authenticating zimbra against Active Directory 2003

**khiloc** · 11-15-2011, 08:05 AM

Hello all!!!

What a great software.....
Currently installing OS 7.1

domain: domain.net
server: mail.domain.net
is in DMZ

got AD server running in LAN (subnet different from DMZ and behind a FW)

LAN Active Directory: domain.local

how can i manage to get zimbra authenticating against this AD??

just tried but keep getting this error:

connection refused

javax.naming.CommunicationException: 192.168.0.10:3268 [Root exception is java.net.ConnectException: Connection timed out]
at com.sun.jndi.ldap.Connection.<init>(Connection.jav a:200)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.jav a:118)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClien t.java:1580)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:265 2)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapC txFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Ldap CtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstanc e(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext (LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(N amingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(Init ialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.ja va:223)
at javax.naming.ldap.InitialLdapContext.<init>(Initia lLdapContext.java:134)
at com.zimbra.cs.account.ldap.ZimbraLdapContext.ldapA uthenticate(ZimbraLdapContext.java:622)
at com.zimbra.cs.account.ldap.LdapUtil.ldapAuthentica te(LdapUtil.java:94)
at com.zimbra.cs.account.ldap.Check.checkAuthConfig(C heck.java:177)
at com.zimbra.cs.service.admin.CheckAuthConfig.handle (CheckAuthConfig.java:45)
at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEng ine.java:412)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:287)
at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:158)
at com.zimbra.soap.SoapServlet.doWork(SoapServlet.jav a:294)
at com.zimbra.soap.SoapServlet.doPost(SoapServlet.jav a:215)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:725)
at com.zimbra.cs.servlet.ZimbraServlet.service(Zimbra Servlet.java:208)
at javax.servlet.http.HttpServlet.service(HttpServlet .java:814)
at org.mortbay.jetty.servlet.ServletHolder.handle(Ser vletHolder.java:511)
at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1166)
at com.zimbra.cs.servlet.SetHeaderFilter.doFilter(Set HeaderFilter.java:79)
at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1157)
at org.mortbay.servlet.UserAgentFilter.doFilter(UserA gentFilter.java:81)
at org.mortbay.servlet.GzipFilter.doFilter(GzipFilter .java:132)
at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(Se rvletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle( SecurityHandler.java:218)
at org.mortbay.jetty.servlet.SessionHandler.handle(Se ssionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(Co ntextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebA ppContext.java:422)
at org.mortbay.jetty.handler.ContextHandlerCollection .handle(ContextHandlerCollection.java:230)
at org.mortbay.jetty.handler.HandlerCollection.handle (HandlerCollection.java:114)
at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:152)
at org.mortbay.jetty.handler.rewrite.RewriteHandler.h andle(RewriteHandler.java:230)
at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:152)
at org.mortbay.jetty.handler.DebugHandler.handle(Debu gHandler.java:77)
at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(Htt pConnection.java:583)
at org.mortbay.jetty.HttpConnection$RequestHandler.co ntent(HttpConnection.java:986)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser. java:756)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpPa rser.java:218)
at org.mortbay.jetty.HttpConnection.handle(HttpConnec tion.java:414)
at org.mortbay.io.nio.SelectChannelEndPoint.run(Selec tChannelEndPoint.java:429)
at org.mortbay.thread.BoundedThreadPool$PoolThread.ru n(BoundedThreadPool.java:451)
Caused by: java.net.ConnectException: Connection timed out
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl .java:351)
at java.net.PlainSocketImpl.connectToAddress(PlainSoc ketImpl.java:213)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.j ava:200)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.j ava:366)
at java.net.Socket.connect(Socket.java:529)
at sun.reflect.GeneratedMethodAccessor6.invoke(Unknow n Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.jndi.ldap.Connection.createSocket(Connecti on.java:339)
at com.sun.jndi.ldap.Connection.<init>(Connection.jav a:187)
... 51 more

**phoenix** · 11-15-2011, 08:43 AM

Originally Posted by khiloc

how can i manage to get zimbra authenticating against this AD??

just tried but keep getting this error:

connection refused

I would guess as the AD server is on a different LAN and behind a firewall you have a routing problem or the firewall is blocking access to AD or the AD server isn't accepting connections. Can you telnet to the AD server from your Zimbra server? If not I'd suggest you ask your networking Admin or the Admin of the AD server what the problem is likely to be.

**khiloc** · 11-15-2011, 09:13 AM

yes tried telneting from zimbra in dmz to AD on wich port???
have tried
telnet 192.168.0.10 3268
telnet 192.168.0.10 389

both not working

but i'm the network admin myself and have open everything on the FW

**phoenix** · 11-15-2011, 09:31 AM

Originally Posted by khiloc

yes tried telneting from zimbra in dmz to AD on wich port???

Active Directory is really an LDAP server so the default port it listens on is ..... 389.

Originally Posted by khiloc

but i'm the network admin myself and have open everything on the FW

Are you also the Admin of the AD server? The fact you get a connection refused means that the service is up and running but not accepting connections. Other than that I have no idea of your AD configuration so I can't offer specific advice on the resolution. You could have a look at some of these threads and see if there's a solution: +"active directory" +"lconnection refused" - Yahoo! Search Results

**khiloc** · 11-15-2011, 09:52 AM

ok

tested from the lan and the server is respondin on port 389

so going to check deeper on my FW...

by the way if ldap port is 388 by default, so why in zimbra web admin interface, where we configure ad auth stuff the put in port 3268???

**phoenix** · 11-15-2011, 10:34 AM

Originally Posted by khiloc

by the way if ldap port is 388 by default, so why in zimbra web admin interface, where we configure ad auth stuff the put in port 3268???

Port 3268 is the Global Catalogue.

Zimbra

Thread: authenticating zimbra against Active Directory 2003

LinkBack

Thread Tools

Search Thread

Display

authenticating zimbra against Active Directory 2003

Thread Information

Users Browsing this Thread

Similar Threads

fatal: parameter "smtpd_recipient_restrictions"

Zimbra with Windows 2003 Active Directory Sharepoint HELP

zmperditionctl start asking for password

Big Fubar on 5 FOSS GA Upgrade

Post instsallation problems

Posting Permissions