Page 5 of 11 FirstFirst ... 34567 ... LastLast
Results 41 to 50 of 103

Thread: Zimbra Integration With Samba - Ubuntu Based

  1. #41
    Join Date
    May 2008
    Location
    Melbourne, Australia
    Posts
    96
    Rep Power
    7

    Default

    The ldap on machine one is the zimbra ldap, not another instance of ldap.
    The idea is that zimbra and domain authentication will work with only machine 1 running. Machine 2 is a fileserver that will depend on machine 1 being present for authentication, but machine 1 is not dependant on machine 2 at all.

    Now that I have throughly confused you, here's my smb from machine 1 (the pdc)
    Code:
    [global]
      workgroup = MEDALIST
      netbios name = mail
      os level = 34
      preferred master = yes
      enable privileges = yes
      server string = %h server (Samba, Ubuntu)
      wins support =yes 
      dns proxy = no
      name resolve order = wins bcast hosts
      log file = /var/log/samba/log.%m
      log level = 3
      max log size = 1000
      syslog only = no
      syslog = 0
      panic action = /usr/share/samba/panic-action %d
      security = user
      encrypt passwords = true
      ldap passwd sync = yes
      passdb backend = ldapsam:ldap://mail.medalist.com.au/
      ldap admin dn = "cn=config"
      ldap suffix = dc=medalist,dc=com,dc=au
      ldap group suffix = ou=groups
      ldap user suffix = ou=people
      ldap machine suffix = ou=machines
      obey pam restrictions = no
      passwd program = /usr/bin/passwd %u
      passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
      domain logons = yes
      logon path = \\mail.medalist.com.au\%U\profile
      logon home = \\mail.medalist.com.au\%U
      logon drive = K:
      logon script = logon.cmd
      add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
      add machine script = /usr/sbin/adduser --shell /bin/false --disabled-password --quiet --gecos "machine account" --force-badname %u
      socket options = TCP_NODELAY
      domain master = yes
      local master = yes
    and using it as a base, the modified smb.conf for machine 2:
    Code:
    [global]
      workgroup = MEDALIST
      netbios name = server1
      os level = 33
      preferred master = yes
      enable privileges = yes
      server string = %h server (Samba, Ubuntu)
      wins support =no 
      dns proxy = no
      name resolve order = wins bcast hosts
      log file = /var/log/samba/log.%m
      log level = 3
      max log size = 1000
      syslog only = no
      syslog = 0
      panic action = /usr/share/samba/panic-action %d
      security = user
      encrypt passwords = true
      ldap passwd sync = yes
      passdb backend = ldapsam:ldap://mail.medalist.com.au/
      ldap admin dn = "cn=config"
      ldap suffix = dc=medalist,dc=com,dc=au
      ldap group suffix = ou=groups
      ldap user suffix = ou=people
      ldap machine suffix = ou=machines
      obey pam restrictions = no
      domain logons = yes
      logon path = \\mail.medalist.com.au\%U\profile
      logon home = \\mail.medalist.com.au\%U
      logon drive = K:
      logon script = logon.cmd
      socket options = TCP_NODELAY
      domain master = no
      local master = yes
    What I changed was to remove the passwd lines, the add user and machine lines, change the domain master to no and wins support to no.

    I'm not sure if it should be the local master or wether is should be the preferred master.

    Something is still wrong because I can't even connect to machine 2 from windows even if I use the ip address
    Mark Hawkins

    Medalist

  2. #42
    Join Date
    Jul 2008
    Location
    openhagen
    Posts
    81
    Rep Power
    7

    Default

    Quote Originally Posted by gtr33m View Post
    The ldap on machine one is the zimbra ldap, not another instance of ldap.
    The idea is that zimbra and domain authentication will work with only machine 1 running. Machine 2 is a fileserver that will depend on machine 1 being present for authentication, but machine 1 is not dependant on machine 2 at all.

    Now that I have throughly confused you, here's my smb from machine 1 (the pdc)
    Code:
    [global]
      workgroup = MEDALIST
      netbios name = mail
      os level = 34
      preferred master = yes
      enable privileges = yes
      server string = %h server (Samba, Ubuntu)
      wins support =yes 
      dns proxy = no
      name resolve order = wins bcast hosts
      log file = /var/log/samba/log.%m
      log level = 3
      max log size = 1000
      syslog only = no
      syslog = 0
      panic action = /usr/share/samba/panic-action %d
      security = user
      encrypt passwords = true
      ldap passwd sync = yes
      passdb backend = ldapsam:ldap://mail.medalist.com.au/
      ldap admin dn = "cn=config"
      ldap suffix = dc=medalist,dc=com,dc=au
      ldap group suffix = ou=groups
      ldap user suffix = ou=people
      ldap machine suffix = ou=machines
      obey pam restrictions = no
      passwd program = /usr/bin/passwd %u
      passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
      domain logons = yes
      logon path = \\mail.medalist.com.au\%U\profile
      logon home = \\mail.medalist.com.au\%U
      logon drive = K:
      logon script = logon.cmd
      add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
      add machine script = /usr/sbin/adduser --shell /bin/false --disabled-password --quiet --gecos "machine account" --force-badname %u
      socket options = TCP_NODELAY
      domain master = yes
      local master = yes
    and using it as a base, the modified smb.conf for machine 2:
    Code:
    [global]
      workgroup = MEDALIST
      netbios name = server1
      os level = 33
      preferred master = yes
      enable privileges = yes
      server string = %h server (Samba, Ubuntu)
      wins support =no 
      dns proxy = no
      name resolve order = wins bcast hosts
      log file = /var/log/samba/log.%m
      log level = 3
      max log size = 1000
      syslog only = no
      syslog = 0
      panic action = /usr/share/samba/panic-action %d
      security = user
      encrypt passwords = true
      ldap passwd sync = yes
      passdb backend = ldapsam:ldap://mail.medalist.com.au/
      ldap admin dn = "cn=config"
      ldap suffix = dc=medalist,dc=com,dc=au
      ldap group suffix = ou=groups
      ldap user suffix = ou=people
      ldap machine suffix = ou=machines
      obey pam restrictions = no
      domain logons = yes
      logon path = \\mail.medalist.com.au\%U\profile
      logon home = \\mail.medalist.com.au\%U
      logon drive = K:
      logon script = logon.cmd
      socket options = TCP_NODELAY
      domain master = no
      local master = yes
    What I changed was to remove the passwd lines, the add user and machine lines, change the domain master to no and wins support to no.

    I'm not sure if it should be the local master or wether is should be the preferred master.

    Something is still wrong because I can't even connect to machine 2 from windows even if I use the ip address
    Did you setup libpam-ldap on the second machine? The problem might be that the samba on the second machine doesn't have the password setup for the LDAP connection.

    That is done with :
    smbpasswd -w theRealPassword
    Btw. I was wrong about the /etc/ldap/ thing. The files you need to copy is /etc/ldap.conf and /etc/ldap.secret to copy the LDAP settings from one machine to another.
    Last edited by lithorus; 04-21-2009 at 01:02 AM.

  3. #43
    Join Date
    May 2008
    Location
    Melbourne, Australia
    Posts
    96
    Rep Power
    7

    Default

    No I haven't explicitely setup libpam-ldap. Am I to understand that I should follow Greg's howto guide on machine 2, omitting the steps related to zimbra (part 2) and then use the smb.conf for machine 2 as above?
    Mark Hawkins

    Medalist

  4. #44
    Join Date
    Jul 2008
    Location
    openhagen
    Posts
    81
    Rep Power
    7

    Default

    Basically yes. For the system to assign a specific LDAP user as owner of a file it uses libnss-ldap (which is installed by libpam-ldap). libnss-ldap uses the files /etc/ldap.conf and /etc/ldap.secret to connect to the LDAP server and look up the user. You can test the connection and if it sees the users with "getent passwd".

    In theory you could live without the libnss-ldap thing, but then system doesn't have any control over who owns what.

    Here are the steps we do for our secondary servers :

    install :
    libnss-ldap
    libpam-ldap
    (just ignore the config steps here since you copy the files over anyway later)

    edit /etc/nsswitch.conf :
    passwd: compat ldap
    group: compat ldap
    shadow: compat ldap
    copy :
    scp root@machine1:/etc/ldap.* /etc/
    scp root@machine1:/etc/samba/smb.conf /etc/samba/
    (in your case you don't need to copy the smb.conf)

    change ldap password:
    smbpasswd -w realPassword

  5. #45
    Join Date
    Aug 2008
    Location
    New York, NY
    Posts
    11
    Rep Power
    7

    Default Un

    Hi folks, while going through the setup steps, I ran into an extra step not listed on that tutorial...specifically at the end of step 8 (configuring the newly installed libpam-ldap):
    Code:
    Configuring ldap-auth-config
     Please enter the name of the account that will be used to log in to the LDAP database.
    Warning: DO NOT use privileged accounts for logging in, the configuration file has to be world readable.
    
    Unprivileged database user:
    cn=proxyuser,dc=example,dc=net
    Is there a non-privileged ldap account setup in zimbra? Do I need to create one?

    After that it additionally asks:
    Code:
    Please enter the password that will be used to log in to the LDAP database. 
    Password for database login account:
    Should I use the my root LDAP password?

    Running
    zcs-NETWORK-5.0.15_GA_2851.UBUNTU8_64.20090310194234
    Ubuntu 8.04LTS (both on Samba and Zimbra servers)

  6. #46
    Join Date
    Jul 2008
    Location
    openhagen
    Posts
    81
    Rep Power
    7

    Default

    Quote Originally Posted by notpeter View Post
    Hi folks, while going through the setup steps, I ran into an extra step not listed on that tutorial...specifically at the end of step 8 (configuring the newly installed libpam-ldap):
    Code:
    Configuring ldap-auth-config
     Please enter the name of the account that will be used to log in to the LDAP database.
    Warning: DO NOT use privileged accounts for logging in, the configuration file has to be world readable.
    
    Unprivileged database user:
    cn=proxyuser,dc=example,dc=net
    Is there a non-privileged ldap account setup in zimbra? Do I need to create one?

    After that it additionally asks:
    Code:
    Please enter the password that will be used to log in to the LDAP database. 
    Password for database login account:
    Should I use the my root LDAP password?

    Running
    zcs-NETWORK-5.0.15_GA_2851.UBUNTU8_64.20090310194234
    Ubuntu 8.04LTS (both on Samba and Zimbra servers)
    The ldap-auth-config step is the same as configuring the libpam-ldap and you should just proceed like you are setting up libpam-ldap. It's because the guide is for 6.06.

  7. #47
    Join Date
    May 2008
    Location
    Melbourne, Australia
    Posts
    96
    Rep Power
    7

    Default

    I'm by no means an expert but I set up up ldap-auth-config using the settings of both libpam-ldap and libnss-ldap. The only difference is that there is a step regarding the storage of passwords for which I chose 'clear'. Probably less secure, but seemed the most likely to compatible.

    If you get it wrong, just dpkg-reconfigure ldap-auth-config and start over.
    Mark Hawkins

    Medalist

  8. #48
    Join Date
    Apr 2009
    Location
    Piracicaba - São Paulo - Brasil
    Posts
    3
    Rep Power
    6

    Default

    Quote Originally Posted by rnajmabadi View Post
    Hi evrebody,

    First of all thanks for the great howto.

    I just installed zcs-5.0.9 on Ubuntu 8.04 with posix and samba integration in a lab using your guide with small adaptations. I have however a problem with admin extensions in the GUI. When I want to add a Posix Group I do not see the "Samba Group" tab. I imagine that this tab allows to link a Posix group with a Samba domain.
    Any hint as why this tab may not be visible and what exactly it performs would be appreciated.

    Thanks,

    Ramin
    To anyone having this issue, try using Firefox instead. I spent half a day cooking up my brain with this problem only to notice that IE7 doesn't work properly with zimbra_samba extension. When using Firefox, I can see the "Samba Group" tab, with IE7 I can't.
    You may not enjoy living together, but dying together isn't gonna solve anything, anyway.

  9. #49
    Join Date
    Oct 2008
    Posts
    3
    Rep Power
    7

    Default

    Has anyone had any success with integrating two zimbra domains for auth through samba? I administrate two companies, domain1.com, and domain2.com, and I'd like to setup a samba server that has shares that can be accessed by users from both domains.

  10. #50
    Join Date
    Jul 2009
    Posts
    15
    Rep Power
    6

    Default

    Quote Originally Posted by devnul View Post
    Has anyone had any success with integrating two zimbra domains for auth through samba? I administrate two companies, domain1.com, and domain2.com, and I'd like to setup a samba server that has shares that can be accessed by users from both domains.
    Hello devnul,

    I believe this should work OK. Since Zimbra is multi-domain aware, I see no problems about having two Samba domains also. The secret will be to set up the LDAP base dn's correctly when acting over one or another domain.

    When I was migrating from one "standard" Samba to this solution, I had two domains in parallel and I believe they're working ok alltogether.

    Regards, Celso.

Similar Threads

  1. /tmp filling
    By Nutz in forum Administrators
    Replies: 8
    Last Post: 02-22-2008, 02:00 AM
  2. Major Issue - 5.0RC2 NE to 5.0GA NE failed
    By DougWare in forum Installation
    Replies: 7
    Last Post: 01-06-2008, 09:56 PM
  3. Replies: 22
    Last Post: 12-02-2007, 05:05 PM
  4. Zimbra shutdowns every n hours.
    By Andrewb in forum Administrators
    Replies: 13
    Last Post: 08-14-2007, 09:55 AM
  5. port 7071 not listening OS X install
    By leeimber in forum Installation
    Replies: 7
    Last Post: 03-21-2006, 10:47 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •