Results 1 to 4 of 4

Thread: Zimbra + Samba LDAP auth problems

  1. #1
    fajarpri's Avatar
    fajarpri is offline Loyal Member
    Join Date
    Jul 2007
    Posts
    98
    Rep Power
    7

    Unhappy Zimbra + Samba LDAP auth problems

    Hello all,
    I install zimbra 4.5.6 on Opensuse10.2. Works great!
    Then I also want it as Samba PDC, so I follow Greg's howto, and all seem OK. From zimbra UI, I can add account and posix group.

    But, I notice that when do 'getent passwd' and 'getent group', I cannot see the account and group created from zimbra.

    Seems like the samba server cannot see the LDAP?
    Can anyone please help me to troubleshoot it?

    This is my confs (please let me know if there's more to provide):
    Code:
    smb.conf:
    [global]
    workgroup = vulcan.com
    netbios name = fajar102
    os level = 33
    preferred master = yes
    enable privileges = yes
    server string = %h server (Samba, Opensuse102)
    wins support = yes
    dns proxy = no
    name resolve order = wins bcast hosts
    log file = /var/log/samba/log.%m
    log level = 3 
    max log size = 1000
    syslog only = no
    syslog = 5
    #panic action = /usr/share/samba/panic-action %d
    security = user
    encrypt passwords = true
    ldap passwd sync = yes
    passdb backend = ldapsam:ldap://192.168.1.101
    ldap admin dn ="uid=zimbra,cn=admins,cn=zimbra"
    ldap suffix = dc=vulcan,dc=com
    ldap group suffix = ou=groups
    ldap user suffix = ou=people
    ldap machine suffix = ou=machines
    obey pam restrictions = no
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\sUnix\spassword:* %n\n *Retype\snew\sUnix\spassword:* %n\n *password\supdated\ssuccessfully*
    domain logons = yes
    logon path = \\fajar102.vulcan.com\%U\profile
    logon home = \\fajar102.vulcan.com\%U
    logon script = logon.cmd
    #add user script = /usr/sbin/useradd --quiet --disabled-password --gecos "" %u
    #add machine script = /usr/sbin/useradd --shell /bin/false --disabled-password --quiet "machine account" --force-badname %u
    ######## FOR OPENSUSE ?? ##########
    username map = /etc/samba/smbusers
    add user script = /usr/local/bin/smbldap-useradd -m %u
    delete user script = /usr/local/bin/smbldap-userdel %u
    add group script = /usr/local/bin/smbldap-groupadd -p %g
    delete group script = /usr/local/bin/smbldap-groupdel %g
    add user to group script = /usr/local/bin/smbldap-groupmod -m %g %u
    delete user from group script = /usr/local/bin/smbldap-groupmod -x %g %u
    set primary group script = /usr/local/bin/smbldap-usermod -g %g %u
    add machine script = /usr/local/bin/smbldap-useradd -w %u
    # if you want to add machines to domain automaticaly, add machine script is:
    add machine script = /usr/local/bin/smbldap-useradd -w -i %u
    #################################
    socket options = TCP_NODELAY
    domain master = yes
    local master = yes

    Code:
    pam.d/common-account
    account requisite       pam_unix2.so
    account sufficient      pam_localuser.so
    account required        pam_ldap.so     use_first_pass
    
    pam.d/common-auth
    auth    required        pam_env.so
    auth    sufficient      pam_unix2.so
    auth    required        pam_ldap.so     use_first_pass
    
    pam.d/common-password
    password        requisite       pam_pwcheck.so  nullok cracklib 
    password        sufficient      pam_unix2.so    nullok use_authtok 
    password        required        pam_ldap.so     try_first_pass use_authtok 
    
    pam.d/common-session
    session required        pam_limits.so
    session required        pam_unix2.so
    session optional        pam_ldap.so
    session optional        pam_umask.so
    session required pam_mkhomedir.so skel=/etc/skel umask=0022
    Code:
    nsswitch.conf:
    #ORIGINAL SUSE
    #passwd:        compat
    #group: compat
    
    #FOR ZIMBRA
    passwd: files ldap
    group: files ldap
    
    hosts:  files dns
    networks:       files dns
    
    services:       files ldap
    protocols:      files
    rpc:    files
    ethers: files
    netmasks:       files
    netgroup:       files ldap
    publickey:      files
    
    bootparams:     files
    automount:      files nis
    aliases:        files ldap
    passwd_compat:  ldap
    group_compat:   ldap
    Code:
    /etc/openldap/ldap.conf
    TLS_REQCERT     allow
    host    fajar102.vulcan.com
    base    dc=vulcan,dc=com
    binddn uid=zimbra,cn=admins,cn=zimbra
    bindpw 123456
    rootbinddn uid=zimbra,cn=admins,cn=zimbra
    uri ldap://fajar102.vulcan.com
    bind_policy soft
    Last edited by fajarpri; 07-04-2007 at 07:57 PM.

  2. #2
    fajarpri's Avatar
    fajarpri is offline Loyal Member
    Join Date
    Jul 2007
    Posts
    98
    Rep Power
    7

    Default

    Can someone help, please?
    I'm a bit desperate

  3. #3
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    Don't worry! I'm sure someone who makes use of a samba configuration will help you out. Expecting a reply within one hour is a little much...that's why there's the paid support (it's also a US holiday btw)
    Last edited by mmorse; 07-04-2007 at 10:41 PM.

  4. #4
    fajarpri's Avatar
    fajarpri is offline Loyal Member
    Join Date
    Jul 2007
    Posts
    98
    Rep Power
    7

    Talking

    Thanks for the sympathy mmorse
    After pulling my hair out for several hours, finally I can get getent group and passwd to work.

    Apparently I missed to setup /etc/ldap.conf.
    But, I haven't been able to add my windowsXP to the domain.
    I guess it's another thread.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 9
    Last Post: 03-01-2008, 08:21 PM
  2. zmtlsctl give LDAP error
    By sourcehound in forum Administrators
    Replies: 5
    Last Post: 03-11-2007, 03:48 PM
  3. zimbra-core missing
    By kinaole in forum Developers
    Replies: 1
    Last Post: 10-02-2006, 11:59 AM
  4. Services stopped working
    By lilwong in forum Administrators
    Replies: 4
    Last Post: 08-15-2006, 09:19 AM
  5. port 7071 not listening OS X install
    By leeimber in forum Installation
    Replies: 7
    Last Post: 03-21-2006, 10:47 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •