Results 1 to 7 of 7

Thread: Zimbra 6.0.x + Samba

  1. #1
    strikermdd is offline Active Member
    Join Date
    Nov 2007
    Location
    Brazil
    Posts
    42
    Rep Power
    7

    Thumbs down Zimbra 6.0.x + Samba

    Hello guys, i'm trying to implement the Zimbra 6 with Samba, but i having some issues in the way ... samba can't access the ldap base.

    I have two virtual machines, one with Zimbra installed, and other with samba. I can make the Samba machine authenticate users via PAM, but when i use the command smbpasswd -a root, then its says :

    root@ubuntu:~# smbpasswd -a root
    Failed to issue the StartTLS instruction: Can't contact LDAP server
    New SMB password:
    Retype new SMB password:
    Failed to issue the StartTLS instruction: Can't contact LDAP server
    Failed to issue the StartTLS instruction: Can't contact LDAP server
    Failed to add entry for user root.
    My ldap.conf its like this :
    host 192.168.10.2
    base dc=marechal,dc=saude,dc=al,dc=gov,dc=br
    binddn uid=zimbra,cn=admins,cn=zimbra
    bindpw MYPASSWD
    rootbinddn uid=zimbra,cn=admins,cn=zimbra
    port 389
    bind_policy soft
    nss_reconnect_tries 2
    uri ldap://192.168.10.2/
    ssl start_tls
    tls_cacertdir /opt/zimbra
    tls_checkpeer no
    pam_password md5
    nss_base_passwd ou=people,dc=marechal,dc=saude,dc=al,dc=gov,dc=br
    nss_base_shadow ou=people,dc=marechal,dc=saude,dc=al,dc=gov,dc=br? one
    nss_base_group ou=Grupos,dc=marechal,dc=saude,dc=al,dc=gov,dc=br? one
    nss_base_hosts ou=Computadores,dc=marechal,dc=saude,dc=al,dc=gov, dc=br?one
    nss_initgroups_ignoreusers backup,bin,daemon,games,gnats,irc,libuuid,list,lp, mail,man,news,ntop,openldap,proxy,root,sshd,sync,s ys,syslog,uucp,www-data
    nss_initgroups_ignoreusers backup,bin,daemon,games,gnats,irc,libuuid,list,lp, mail,man,news,ntop,openldap,proxy,root,sshd,sync,s ys,syslog,uucp,www-data
    In Zimbra Server i can't use the ldapsearch :
    [zimbra@marechal ~]$ ldapsearch -x
    ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
    or

    [zimbra@marechal ~]$ ldapsearch -ZZ -h marechal.saude.al.gov.br
    SASL/GSSAPI authentication started
    ldap_sasl_interactive_bind_s: Local error (-2)
    additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (see text) (open(/tmp/krb5cc_500): )
    But when i use a client like Apache Directory Studio, i can see all base ok.

    I can create users and groups. The only problem it's with samba by now ...

    And one little other question ... Its possible to revert the cn=config style of config file to the old slapd.conf ? It's far more easy to handle i think ...

    If anyone can help me, please do ...

    Thanks
    Last edited by strikermdd; 04-27-2010 at 10:50 AM.

  2. #2
    strikermdd is offline Active Member
    Join Date
    Nov 2007
    Location
    Brazil
    Posts
    42
    Rep Power
    7

    Default

    Sorry for the reply, but i really need this, i am trying to move from a old email server to a Zimbra Server, maybe in the future one Zimbra Enterprise version, but first i need to integrate Zimbra with Samba, i read the wiki, but don't work.

    Thanks

  3. #3
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    I assume you followed the instructions here: UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI 6.0 - Zimbra :: Wiki? Did you take note about Anonymous Access in this section: UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI 6.0 - Zimbra :: Wiki?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  4. #4
    strikermdd is offline Active Member
    Join Date
    Nov 2007
    Location
    Brazil
    Posts
    42
    Rep Power
    7

    Default

    well, i use this wiki article yes, and i see the Anonymous, but not work. In the zimbra machine, if i run a getent passwd i can see my users, but i think the 389 port its not allowed for the network, because running a nmap locally for example :

    [root@marechal ~]# nmap 192.168.10.2

    Starting Nmap 4.11 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2010-05-03 13:24 BRT
    Interesting ports on marechal.saude.al.gov.br (192.168.10.2):
    Not shown: 1671 closed ports
    PORT STATE SERVICE
    22/tcp open ssh
    25/tcp open smtp
    53/tcp open domain
    80/tcp open http
    143/tcp open imap
    465/tcp open smtps
    587/tcp open submission
    993/tcp open imaps
    995/tcp open pop3s
    But if i use the name of machine, the ldap service its ok :

    [root@marechal ~]# nmap marechal

    Starting Nmap 4.11 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2010-05-03 13:25 BRT
    Interesting ports on marechal.saude.al.gov.br (10.50.80.21):
    Not shown: 1670 closed ports
    PORT STATE SERVICE
    22/tcp open ssh
    25/tcp open smtp
    53/tcp open domain
    80/tcp open http
    143/tcp open imap
    389/tcp open ldap
    465/tcp open smtps
    587/tcp open submission
    993/tcp open imaps
    995/tcp open pop3s

    Nmap finished: 1 IP address (1 host up) scanned in 0.041 second
    s

    In any other machine, i can't access the 389 ldap port, and i not using iptables ( service off and without any rules ), and SELINUX off too ...

    Exist any option in ldap with block the access to this port ? And how i can change this for my entire network can bind and search my ldap in 389 port ?

    Thanks.

  5. #5
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Quote Originally Posted by strikermdd View Post
    Exist any option in ldap with block the access to this port ? And how i can change this for my entire network can bind and search my ldap in 389 port ?
    Did you follow those anonymous access instructions exactly? You should also read the Release Notes about Anonymous Access to LDAP.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    strikermdd is offline Active Member
    Join Date
    Nov 2007
    Location
    Brazil
    Posts
    42
    Rep Power
    7

    Default

    in my comment above i say that ... i create a ldif with this :

    dn: olcDatabase={2}hdb,cn=config
    changetype:modify
    add: olcAccess
    olcAccess: {10}to dn.subtree="dc=marechal,dc=saude,dc=al,dc=gov,dc=b r" by dn.children="cn=admins,cn=zimbra" write by * read
    olcAccess: {11}to dn.subtree="ou=machines,dc=saude,dc=al,dc=gov,dc=b r" by dn.children="cn=admins,cn=zimbra" write by * read
    olcAccess: {12}to dn.subtree="ou=groups,dc=saude,dc=al,dc=gov,dc=br" by dn.children="cn=admins,cn=zimbra" write by * read
    olcAccess: {13}to dn.subtree="ou=people,dc=saude,dc=al,dc=gov,dc=br" by dn.children="cn=admins,cn=zimbra" write by * read
    i add to my directory using :

    ldapmodify -f anonymousaccess.ldif -x -H ldapi:/// -D cn=config -w mypasswd
    In the machine, i can login anonymous ( using only the hostname, not the ip), in other machines, i CAN'T see the 389 ldap port.

    obs. :
    Zimbra 6.0.6_64 bits - Centos 5.4
    Samba - Ubuntu 9.10 ( tried in Centos 5.4 too ... )

  7. #7
    strikermdd is offline Active Member
    Join Date
    Nov 2007
    Location
    Brazil
    Posts
    42
    Rep Power
    7

    Default

    In some way, the service of ldap it's only running to the zimbra machine, not for the network, because i can't see via nmap the port 389 active, but imap, smpt, etc, its ok ...

    Any idea of how i can fix this ?

    Thanks

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Important Mta Issue!!!!!!!!
    By borngunners in forum Migration
    Replies: 2
    Last Post: 01-05-2010, 06:44 AM
  2. [SOLVED] Clamav problem ? What's happening ?
    By aNt1X in forum Installation
    Replies: 23
    Last Post: 02-14-2008, 05:43 AM
  3. Replies: 8
    Last Post: 02-27-2007, 04:10 AM
  4. dspam logrotate errors
    By michaeln in forum Users
    Replies: 7
    Last Post: 02-19-2007, 12:45 PM
  5. Fedora Core 3, Clean Install - Not working!
    By pcjackson in forum Installation
    Replies: 17
    Last Post: 03-05-2006, 07:38 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •