when you run `zmprov gaaa`?

  6. #6
    NoDoze is offline Elite Member
    Join Date
    Feb 2008
    Location
    San Francisco
    Posts
    360
    Rep Power
    7

    Default

    nope. nada.

    ...but it does list my personal email account...
    let me try login in with that....

    Yup! I was able to get into the admin UI with my personal login, not the default admin login.....
    ....I guess I gave myself admin privileges sometime ago...

    ...hmmm...then I ask is the admin account even needed?

    ...and back to the original question....why is the samba tab not available...?
    Last edited by NoDoze; 08-07-2009 at 01:38 PM.

  7. #7
    NoDoze is offline Elite Member
    Join Date
    Feb 2008
    Location
    San Francisco
    Posts
    360
    Rep Power
    7

    Default

    OK...I've back tracked a bit and found what may be causing it....

    In this part of the tutorial:
    Installing zimbra_posixaccount and zimbra_samba extensions for Zimbra Admin

    1. Extract files from /opt/zimbra/zimlets-admin-extra/zimbra_posixaccount.zip to a folder on your desktop computer, open zimbra_posixaccount folder and edit config_template.xml.
    2. Edit ldapSuffix property in config_template.xml. This property is the path in your LDAP tree where all Linux and Samba user information will be stored. This can be the name of your primary email domain written in the ldap syntax. E.g. if your domain is mycompany.com, then ldapSuffix will be

    dc=mycompany,dc=com

    in this example I will use the domain gregzimbra1.zimbra.com, which is the name of my Ubuntu Linux machine running inside a VMWare instance, hence my ldapSuffix is

    dc=gregzimbra1,dc=zimbra,dc=com

    1. Edit uidBase property in config_template.xml. uidBase is the base for creating Linux user IDs for user accounts that will be stored in LDAP. The first account that you will create through Zimbra Admin UI will have user ID = uidBase+1. If you already have user accounts in your current password database (most likely /etc/passwd) it is recommended that you set this value higher than the maximum existing user account.
    2. Edit gidBase property in config_template.xml. gidBase is the base for creating Linux group IDs for groups that will be stored in LDAP. The first group that you will create through Zimbra Admin UI will have group ID = gidBase+1.
    3. Zip all the files that are in zimbra_posixaccount folder into zimbra_posixaccount.zip together with modified config_template.xml (make a flat zip file without folders)

    cd zimbra_posixaccount

    zip zimbra_posixaccount *.*

    1. Log in to Zimbra Admin (https://yourserver.com:7071/zimbraAdmin) as administrator, navigate to Admin Extensions and deploy zimbra_posixaccount extension using the zimbra_posixaccount.zip file (refer to ZCS Admin Guide for more information about installing Admin Extensions)
    2. Extract files from /opt/zimbra/zimlets-admin-extra/zimbra_samba.zip to a folder on your desktop computer and open config_template.xml (this file is in zimbra_samba folder along with other extension files).
    3. Edit ldapSuffix, uidBase and gidBase properties using the same values as you used in for zimbra_posixaccount.zip
    4. Zip all the files zimbra_samba folder into zimbra_samba.zip together with modified config_template.xml into a flat ZIP file and deploy zimbra_samba Admin Extension.
    5. Reload your Zimbra Admin to initialize the extensions. When the extensions are loaded for the first time, they will check if OUs defined by ldapMachineSuffix and ldapGroupSuffix propertiesin config_template.xml files exist and create these OUs, if they do not exist.
    originally, I had:
    Code:
    dc=mail,dc=domain,dc=com
    But got errors when loging into the admin UI
    warning failed create ou=groups and ou=machines...

    So then I removed the dc=mail so that it was then...
    Code:
    dc=domain,dc=com
    Mind you the hostname for the server is mail.domain.com

    With the dc=mail in... the samba groups tab appears, but i get admin ui errors mentioned above...

    Without the dc=mail in... the admin ui errors disappear, but the samba groups tab disappears

    What am I doing wrong? What should be the correct format? But then why the errors?

    Thanks.

  8. #8
    ArcaneMagus's Avatar
    ArcaneMagus is offline Moderator
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    Do the ldapSuffix sections match in the following two files? (And yes it should be dc=domain,dc=com the instructions are a bit confusing there as the test servers they build use the full server name as the "base")

    /opt/zimbra/jetty/webapps/service/zimlet/zimbra_samba/config_template.xml
    /opt/zimbra/jetty/webapps/service/zimlet/zimbra_posixaccount/config_template.xml

    Also make sure you modified the access section /opt/zimbra/conf/slapd.conf.in file and not the slapd.conf, it might be a problem there (doubt it but who knows)

  9. #9
    NoDoze is offline Elite Member
    Join Date
    Feb 2008
    Location
    San Francisco
    Posts
    360
    Rep Power
    7

    Default

    Ok...went through all the files again and made all the domain corrections... AND IT WORKED!

    Admin UI had no errors, and the samba group tab appears!

    Now...is it important to re-create that root@domain.com admin account...?

  10. #10
    ArcaneMagus's Avatar
    ArcaneMagus is offline Moderator
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

    Default

    I know that a lot of the services send alerts and stuff to the admin@domain.tld account... but I can't find where to set this or if it is actually needed. You could always add an alias of admin@ to your own account.

    How that account got deleted is probably a better question to be asking...

    Glad you got the samba/posix part working though

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Compartmentalized groups or locations sharing a domain
    By dstoliker in forum Administrators
    Replies: 5
    Last Post: 07-14-2008, 12:06 PM
  2. [SOLVED] URGENT: Tomcat Not Starting On Reboot
    By AlexanderH in forum Administrators
    Replies: 19
    Last Post: 08-22-2007, 12:42 PM
  3. Zimbra + Samba LDAP auth problems
    By fajarpri in forum Installation
    Replies: 3
    Last Post: 07-04-2007, 11:39 PM
  4. Monitoring : Data not yet avalaible
    By s3nz3x in forum Installation
    Replies: 7
    Last Post: 11-30-2005, 07:18 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •