Results 1 to 9 of 9

Thread: Use zimbra LDAP for two UNIX servers

  1. #1
    juanschwartz is offline Active Member
    Join Date
    Jul 2008
    Posts
    31
    Rep Power
    6

    Default Use zimbra LDAP for two UNIX servers

    UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI - Zimbra :: Wiki

    Using the above guide, is it possible to have two samba shares from two different linux boxes authenticate off of the zimbra ldap?

    For example, box 1 is a general fileserver with 4tb of storage space and box 2 is for our production department only and has 16tb of storage. I'd like to give access to the fileserver to everyone, while limiting access to production to the production dept. I read the guide briefly and thought I'd ask before getting to far into it.

  2. #2
    juanschwartz is offline Active Member
    Join Date
    Jul 2008
    Posts
    31
    Rep Power
    6

    Default

    Quote Originally Posted by juanschwartz View Post
    UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI - Zimbra :: Wiki

    Using the above guide, is it possible to have two samba shares from two different linux boxes authenticate off of the zimbra ldap?

    For example, box 1 is a general fileserver with 4tb of storage space and box 2 is for our production department only and has 16tb of storage. I'd like to give access to the fileserver to everyone, while limiting access to production to the production dept. I read the guide briefly and thought I'd ask before getting to far into it.

    Anybody?

  3. #3
    Hivos's Avatar
    Hivos is offline Advanced Member
    Join Date
    Aug 2009
    Location
    The Hague -- The Netherlands
    Posts
    201
    Rep Power
    5

    Default

    As long as both samba shares are in the same workgroup/domain, then yes. We have one of our smaller offices running with a Zimbra domain controller

  4. #4
    juanschwartz is offline Active Member
    Join Date
    Jul 2008
    Posts
    31
    Rep Power
    6

    Default

    Quote Originally Posted by Hivos View Post
    As long as both samba shares are in the same workgroup/domain, then yes. We have one of our smaller offices running with a Zimbra domain controller
    Do you mind expanding on that a bit? Do I need to make them the same domain as the ZCS server?

    For example... Our mail server is mail.example.com.

    Should I make the 2 file servers: filehost.example.com and production.example.com?

  5. #5
    Hivos's Avatar
    Hivos is offline Advanced Member
    Join Date
    Aug 2009
    Location
    The Hague -- The Netherlands
    Posts
    201
    Rep Power
    5

    Default

    You may be confusing hostnames and NetBIOS names (don't blame me, blame Microsoft). Within a samba / windows domain, normally NetBIOS is used for name resolution. A servers' "real" hostname may be something completely different, though this does depend on your smb.conf.

    To keep a long story short: use the wiki-page from your topicstart to setup a test-environment with 1 zimbra server and 1 samba server (Primary Domain Controller). After that you can easily add a second Samba server to your domain (Domain Member Server or Backup Domain Controller).

  6. #6
    juanschwartz is offline Active Member
    Join Date
    Jul 2008
    Posts
    31
    Rep Power
    6

    Default

    Quote Originally Posted by Hivos View Post
    You may be confusing hostnames and NetBIOS names (don't blame me, blame Microsoft). Within a samba / windows domain, normally NetBIOS is used for name resolution. A servers' "real" hostname may be something completely different, though this does depend on your smb.conf.

    To keep a long story short: use the wiki-page from your topicstart to setup a test-environment with 1 zimbra server and 1 samba server (Primary Domain Controller). After that you can easily add a second Samba server to your domain (Domain Member Server or Backup Domain Controller).
    Hivos. I got everything setup and tested. All of my groups and everything work. I will soon be adding Windows PCs to our domain and perhaps using openvpn with its auth-ldap plugin to authenticate zimbra users to our VPN and doing away with our Windows server altogether.

    One thing I did notice was that if I put someone in a group and they mounted an SMB share, say //server/production and then I removed them from the group, they could still access and browse the folder. Is this normal behavior? Should it remove their rights immediately?

  7. #7
    Hivos's Avatar
    Hivos is offline Advanced Member
    Join Date
    Aug 2009
    Location
    The Hague -- The Netherlands
    Posts
    201
    Rep Power
    5

    Default

    The user needs to logout / login for the change to take effect. And yes, this is normal windows behaviour (samba is "bug-compatible" with windows). Good to hear you've got it working!

  8. #8
    juanschwartz is offline Active Member
    Join Date
    Jul 2008
    Posts
    31
    Rep Power
    6

    Default

    Quote Originally Posted by Hivos View Post
    The user needs to logout / login for the change to take effect. And yes, this is normal windows behaviour (samba is "bug-compatible" with windows). Good to hear you've got it working!
    Yeah, it all made sense once I got in there and read over the docs before I attempted to implement it. I am building another fileserver to run off of the zimbra ldap through SAMBA soon.

    I was also able to get OpenVPN to authenticate through zimbra using auth-ldap, but I am having issues using a group or zimbraAccountStatus inside of uid=user,ou=people,dc=example,dc=com as it seems to work with AD as opposed to other LDAP schemas. I submitted a request on their code page for an ability to do that, but it's WAY back in line.

    So, if we were to want to prevent an employee from logging in, I'd have to revoke a certificate instead of just disabling them in zimbra. That's better than nothing for the moment... so long as I get rid of that 2003 SBS Domain Controller.

  9. #9
    Hivos's Avatar
    Hivos is offline Advanced Member
    Join Date
    Aug 2009
    Location
    The Hague -- The Netherlands
    Posts
    201
    Rep Power
    5

    Default

    Just a quick note I thought of: be careful when upgrading either Samba or Zimbra.

    Upgrading zimbra may delete the samba ldap scheme, so make sure you keep a copy somewhere to restore after a zimbra upgrade.

    When upgrading samba you may get a new version of the samba ldap scheme. If this is the case copy this new version to the zimbra ldap directory and restart zimbra.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 22
    Last Post: 12-02-2007, 05:05 PM
  2. Zimbra shutdowns every n hours.
    By Andrewb in forum Administrators
    Replies: 13
    Last Post: 08-14-2007, 08:55 AM
  3. Can't start Zimbra!
    By zibra in forum Administrators
    Replies: 5
    Last Post: 03-22-2007, 11:34 AM
  4. 4.5 Upgrade failure
    By brained in forum Installation
    Replies: 9
    Last Post: 03-03-2007, 03:30 PM
  5. Mail logs
    By Rick Baker in forum Installation
    Replies: 8
    Last Post: 01-17-2006, 04:33 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •