Zimbra

alapierre · #1 (**permalink**) 02-16-2010, 02:16 PM

I've gone through Greg's HOW-TO on getting Samba to authenticate with Zimbra LDAP, and have hit a wall. I've exhausted my searches and don't know how to troubleshoot this any further.

I have it to the point where I can create new users and when I issue the "smbclient -U newuser //samba.domain.com/newuser" it asks for the password and connects fine. However, I can't get it to authenticate with pre-existing users. I've modified the schema for the existing user, verified that they are being added in the Samba server with "getent passwd" but I can't login with that user. It just says "NT_STATUS_LOGON_FAILURE"

Also, I can't login via the console with either a newly created user or a pre-existing user. Should I be able to do this? It doesn't seem to make sense why I would be able to authenticate a new user, but not an old one when it should be looking at the same LDAP server. Where can I look to see what I am missing? Thanks for your help!

edit:

Also, I just noticed that the sambaNTPassword field under the Samba Account tab is blank for the pre-existing user, but it is not blank for the newly created users.

phoenix · #2 (**permalink**) 02-17-2010, 04:54 AM

Try some of the following links: site:zimbra.com "NT_STATUS_LOGON_FAILURE" - Yahoo! Search Results

alapierre · #3 (**permalink**) 02-17-2010, 06:30 AM

I had already Googled this to death, but I did find one new thread via that Yahoo search. Thanks for that.

What it sounds like is for any user that existed, I need to reset their passwords using smbpasswd -a user? I was hoping to avoid having to do that by setting this up...does it mention anything about that in the How-to? I didn't see it anywhere. I'd rather not have to go around to 500+ users and say "I need your password" In my mind, I thought this would make Samba simply authenticate with LDAP...where the password is already stored. Am I understanding something wrong? Is there something else I can do? Thanks for your help

ArcaneMagus · #4 (**permalink**) 02-17-2010, 01:21 PM

The samba password is actually separate from the POSIX/"LDAP"/Zimbra password. The admin extensions make it so that when you change the password in the admin interface it updates the Samba password. It looks like if a user changes their password you still need zimbraSambaPassword Extension to have it automatically change the samba password as well.

The problem is that Samba uses the "sambaNTPassword" LDAP attribute to store it's password while everything else uses "userPassword", unfortunately samba doesn't support the hash methods used for everything else or you could just map the attributes together.

alapierre · #5 (**permalink**) 02-18-2010, 05:50 AM

Bummer. Samba needs to get their act together then and support SHA! :-) Guess I will have to do this the hard way. Thanks for the info

ArcaneMagus · #6 (**permalink**) 02-18-2010, 11:30 AM

Well I'm sure Samba itself could easily support it, I was referring more to the SMB/CIFS protocol in that statement

If you were bored, here is the authentication method/hash used in SMB: NTLM - Wikipedia, the free encyclopedia

Zimbra

Downloads

Product Information

Toolbox

Why Join?