Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 04-27-2010, 09:45 AM
Active Member
 
Posts: 36
Thumbs down Zimbra 6.0.x + Samba

Hello guys, i'm trying to implement the Zimbra 6 with Samba, but i having some issues in the way ... samba can't access the ldap base.

I have two virtual machines, one with Zimbra installed, and other with samba. I can make the Samba machine authenticate users via PAM, but when i use the command smbpasswd -a root, then its says :

Quote:
root@ubuntu:~# smbpasswd -a root
Failed to issue the StartTLS instruction: Can't contact LDAP server
New SMB password:
Retype new SMB password:
Failed to issue the StartTLS instruction: Can't contact LDAP server
Failed to issue the StartTLS instruction: Can't contact LDAP server
Failed to add entry for user root.
My ldap.conf its like this :
Quote:
host 192.168.10.2
base dc=marechal,dc=saude,dc=al,dc=gov,dc=br
binddn uid=zimbra,cn=admins,cn=zimbra
bindpw MYPASSWD
rootbinddn uid=zimbra,cn=admins,cn=zimbra
port 389
bind_policy soft
nss_reconnect_tries 2
uri ldap://192.168.10.2/
ssl start_tls
tls_cacertdir /opt/zimbra
tls_checkpeer no
pam_password md5
nss_base_passwd ou=people,dc=marechal,dc=saude,dc=al,dc=gov,dc=br
nss_base_shadow ou=people,dc=marechal,dc=saude,dc=al,dc=gov,dc=br? one
nss_base_group ou=Grupos,dc=marechal,dc=saude,dc=al,dc=gov,dc=br? one
nss_base_hosts ou=Computadores,dc=marechal,dc=saude,dc=al,dc=gov, dc=br?one
nss_initgroups_ignoreusers backup,bin,daemon,games,gnats,irc,libuuid,list,lp, mail,man,news,ntop,openldap,proxy,root,sshd,sync,s ys,syslog,uucp,www-data
nss_initgroups_ignoreusers backup,bin,daemon,games,gnats,irc,libuuid,list,lp, mail,man,news,ntop,openldap,proxy,root,sshd,sync,s ys,syslog,uucp,www-data
In Zimbra Server i can't use the ldapsearch :
Quote:
[zimbra@marechal ~]$ ldapsearch -x
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
or

Quote:
[zimbra@marechal ~]$ ldapsearch -ZZ -h marechal.saude.al.gov.br
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (see text) (open(/tmp/krb5cc_500): )
But when i use a client like Apache Directory Studio, i can see all base ok.

I can create users and groups. The only problem it's with samba by now ...

And one little other question ... Its possible to revert the cn=config style of config file to the old slapd.conf ? It's far more easy to handle i think ...

If anyone can help me, please do ...

Thanks

Last edited by strikermdd; 04-27-2010 at 10:50 AM..
Reply With Quote
  #2 (permalink)  
Old 04-29-2010, 06:29 AM
Active Member
 
Posts: 36
Default

Sorry for the reply, but i really need this, i am trying to move from a old email server to a Zimbra Server, maybe in the future one Zimbra Enterprise version, but first i need to integrate Zimbra with Samba, i read the wiki, but don't work.

Thanks
Reply With Quote
  #3 (permalink)  
Old 05-01-2010, 05:56 AM
Zimbra Consultant & Moderator
 
Posts: 20,313
Default

I assume you followed the instructions here: UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI 6.0 - Zimbra :: Wiki? Did you take note about Anonymous Access in this section: UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI 6.0 - Zimbra :: Wiki?
__________________
Regards


Bill
Reply With Quote
  #4 (permalink)  
Old 05-03-2010, 09:37 AM
Active Member
 
Posts: 36
Default

well, i use this wiki article yes, and i see the Anonymous, but not work. In the zimbra machine, if i run a getent passwd i can see my users, but i think the 389 port its not allowed for the network, because running a nmap locally for example :

Quote:
[root@marechal ~]# nmap 192.168.10.2

Starting Nmap 4.11 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2010-05-03 13:24 BRT
Interesting ports on marechal.saude.al.gov.br (192.168.10.2):
Not shown: 1671 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
143/tcp open imap
465/tcp open smtps
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
But if i use the name of machine, the ldap service its ok :

Quote:
[root@marechal ~]# nmap marechal

Starting Nmap 4.11 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2010-05-03 13:25 BRT
Interesting ports on marechal.saude.al.gov.br (10.50.80.21):
Not shown: 1670 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
143/tcp open imap
389/tcp open ldap
465/tcp open smtps
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s

Nmap finished: 1 IP address (1 host up) scanned in 0.041 second
s

In any other machine, i can't access the 389 ldap port, and i not using iptables ( service off and without any rules ), and SELINUX off too ...

Exist any option in ldap with block the access to this port ? And how i can change this for my entire network can bind and search my ldap in 389 port ?

Thanks.
Reply With Quote
  #5 (permalink)  
Old 05-03-2010, 09:53 AM
Zimbra Consultant & Moderator
 
Posts: 20,313
Default

Quote:
Originally Posted by strikermdd View Post
Exist any option in ldap with block the access to this port ? And how i can change this for my entire network can bind and search my ldap in 389 port ?
Did you follow those anonymous access instructions exactly? You should also read the Release Notes about Anonymous Access to LDAP.
__________________
Regards


Bill
Reply With Quote
  #6 (permalink)  
Old 05-03-2010, 10:02 AM
Active Member
 
Posts: 36
Default

in my comment above i say that ... i create a ldif with this :

Quote:
dn: olcDatabase={2}hdb,cn=config
changetype:modify
add: olcAccess
olcAccess: {10}to dn.subtree="dc=marechal,dc=saude,dc=al,dc=gov,dc=b r" by dn.children="cn=admins,cn=zimbra" write by * read
olcAccess: {11}to dn.subtree="ou=machines,dc=saude,dc=al,dc=gov,dc=b r" by dn.children="cn=admins,cn=zimbra" write by * read
olcAccess: {12}to dn.subtree="ou=groups,dc=saude,dc=al,dc=gov,dc=br" by dn.children="cn=admins,cn=zimbra" write by * read
olcAccess: {13}to dn.subtree="ou=people,dc=saude,dc=al,dc=gov,dc=br" by dn.children="cn=admins,cn=zimbra" write by * read
i add to my directory using :

Quote:
ldapmodify -f anonymousaccess.ldif -x -H ldapi:/// -D cn=config -w mypasswd
In the machine, i can login anonymous ( using only the hostname, not the ip), in other machines, i CAN'T see the 389 ldap port.

obs. :
Zimbra 6.0.6_64 bits - Centos 5.4
Samba - Ubuntu 9.10 ( tried in Centos 5.4 too ... )
Reply With Quote
  #7 (permalink)  
Old 05-04-2010, 06:47 AM
Active Member
 
Posts: 36
Default

In some way, the service of ldap it's only running to the zimbra machine, not for the network, because i can't see via nmap the port 389 active, but imap, smpt, etc, its ok ...

Any idea of how i can fix this ?

Thanks
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Similar Threads

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com




 

SEO by vBSEO ©2011, Crawlability, Inc.