Results 1 to 9 of 9

Thread: samba?

  1. #1
    dijichi2 is offline OpenSource Builder & Moderator
    Join Date
    Oct 2005
    Posts
    1,176
    Rep Power
    11

    Default samba?

    has anyone got samba running with samba, either on the same box or on another box on the same network?

    i guess there's several options:

    1) bodge samba into zimbra ldap server

    2) bodge another ldap server on the same machine that samba is running on, and use that ldap server to authenticate zimbra to

    3) use another server on the network, auth zimbra against it.

    has anyone got a method that actually works well?

  2. #2
    marcmac is offline Expert Member
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    13

    Default samba and zimbra

    These should co-exist fine.

    Are you trying to use zimbra to authenticate your samba accounts?

  3. #3
    dijichi2 is offline OpenSource Builder & Moderator
    Join Date
    Oct 2005
    Posts
    1,176
    Rep Power
    11

    Default

    preferably, yes. this is for a small company i've bought the network edition for. preferably running zimbra and samba on a single server, preferably running off a single ldap store but i dont mind running another ldap server if i have to.

  4. #4
    marcmac is offline Expert Member
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    13

    Default samba and zimbra

    We run samba (and zimbra ) in house, but we're using AD as an authentication point for both.

    I don't know enough about samba auth to know how to configure it - but if it can authenticate against LDAP, this should certainly work.

    What information do you need to set this up? Our schema is pretty standard, wrt user name and password attributes.

  5. #5
    dijichi2 is offline OpenSource Builder & Moderator
    Join Date
    Oct 2005
    Posts
    1,176
    Rep Power
    11

    Default

    AD? u guys running exchange too? bad boys!!

    samba has its own schema which runs alongside posixAccount. significantly there is also the nt password hash which needs to be changed simultaneously with userpassword each time. there's also the computer accounts etc. but i think the biggest problem with the zimbra ldap is that its unknown (by me, not by you!) whether if we add in our own attributes whether they'll be overwritten by the zimbra admin. i presume so, so until zimbra allows samba or arbitrary fields in the account admin, we'll have to run a seperate directory. trouble with this is that zimbra ldap still uses the standard port (thanks for moving mysql, btw!), so running another ldap server is a bit of a task. not impossible by any means, just a pita, and seems a little silly to run two seperate directories on the same machine for essentially the same set of information.

  6. #6
    marcmac is offline Expert Member
    Join Date
    Sep 2005
    Posts
    2,103
    Rep Power
    13

    Default why we run AD

    Quote Originally Posted by dijichi2
    AD? u guys running exchange too? bad boys!!
    No, no. We sell enterprise software, in a world that is dominated by exchange (for the time being ).

    We are absolutely committed to "eating our own dogfood" - and this means, we need to be able to run in what we think will be a common deployment scenario for our customers.

    Quote Originally Posted by dijichi2
    samba has its own schema which runs alongside posixAccount. significantly there is also the nt password hash which needs to be changed simultaneously with userpassword each time. there's also the computer accounts etc. but i think the biggest problem with the zimbra ldap is that its unknown (by me, not by you!) whether if we add in our own attributes whether they'll be overwritten by the zimbra admin. i presume so, so until zimbra allows samba or arbitrary fields in the account admin, we'll have to run a seperate directory. trouble with this is that zimbra ldap still uses the standard port (thanks for moving mysql, btw!), so running another ldap server is a bit of a task. not impossible by any means, just a pita, and seems a little silly to run two seperate directories on the same machine for essentially the same set of information.
    /opt/zimbra/openldap/etc/openldap/schema/zimbra.schema

    We won't overwrite your attributes if we don't know about them - so there's no reason you couldn't add another schema file, include it in slapd.conf, and modify those attributes yourself.

    You don't get full integration, but it's a step in the right direction.

  7. #7
    dijichi2 is offline OpenSource Builder & Moderator
    Join Date
    Oct 2005
    Posts
    1,176
    Rep Power
    11

    Default

    /opt/zimbra/openldap/etc/openldap/schema/zimbra.schema

    We won't overwrite your attributes if we don't know about them - so there's no reason you couldn't add another schema file, include it in slapd.conf, and modify those attributes yourself.

    You don't get full integration, but it's a step in the right direction.
    super, thats great news. i'll give both ways a try and report the results.

    thanks

  8. #8
    dijichi2 is offline OpenSource Builder & Moderator
    Join Date
    Oct 2005
    Posts
    1,176
    Rep Power
    11

    Default

    right. its very difficult, i would say strongly recommended *NOT* to install the redhat openldap+sasl2 packages in conjunction with zimbra. the sasl libs from redhat take priority over the zimbra libs because they're higher up the ld.so order and so screw things up. if you get round this, by bodge removing redhat sasl2 and forcing openldap in anyway, you end up with version mismatches between openldap versions - /usr/bin/ldap* and slap* binaries match up with zimbra ldap libs and things go horribly wrong. not recommended.

    what i've ended up doing is installing fedora directory server 1.0.1 on port 390 and authing zimbra against that. i imported my openldap DIT from SLES9 (suse enterprise linux 9) into fedora-ds, reset my SID and samba works flawlessly with all my old computer and user accounts. then configure zimbra to do external auth against localhost:390. perfecto

    still, it would be lovely if the zimbra ldap could stay out of the way, like the zimbra mysql. a different port would be a great start, and if there's someway of solving the library clashes it would make things sooooo much easier for us sysadmins who want to use the box for anything else. in solaris when you're compiling you can use -R linker options to give runtime hints of where the libraries are, is there an equivalent in linux? -rpath or similar?

  9. #9
    Shadow's Avatar
    Shadow is offline Junior Member
    Join Date
    Nov 2005
    Location
    Maringá, Paraná, Brasil
    Posts
    8
    Rep Power
    9

    Default and what about password change?

    Quote Originally Posted by dijichi2
    what i've ended up doing is installing fedora directory server 1.0.1 on port 390 and authing zimbra against that. i imported my openldap DIT from SLES9 (suse enterprise linux 9) into fedora-ds, reset my SID and samba works flawlessly with all my old computer and user accounts. then configure zimbra to do external auth against localhost:390. perfecto
    Hi,
    your environment is almost what I'm migrating into...

    had you tested changing passwords in Zimbra? did it work on the samba shares?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Zimbra Samba PDC with a Trust Relationship to AD
    By kurt.oconnor in forum Administrators
    Replies: 7
    Last Post: 07-30-2007, 09:43 AM
  2. Tight samba integration with zimbra
    By daniellawson in forum Administrators
    Replies: 21
    Last Post: 06-14-2007, 04:06 PM
  3. Samba + Zimbra to Zimbra's Samba migration
    By Klug in forum Migration
    Replies: 2
    Last Post: 04-30-2007, 04:01 AM
  4. Samba + zimbra
    By enephal in forum Administrators
    Replies: 10
    Last Post: 12-19-2006, 08:34 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •