Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page [SOLVED] Zimbra 6, authentication mode

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 11-17-2010, 01:47 AM
Active Member
  
Posts: 46
Default [SOLVED] Zimbra 6, authentication mode
Can you in Zimbra 6 set authentication mode per user basis not just for whole domain ?

What I want is that I can set external AD authentication mode for some users and internal authentication mode for others.

Best regards, Primoz.
Reply With Quote
  #2 (permalink)  
Old 11-17-2010, 06:06 AM
Advanced Member
  
Posts: 236
Default
You can't have the authentication set up in a per-user basis, BUT you can set up external authentication and have it fallback to local if the first one fails... this way users not authenticated in MSAD would try with ZCS' internal LDAP.

Be careful, though, don't set up an easy password for your MSAD users. If their AD password fails they could use this other one to get into Zimbra.

Also, you could set up different COS for these two types of users just so your MSAD users won't be able to change the Zimbra password. Covers up that little security issue nicely.

anyway, the command you'll need for this is:

zmprov modifyDomain [yourdomain] zimbraAuthFallBackToLocal TRUE
Reply With Quote
  #3 (permalink)  
Old 12-03-2010, 07:24 AM
Active Member
  
Posts: 46
Default
Quote:
Be careful, though, don't set up an easy password for your MSAD users. If their AD password fails they could use this other one to get into Zimbra.

Also, you could set up different COS for these two types of users just so your MSAD users won't be able to change the Zimbra password. Covers up that little security issue nicely.
Can you please explan this a little bit more, with some example if possible ?

Thank you very much.
Reply With Quote
  #4 (permalink)  
Old 12-07-2010, 01:56 AM
Advanced Member
  
Posts: 236
Default
Ok. Let's say that when you created all your users' accounts in Zimbra you gave them a dummy password "zimbra" (how original ) knowing/thinking that they will never use it since all your authentication would be done through MSAD.

But now you've set up your domain's authentication to fall back to local (i.e your ZCS' internal directory). Any user that inputs "zimbra" as the password will fail when authenticating against MSAD but, with the fallback, will be granted access into ZCS (or rather ZWC).

Add onto that the hability to change the ZCS password and they can set it to whatever they wish and keep a "backdoor" open into their account. Possibly even if their MSAD account is disabled.

So, my advice, have a COS for users who authenticate against MSAD not allowing them to change the password, and keep the ZCS password rather complex. And another COS for users who authenticate internally (fallback) if you want/need/allow them to change their ZCS password.
Reply With Quote
  #5 (permalink)  
Old 12-08-2010, 04:11 AM
Active Member
  
Posts: 46
Default
Thank you very much.
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.