Results 1 to 5 of 5

Thread: Zimbra, Samba, Unix SSO

  1. #1
    Join Date
    Mar 2006
    Posts
    1
    Rep Power
    9

    Default Zimbra, Samba, Unix SSO

    Hello,
    I am looking very heavily on using zimbra over MS Exchange for a new organization (thats right, I have the rare opportunity of setting up an enterprise... from SCRATCH!).
    I am currently utilizing LDAP and SMBLDAP-TOOLS as a back end to my samba domain. This same LDAP server is also used for UNIX authentication. Thus, my windows and unix accounts are fully SSO (Single Sign On) compliant.
    I would like to maintain SSO compliancy and integrate zimbra as well. After reading through some of the posts on the forums (specifically the one about integrating samba), I sort of have an understanding on how to do this, but have some questions:

    1. Does zimbra only store passwords in plain-text? Can I opt to use crypt or SSHA?
    2. Can I change the zimbra password with external tools?

    I am going to load a fresh box to do testing. I am assuming (from the documentation) that I should load ZIMBRA first and then use ZIMBRA's back-end LDAP database to store SMB and POSIX info. Correct?

    Cheers,
    Dave

  2. #2
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    Well we handle postfix info you'd just need to add your samba info and anything else you need to the LDAP directory. Or you can use your current LDAP directory and just have Zimbra auth against that.
    Looking for new beta users -> Co-Founder of Acompli. Previously worked at Zimbra (and Yahoo! & VMware) since 2005.

  3. #3
    Join Date
    Apr 2007
    Posts
    14
    Rep Power
    8

    Default

    Would like to bump this.

    With Greg's help, I was able to get Zimbra and Samba to integrate, however, am facing the same problem with SSO.

    Right now, the idea is that when users use the CTRL+ALT+DEL function to change their passwords, it currently only changes their Samba password and not the Zimbra one. Of course the solution is to create a script that will be invoked to synchronize the zimbra password.

    I went through the Zimbra LDAP dir but could not find the hashes there. Where does Zimbra store its passwords?

  4. #4
    dijichi2 is offline OpenSource Builder & Moderator
    Join Date
    Oct 2005
    Posts
    1,176
    Rep Power
    12

    Default

    zimbra stores the passwords in ldap, but the attributes are probably hidden from anonymous binds - try binding as the rootdn.

    windows does the password change inband with smb I think, then binds as the mapped user to ldap and depending on your samba settings changes the posix and lanmanager hashes, in other words this is a samba issue not a zimbra issue. possibly.

  5. #5
    Join Date
    Sep 2005
    Location
    Tucson - San Francisco - Moscow
    Posts
    127
    Rep Power
    10

    Talking

    I just figured out the solution for this. It turns out to be easier than I thought. The thing is that zimbra stores passwords in the same attribute as pam_ldap, so if you add this line to smb.conf

    ldap passwd sync = yes

    samba will synchronize the passwords for you
    here's some reading about how this works: http://us1.samba.org/samba/docs/man/...tml#ldappwsync
    Bugzilla - Wiki - Downloads - Before posting... Search!
    P.S.: don't forget to vote on this bug
    add Samba LDAP entries to Exchange Migration Tool

Similar Threads

  1. Replies: 9
    Last Post: 03-01-2008, 07:21 PM
  2. Zimbra shutdowns every n hours.
    By Andrewb in forum Administrators
    Replies: 13
    Last Post: 08-14-2007, 08:55 AM
  3. zmtlsctl give LDAP error
    By sourcehound in forum Administrators
    Replies: 5
    Last Post: 03-11-2007, 03:48 PM
  4. 4.5 Upgrade failure
    By brained in forum Installation
    Replies: 9
    Last Post: 03-03-2007, 02:30 PM
  5. Replies: 16
    Last Post: 09-07-2006, 06:39 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •