Samba Group...?

[NoDoze]

I'm setting up the zimbra integration with samba, and on this tutorial:
Zimbra Integration With Samba - Ubuntu Based (Similar To AD And Exchange) - Page 3 | HowtoForge - Linux Howtos and Tutorials

In the section: 12 - Creating Linux and Samba groups using Zimbra Admin UI
I do not have the Samba Group tab like how it's shown in the images...

How and what am I missing? I've followed all the steps...I think...heh. And have had no issues...Is image of an older version of zimbra? Has a newer version of zimbra dropped this tab?

please explain....

Thanks!

[NoDoze]

Uhmmm...ok.....

I went on to the next step...assuming the image was outdated....

So i:

Quote:

Next, log in to Zimbra Admin UI, click on Aliases and remove root@tm.local alias. Then run the following on the Samba server.

smbpasswd -a root

You need then to grant privileges to the domain admins group.

Run the following command as root on your Samba server. Put your domain name instead of TM.

More information on this topic is available in Official Samba HOWTO Reference Guide (The Official Samba 3.2.x HOWTO and Reference Guide).

Run the following command, it will ask for a password; enter the password you entered in the prevoius step:

net rpc rights grant "TM\Domain Admins" SeAddUsersPrivilege SeMachineAccountPrivilege SePrintOperatorPrivilege

And wammo! I'm locked out of the zimbra admin ui!?!?!

Ughhhhhhh!!!

So....

why did this happen?
How do I restore the root@tm.local account?

I feel like I'm making it worse...

PLEASE HELP!

Thanks.

[ArcaneMagus]

Did you install the zimbra_samba admin extension? The samba tab comes from that.
How are you "locked out" of the admin console? Is it not accepting your username/password?
Did any of the zimbra accounts show up on your samba server when you ran `getent passwd`?

To add the alias back run the following command as the zimbra user on the zimbra server:

Code:

zmprov aaa admin@tm.local root@tm.local

Edit: You might also want to check out UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI - Zimbra :: Wiki

[NoDoze]

Yes, the username/pasword I use isn't allowing me to login, it says Authentication Failed

I tried:
zmprov aaa admin@domain.com root@domain.com
But get:
ERROR: account.NO_SUCH_ACCOUNT (no such account: admin@domain.com)


I added the zimbra_samba admin extension, and the samba domains showed up, but not the samba group tab....?

And yes, I'm using BOTH turtorials....

[ArcaneMagus]

Does your administrative account show up when you run `zmprov gaaa`?

[NoDoze]

nope. nada.

...but it does list my personal email account...
let me try login in with that....

Yup! I was able to get into the admin UI with my personal login, not the default admin login.....
....I guess I gave myself admin privileges sometime ago...

...hmmm...then I ask is the admin account even needed?

...and back to the original question....why is the samba tab not available...?

[NoDoze]

OK...I've back tracked a bit and found what may be causing it....

In this part of the tutorial:

Quote:

Installing zimbra_posixaccount and zimbra_samba extensions for Zimbra Admin

1. Extract files from /opt/zimbra/zimlets-admin-extra/zimbra_posixaccount.zip to a folder on your desktop computer, open zimbra_posixaccount folder and edit config_template.xml.
2. Edit ldapSuffix property in config_template.xml. This property is the path in your LDAP tree where all Linux and Samba user information will be stored. This can be the name of your primary email domain written in the ldap syntax. E.g. if your domain is mycompany.com, then ldapSuffix will be

dc=mycompany,dc=com

in this example I will use the domain gregzimbra1.zimbra.com, which is the name of my Ubuntu Linux machine running inside a VMWare instance, hence my ldapSuffix is

dc=gregzimbra1,dc=zimbra,dc=com

1. Edit uidBase property in config_template.xml. uidBase is the base for creating Linux user IDs for user accounts that will be stored in LDAP. The first account that you will create through Zimbra Admin UI will have user ID = uidBase+1. If you already have user accounts in your current password database (most likely /etc/passwd) it is recommended that you set this value higher than the maximum existing user account.
2. Edit gidBase property in config_template.xml. gidBase is the base for creating Linux group IDs for groups that will be stored in LDAP. The first group that you will create through Zimbra Admin UI will have group ID = gidBase+1.
3. Zip all the files that are in zimbra_posixaccount folder into zimbra_posixaccount.zip together with modified config_template.xml (make a flat zip file without folders)

cd zimbra_posixaccount

zip zimbra_posixaccount *.*

1. Log in to Zimbra Admin (https://yourserver.com:7071/zimbraAdmin) as administrator, navigate to Admin Extensions and deploy zimbra_posixaccount extension using the zimbra_posixaccount.zip file (refer to ZCS Admin Guide for more information about installing Admin Extensions)
2. Extract files from /opt/zimbra/zimlets-admin-extra/zimbra_samba.zip to a folder on your desktop computer and open config_template.xml (this file is in zimbra_samba folder along with other extension files).
3. Edit ldapSuffix, uidBase and gidBase properties using the same values as you used in for zimbra_posixaccount.zip
4. Zip all the files zimbra_samba folder into zimbra_samba.zip together with modified config_template.xml into a flat ZIP file and deploy zimbra_samba Admin Extension.
5. Reload your Zimbra Admin to initialize the extensions. When the extensions are loaded for the first time, they will check if OUs defined by ldapMachineSuffix and ldapGroupSuffix propertiesin config_template.xml files exist and create these OUs, if they do not exist.

originally, I had:

Code:

dc=mail,dc=domain,dc=com

But got errors when loging into the admin UI
warning failed create ou=groups and ou=machines...

So then I removed the dc=mail so that it was then...

Code:

dc=domain,dc=com

Mind you the hostname for the server is mail.domain.com

With the dc=mail in... the samba groups tab appears, but i get admin ui errors mentioned above...

Without the dc=mail in... the admin ui errors disappear, but the samba groups tab disappears

What am I doing wrong? What should be the correct format? But then why the errors?

Thanks.

[ArcaneMagus]

Do the ldapSuffix sections match in the following two files? (And yes it should be dc=domain,dc=com the instructions are a bit confusing there as the test servers they build use the full server name as the "base")

/opt/zimbra/jetty/webapps/service/zimlet/zimbra_samba/config_template.xml
/opt/zimbra/jetty/webapps/service/zimlet/zimbra_posixaccount/config_template.xml

Also make sure you modified the access section /opt/zimbra/conf/slapd.conf.in file and not the slapd.conf, it might be a problem there (doubt it but who knows)

[NoDoze]

Ok...went through all the files again and made all the domain corrections... AND IT WORKED!

Admin UI had no errors, and the samba group tab appears!

Now...is it important to re-create that root@domain.com admin account...?

[ArcaneMagus]

I know that a lot of the services send alerts and stuff to the admin@domain.tld account... but I can't find where to set this or if it is actually needed. You could always add an alias of admin@ to your own account.

How that account got deleted is probably a better question to be asking...

Glad you got the samba/posix part working though