Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: Help to make a Zimbra + Samba Tutorial for Ubuntu 8.04.3 Server and Zimbra 6.0.1

  1. #1
    Join Date
    Jul 2009
    Posts
    24
    Rep Power
    6

    Cool Help to make a Zimbra + Samba Tutorial for Ubuntu 8.04.3 Server and Zimbra 6.0.1

    Hi everbody!

    I would like (with your help) to build a tutorial for a Zimbra + Samba solution around a Ubuntu 8.04.3 Server.

    Where we can get some form of automation, better. The goal is to get agility on deployment and reduce the chance of errors.

    So, this is the basic scenario:

    - domain will be example.com (so anybody can do a simple search/replace for your own domain)

    - there will be two servers, one for Zimbra (zimbra.example.com) and another for Samba (samba.example.com)

    - updated installations of Ubuntu 8.04.3 Server with only SSH enabled in the installation

    Let´s start from the assumption that Zimbra 6.0.1 is installed on zimbra.example.com and fully operational; samba.example.com is a fresh instal of Ubuntu 8.04.3 Server with just SSH enabled on it.

    (01) logged on samba.example.com as user execute the following commands:

    Code:
    user@samba:~$ sudo apt-get --yes install samba-doc
    user@samba:~$ sudo gunzip /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz
    user@samba:~$ sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema .
    (02) logged on zimbra.example.com as user execute the following commands:

    Code:
    user@samba:~$ sudo bash
    root@zimbra:~# su - zimbra
    (03) now as zimbra on zimbra.example.com create the file /tmp/samba-zimbra-01.sh with the following content:

    Code:
    #!/bin/bash
    
    clear
    
    ldap stop
    cp /opt/zimbra/openldap/etc/openldap/schema/nis.ldif /opt/zimbra/data/ldap/config/cn\=config/cn\=schema/cn\=\{10\}nis.ldif
    cd /opt/zimbra/data/ldap/config/cn\=config/cn=\schema
    
    sed -i 's/dn: cn=nis,cn=schema,cn=config/dn: cn={10}nis/' cn\=\{10\}nis.ldif
    sed -i 's/cn: nis/cn: {10}nis/' cn\=\{10\}nis.ldif
    
    chmod 600 cn\=\{10\}nis.ldif
    ldap start
    
    mkdir -p /tmp/ldap/schema
    cd /tmp/ldap
    scp user@samba.example.com:/home/user/samba.schema /tmp/ldap/schema
    
    tee test.conf > /dev/null <<- 'EOF'
    	include /opt/zimbra/openldap/etc/openldap/schema/core.schema
    	include /opt/zimbra/openldap/etc/openldap/schema/cosine.schema
    	include /opt/zimbra/openldap/etc/openldap/schema/inetorgperson.schema
    	include /tmp/ldap/schema/samba.schema
    EOF
    
    /opt/zimbra/openldap/sbin/slaptest -f /tmp/ldap/test.conf -F /tmp/ldap
    
    cd cn\=config/cn\=schema
    mv cn\=\{3\}samba.ldif cn\=\{11\}samba.ldif
    
    sed -i 's/dn: cn={3}samba/dn: cn={11}samba/' cn\=\{11\}samba.ldif
    sed -i 's/cn: {3}samba/cn: {11}samba/' cn\=\{11\}samba.ldif
    
    ldap stop
    cp /tmp/ldap/cn\=config/cn\=schema/cn\=\{11\}samba.ldif /opt/zimbra/data/ldap/config/cn\=config/cn\=schema/
    ldap start
    
    tee /tmp/indexes.ldif > /dev/null <<- 'EOF'
    	dn: olcDatabase={2}hdb,cn=config
    	changetype:modify
    	add: olcDbIndex
    	olcDbIndex: uidNumber eq
    	olcDbIndex: gidNumber eq
    	olcDbIndex: memberUid eq
    	olcDbIndex: sambaSID eq
    	olcDbIndex: sambaPrimaryGroupSID eq
    	olcDbIndex: sambaDomainName eq
    EOF
    
    ldapmodify -f /tmp/indexes.ldif -x -H ldapi:/// -D cn=config -W
    
    echo
    echo Restart Zimbra and proceed to samba-zimbra-02.sh
    echo
    (04) make /tmp/samba-zimbra-01.sh executable and run it

    Code:
    zimbra@zimbra:/tmp$ chmod 755 samba-zimbra-01.sh
    zimbra@zimbra:/tmp$ ./samba-zimbra-01.sh
    (05) reboot zimbra.example.com and again as zimbra create the file /tmp/samba-zimbra-02.sh with the following content:

    Code:
    #!/bin/bash
    
    clear
    
    tee /tmp/posixusers.ldif > /dev/null <<- 'EOF'
    	dn: uid=zmposix,cn=appaccts,cn=zimbra
    	uid: zmposix
    	objectClass: zimbraAccount
    	objectClass: organizationalPerson
    	cn: zmposix
    	sn: zmposix
    	zimbraAccountStatus: active
    	zimbraIsSystemResource: TRUE
    	zimbraId: 59BC2282-98CC-11DE-9492-C023E3CEB16B
    	description: The zimbra posix account
    	userPassword: {SSHA}Vl9fH19ygnIegidjbL2T9uc91BbvDMWW
    
    	dn: uid=zmposixroot,cn=appaccts,cn=zimbra
    	uid: zmposixroot
    	objectClass: zimbraAccount
    	objectClass: organizationalPerson
    	cn: zmposixroot
    	sn: zmposixroot
    	zimbraAccountStatus: active
    	zimbraIsSystemResource: TRUE
    	zimbraId: 6ED47B38-98CC-11DE-AAC1-9F159BA35B33
    	description: The zimbra posix root account
    	userPassword: {SSHA}oeFtJS7eadaY/M3Jn05vK0lUnbDpSlln
    EOF
    
    ldapadd -f /tmp/posixusers.ldif -x -H ldapi:/// -D cn=config -W
    
    cat > /tmp/acl.ldif <<- 'EOF'
    	dn: olcDatabase={2}hdb,cn=config
    	changetype:modify
    	delete: olcAccess
    	olcAccess: {9}to attrs=entry  by dn.children="cn=admins,cn=zimbra" write  by * read
    	-
    	add: olcAccess
    	olcAccess: {9}to attrs=entry  by dn.children="cn=admins,cn=zimbra" write  by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write  by * read
    
    	dn: olcDatabase={2}hdb,cn=config
    	changetype:modify
    	add: olcAccess
    	olcAccess: {10}to dn.subtree="dc=example,dc=com"  by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write  by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read  by * none
    	olcAccess: {11}to dn.subtree="ou=machines,dc=example,dc=com"  by dn.children="cn=admins,cn=zimbra" write  by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write  by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read  by * none
    	olcAccess: {12}to dn.subtree="ou=groups,dc=example,dc=com"  by dn.children="cn=admins,cn=zimbra" write  by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write  by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read  by * none
    	olcAccess: {13}to dn.subtree="ou=people,dc=example,dc=com"  by dn.children="cn=admins,cn=zimbra" write  by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write  by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read  by * none
    EOF
    
    ldapmodify -f /tmp/acl.ldif -x -H ldapi:/// -D cn=config -W
    
    zmprov mcf +zimbraAccountExtraObjectClass posixAccount
    zmprov mcf +zimbraAccountExtraObjectClass sambaSamAccount
    
    echo
    echo Restart Zimbra and proceed to Part 2
    echo
    The passwords above, for zmposix and zmposixroot were generated with the command /opt/zimbra/openldap/sbin/slappasswd -s password

    For tests purposes I used zmposix and zmposixroot as respectives passwords for each user.

    Up to this point, after reboot zimbra.example.com again, we have a Zimbra 6.0.1 installation that has nis and samba schemes inside and is ready to receive zimbra_posixaccount and zimbra_samba extensions.

    (06) Get the files /opt/zimbra/zimlets-admin-extra/zimbra_posixaccount.zip and /opt/zimbra/zimlets-admin-extra/zimbra_samba.zip from zimbra.example.com to some computer with Firefox installed; in this computer extract the zip files and edit each config_template.xml inside; you must change ldapSuffix to dc=example,dc=com and gidBase, uidBase to 10000; in zimbra_samba.zip ridBase stays at 1000 (don&#180;t know for sure if this value is right); when modifications are done, zip the files again (just the files, without the directory); login to https://zimbra.example.com:7071/zimbraAdmin and go to Admin Extensions; deploy zimbra_posixaccount extension and then deploy zimbra_samba admin extension; reload Zimbra Admin to initialize the extensions.

    Attention! I lost several hours, redoing the same steps, because Internet Explorer 8 doesn&#180;t show the extensions; this is the reason I indicated to use Firefox...

    Now I will proceed to the samba installation on samba.example.com...

    I get several errors late when configuring Samba...

    As soon as I got it working I will post here.

    Any contributions are welcome!
    Last edited by peracchi; 09-24-2009 at 05:28 AM.

  2. #2
    Join Date
    Feb 2007
    Location
    Portland, OR
    Posts
    1,147
    Rep Power
    10

  3. #3
    Join Date
    Jul 2009
    Posts
    24
    Rep Power
    6

    Talking

    Hi ArcaneMagus!

    Yes, I tried more than one time and could not get my lab envinronment up.

    I just detected a simple detail (that makes all diference).

    Donīt get me wrong, itīs a great work that has been done.

    But instead of make little corrections here and there I would like (with help of community) to make a fresh new tutorial, automated where possible, to help any newbie like me to get a Zimbra + Samba envinronment up as quick as possible with minor adjustments. And focused on Ubuntu 8.04.3 LTS Server.

    Sorry for my poor english, can I get myself clear?

  4. #4
    Join Date
    Jul 2009
    Posts
    24
    Rep Power
    6

    Exclamation Zimbra Integration with Samba in Ubuntu 8.04.3 LTS Server

    Hi everbody!

    Almost there...

    In the step:

    Next, log in to Zimbra Admin UI, click on Aliases and remove root@.gregzimbra1.zimbra.com alias. Then run

    Code:
    smbpasswd -a root
    of the tutorials I am following I get the error:

    Code:
    New SMB password:
    Retype new SMB password:
    ldapsam_modify_entry: LDAP Password could not be changed for user root: Insufficient access
    	unknown
    ldapsam_add_sam_account: failed to modify/add user with uid = root (dn = uid=root,ou=people,dc=example,dc=com)
    Failed to add entry for user root.
    Failed to modify password entry for user root
    The base tutorials are:



    I reorganized my tutorial, trying to automate and get speed where possible.


    Zimbra 6.0.1 Integration with Samba in Ubuntu 8.04.3 LTS Server
    ============================================


    (01) install the Ubuntu 8.04.3 LTS Server for Zimbra - zimbra.example.com


    (02) install Zimbra 6.0.1


    (03) at zimbra.example.com, as the zimbra user, create and execute the script /tmp/samba-zimbra.sh (content bellow); reboot the server

    observation: get samba.schema before execute /tmp/samba-zimbra.sh executing as root the following comands

    Code:
    apt-get --yes install samba-doc
    gunzip /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz
    /tmp/samba-zimbra.sh

    Code:
    #!/bin/bash
    
    clear
    
    # get Zimbra LDAP password
    ZIMBRA_LDAP_PASSWORD=`zmlocalconfig -s zimbra_ldap_password | cut -d ' ' -f3`
    
    # include NIS schema into Zimbra LDAP
    ldap stop
    cp /opt/zimbra/openldap/etc/openldap/schema/nis.ldif /opt/zimbra/data/ldap/config/cn\=config/cn\=schema/cn\=\{10\}nis.ldif
    cd /opt/zimbra/data/ldap/config/cn\=config/cn=\schema
    sed -i 's/dn: cn=nis,cn=schema,cn=config/dn: cn={10}nis/' cn\=\{10\}nis.ldif
    sed -i 's/cn: nis/cn: {10}nis/' cn\=\{10\}nis.ldif
    chmod 600 cn\=\{10\}nis.ldif
    ldap start
    
    
    # include Samba schema into Zimbra LDAP
    mkdir -p /tmp/ldap/schema
    cd /tmp/ldap
    cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema /tmp/ldap/schema
    tee test.conf > /dev/null <<- 'EOF'
    	include /opt/zimbra/openldap/etc/openldap/schema/core.schema
    	include /opt/zimbra/openldap/etc/openldap/schema/cosine.schema
    	include /opt/zimbra/openldap/etc/openldap/schema/inetorgperson.schema
    	include /tmp/ldap/schema/samba.schema
    EOF
    /opt/zimbra/openldap/sbin/slaptest -f /tmp/ldap/test.conf -F /tmp/ldap
    cd cn\=config/cn\=schema
    mv cn\=\{3\}samba.ldif cn\=\{11\}samba.ldif
    sed -i 's/dn: cn={3}samba/dn: cn={11}samba/' cn\=\{11\}samba.ldif
    sed -i 's/cn: {3}samba/cn: {11}samba/' cn\=\{11\}samba.ldif
    ldap stop
    cp /tmp/ldap/cn\=config/cn\=schema/cn\=\{11\}samba.ldif /opt/zimbra/data/ldap/config/cn\=config/cn\=schema/
    ldap start
    
    
    
    # add indexes for PAM and Samba
    tee /tmp/indexes.ldif > /dev/null <<- 'EOF'
    	dn: olcDatabase={2}hdb,cn=config
    	changetype:modify
    	add: olcDbIndex
    	olcDbIndex: uidNumber eq
    	olcDbIndex: gidNumber eq
    	olcDbIndex: memberUid eq
    	olcDbIndex: sambaSID eq
    	olcDbIndex: sambaPrimaryGroupSID eq
    	olcDbIndex: sambaDomainName eq
    EOF
    ldapmodify -f /tmp/indexes.ldif -x -H ldapi:/// -D cn=config -w $ZIMBRA_LDAP_PASSWORD
    
    
    
    # create two new users for the local posix and samba processes to use to access the information from the LDAP server
    ZMPOSIX_LDAP_PASSWORD=`/opt/zimbra/openldap/sbin/slappasswd -s zmposix`
    ZMPOSIXROOT_LDAP_PASSWORD=`/opt/zimbra/openldap/sbin/slappasswd -s zmposixroot`
    tee /tmp/posixusers.ldif > /dev/null <<- EOF
    	dn: uid=zmposix,cn=appaccts,cn=zimbra
    	uid: zmposix
    	objectClass: zimbraAccount
    	objectClass: organizationalPerson
    	cn: zmposix
    	sn: zmposix
    	zimbraAccountStatus: active
    	zimbraIsSystemResource: TRUE
    	zimbraId: 59BC2282-98CC-11DE-9492-C023E3CEB16B
    	description: The zimbra posix account
    	userPassword: $ZMPOSIX_LDAP_PASSWORD
    
    	dn: uid=zmposixroot,cn=appaccts,cn=zimbra
    	uid: zmposixroot
    	objectClass: zimbraAccount
    	objectClass: organizationalPerson
    	cn: zmposixroot
    	sn: zmposixroot
    	zimbraAccountStatus: active
    	zimbraIsSystemResource: TRUE
    	zimbraId: 6ED47B38-98CC-11DE-AAC1-9F159BA35B33
    	description: The zimbra posix root account
    	userPassword: $ZMPOSIXROOT_LDAP_PASSWORD
    EOF
    ldapadd -f /tmp/posixusers.ldif -x -H ldapi:/// -D cn=config -w $ZIMBRA_LDAP_PASSWORD
    
    
    
    # adjust the LDAP acls so that these new users can read the data necessary from the LDAP server
    tee /tmp/acl.ldif > /dev/null <<- 'EOF'
    	dn: olcDatabase={2}hdb,cn=config
    	changetype:modify
    	delete: olcAccess
    	olcAccess: {9}to attrs=entry  by dn.children="cn=admins,cn=zimbra" write  by * read
    	-
    	add: olcAccess
    	olcAccess: {9}to attrs=entry  by dn.children="cn=admins,cn=zimbra" write  by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write  by * read
    
    	dn: olcDatabase={2}hdb,cn=config
    	changetype:modify
    	add: olcAccess
    	olcAccess: {10}to dn.subtree="dc=example,dc=com"  by dn.children="cn=admins,cn=zimbra" write by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write  by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read  by * none
    	olcAccess: {11}to dn.subtree="ou=machines,dc=example,dc=com"  by dn.children="cn=admins,cn=zimbra" write  by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write  by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read  by * none
    	olcAccess: {12}to dn.subtree="ou=groups,dc=example,dc=com"  by dn.children="cn=admins,cn=zimbra" write  by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write  by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read  by * none
    	olcAccess: {13}to dn.subtree="ou=people,dc=example,dc=com"  by dn.children="cn=admins,cn=zimbra" write  by dn.exact="uid=zmposixroot,cn=appaccts,cn=zimbra" write  by dn.exact="uid=zmposix,cn=appaccts,cn=zimbra" read  by * none
    EOF
    ldapmodify -f /tmp/acl.ldif -x -H ldapi:/// -D cn=config -w $ZIMBRA_LDAP_PASSWORD
    
    
    
    # run the following zmprov commands as user zimbra
    zmprov mcf +zimbraAccountExtraObjectClass posixAccount
    zmprov mcf +zimbraAccountExtraObjectClass sambaSamAccount
    
    
    
    echo
    echo Proceed to "Installing zimbra_posixaccount and zimbra_samba extensions for Zimbra Admin"
    echo
    (04) deploy zimbra_posixaccount and zimbra_samba extensions for Zimbra Admin (content of config_template.xml for zimbra_posixaccount.zip and zimbra_samba.zip bellow)

    config_template.xml for zimbra_posixaccount.zip

    Code:
    <zimletConfig name="zimbra_posixaccount" version="4">
      <global>
        <property name="loginShells">/bin/bash,/bin/sh,/bin/false</property>        
        <property name="homePath">/home/%u</property>        
        <property name="gidBase">20000</property>        
        <property name="uidBase">10000</property>   
        <property name="ldapSuffix">dc=example,dc=com</property>
        <property name="ldapGroupSuffix">ou=groups</property>
      </global>
    </zimletConfig>
    config_template.xml for zimbra_samba.zip

    Code:
    <zimletConfig name="zimbra_samba" version="6"> 
      <global> 
        <property name="gidBase">20000</property> 
        <property name="uidBase">10000</property> 
        <property name="ridBase">1000</property> 
        <property name="ldapSuffix">dc=example,dc=com</property> 
        <property name="ldapGroupSuffix">ou=groups</property> 
        <property name="ldapMachineSuffix">ou=machines</property> 
      </global> 
    </zimletConfig>
    (05) install the Ubuntu 8.04.3 LTS Server for Samba - samba.example.com


    (06) install and configure Samba

    Code:
    sudo apt-get --yes install samba smbclient libnss-ldap
    
        (answers to dialogs)
    
      ldap://zimbra.example.com/
      dc=example,dc=com
      3
      Yes
      Yes
      uid=zmposixroot,cn=appaccts,cn=zimbra
      zmposixroot
      uid=zmposix,cn=appaccts,cn=zimbra
      zmposix
    
    sudo /etc/init.d/samba stop
    
    sudo tee /etc/nsswitch.conf > /dev/null <<- 'EOF'
    	passwd:         files ldap
    	group:          files ldap
    	shadow:         compat
    
    	hosts:          files dns
    	networks:       files
    
    	protocols:      db files
    	services:       db files
    	ethers:         db files
    	rpc:            db files
    
    	netgroup:       nis
    EOF
    
    sudo tee /etc/samba/smb.conf > /dev/null <<- 'EOF'
    [global]
      workgroup = EXAMPLE
      netbios name = samba
      os level = 33
      preferred master = yes
      enable privileges = yes
      server string = %h server (Samba, Ubuntu)
      wins support =yes 
      dns proxy = no
      name resolve order = wins bcast hosts
      log file = /var/log/samba/log.%m
      log level = 3
      max log size = 1000
      syslog only = no
      syslog = 0
      panic action = /usr/share/samba/panic-action %d
      security = user
      encrypt passwords = true
      ldap passwd sync = yes
      passdb backend = ldapsam:ldap://zimbra.example.com/
      ldap admin dn = "uid=zmposixroot,cn=appaccts,cn=zimbra"
      ldap suffix = dc=example,dc=com
      ldap group suffix = ou=groups
      ldap user suffix = ou=people
      ldap machine suffix = ou=machines
      obey pam restrictions = no
      passwd program = /usr/bin/passwd %u
      passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
      domain logons = yes
      logon path = \\samba.example.com\%U\profile
      logon home = \\samba.example.com\%U
      logon script = logon.cmd
      add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
      add machine script = /usr/sbin/adduser --shell /bin/false --disabled-password --quiet --gecos "machine account" --force-badname %u
      socket options = TCP_NODELAY
      domain master = yes
      local master = yes
    [homes]
      comment = Home Directories
      browseable =yes 
      read only = No
      valid users = %S
    [netlogon]
      comment = Network Logon Service
      path = /var/lib/samba/netlogon
      guest ok = yes
      locking = no
    [profiles]
      comment = Users profiles
      path = /var/lib/samba/profiles
      read only = No
    [profdata]
      comment = Profile Data Share
      path = /var/lib/samba/profdata
      read only = No
      profile acls = Yes
    [printers]
      comment = All Printers
      browseable = no
      path = /tmp
      printable = yes
      public = no
      writable = no
      create mode = 0700
    [print$]
      comment = Printer Drivers
      path = /var/lib/samba/printers
      browseable = yes
      read only = yes
      guest ok = no
    EOF
    
    sudo smbpasswd -w zmposixroot
    
    sudo tee /etc/pam.d/common-account > /dev/null <<- 'EOF'
    	account         sufficient      pam_unix.so
    	account         sufficient      pam_ldap.so
    EOF
    
    sudo tee /etc/pam.d/common-auth > /dev/null <<- 'EOF'
    	auth    sufficient      pam_ldap.so
    	auth    sufficient      pam_unix.so
    EOF
    
    sudo tee /etc/pam.d/common-password > /dev/null <<- 'EOF'
    	password        sufficient      pam_unix.so
    	password        sufficient      pam_ldap.so
    EOF
    
    sudo tee /etc/pam.d/common-session > /dev/null <<- 'EOF'
    	session         required        pam_mkhomedir.so        skel=/etc/skel  umask=0077
    
    	session         sufficient      pam_unix.so
    	session         sufficient      pam_ldap.so
    EOF
    
    sudo /etc/init.d/samba start
    Then create posix/samba groups in Zimbra Admin, create Zimbra users in Zimbra Admin and confirm the connection of samba.example.com with zimbra.example.com LDAP using "getent group" and "getent passwd" on samba.example.com.

    Until here, all fine...

    Then the error mentioned in the beggining of the post.


  5. #5
    Join Date
    Jul 2009
    Posts
    24
    Rep Power
    6

    Unhappy

    Hi everbody!

    I think that the error could be related to the fact that, by default, user root canīt direct login in Ubuntu. Until now, I was doing everything related to user root using sudo.

    So I redone everything, but just after install Ubuntu I have done:

    Code:
    sudo passwd root
    Again, at

    Next, log in to Zimbra Admin UI, click on Aliases and remove root@.gregzimbra1.zimbra.com alias. Then run

    Code:
    smbpasswd -a root
    I get the error

    Code:
    root@samba:~# smbpasswd -a root
    New SMB password:
    Retype new SMB password:
    ldapsam_modify_entry: LDAP Password could not be changed for user root: Insufficient access
            unknown
    ldapsam_add_sam_account: failed to modify/add user with uid = root (dn = uid=root,ou=people,dc=centermastersul,dc=com,dc=br)
    Failed to add entry for user root.
    Failed to modify password entry for user root
    root@samba:~#
    Before follow the instructions, in Zimbra LDAP uid=root,ou=people,dc=example,dc=com had the following values:

    Code:
    zimbraId:		d9cefdae-faf3-4ef1-8c80-a580b059de4b
    uid:			root
    zimbraAliasTargetId:	10f53e81-fbb8-44d7-9565-d3b1856b7b56
    zimbraCreateTimestamp:	25/9/2009 20:50:31
    objectClass:		zimbraAlias
    After, the values are:

    Code:
    uid:			root
    sambaSID:		S-1-5-21-3672448431-1616787927-2682189938-1000
    displayName:		root
    sambaNTPassword:	329153F560EB329C0E1DEEA55E88A1E9
    sambaPasswordHistory:	0000000000000000000000000000000000000000000000000000000000000000
    sambaPwdLastSet:	1253969764
    sambaAcctFlags:		[U          ]
    objectClass:		sambaSamAccount
    objectClass:		account
    So, besides the error, user root is included into Zimbra LDAP...

    Then,

    Next, create “Domain Admins” group using Zimbra Admin UI, on Samba tab select Special Windows group type “Domain Admins”.
    and

    Then you need to grant privileges to this group. Run the following command as root on your Samba server.

    net rpc rights grant "EXAMPLE\Domain Admins" SeAddUsersPrivilege SeMachineAccountPrivilege SePrintOperatorPrivilege

    Code:
    root@samba:~# net rpc rights grant "EXAMPLE\Domain Admins" SeAddUsersPrivilege SeMachineAccountPrivilege SePrintOperatorPrivilege
    Password:
    Successfully granted rights.
    I have created a user toaddmachines in Zimbra and put him into Domain Admins group.

    In Zimbra LDAP:

    Code:
    sambaDomainName:		EXAMPLE
    displayName:			To A. Machines
    givenName:			To
    zimbraPrefLocale:		en_US
    objectClass:			organizationalPerson
    objectClass:			zimbraAccount
    objectClass:			amavisAccount
    objectClass:			posixAccount
    objectClass:			sambaSamAccount
    zimbraPrefTimeZoneId:		America/Sao_Paulo
    zimbraId:			f267b258-fff6-420f-be40-3c25f9b5b68e
    zimbraMailStatus:		enabled
    zimbraMailDeliveryAddress:	toaddmachines@example.com
    uid:				toaddmachines
    mail:				toaddmachines@example.com
    uidNumber:			10004
    zimbraAccountStatus:		active
    cn:				To A. Machines
    initials:			A
    zimbraMailTransport:		lmtp:zimbra.example.com:7025
    loginShell:			/bin/bash
    zimbraMailHost:			zimbra.example.com
    gidNumber:			20002
    zimbraPasswordModifiedTime:	26/9/2009 13:10:37
    sambaSID:			S-1-5-21-3672448431-1616787927-2682189938-21008
    homeDirectory:			/home/toaddmachines
    sn:				Machines
    zimbraCreateTimestamp:		26/9/2009 13:10:37
    sambaNTPassword:		b5f896430ef9d7c7a8894b30fce8487a
    userPassword:			{SSHA}PyStxG5X7384aqZJhf953sXY5rJh+Jwz
    and

    Code:
    gidNumber:		20004
    sambaSID:		S-1-5-21-3672448431-1616787927-2682189938-512
    sambaGroupType:		2
    displayName:		Domain Admins
    description:		Domain Admins
    cn: Domain		Admins
    memberUid:		10004
    objectClass:		posixGroup
    objectClass:		sambaGroupMapping
    But when I try to add a Windows XP machine to domain I get an error on Windows XP saying that "The user password must be changed before first login" (or something like that).

    I logged toaddmachines in Zimbra, go to "Preferences" and clicked on "Change Password".

    When I tried to add the Windows XP again I get now the error "Login failed: user unknow or incorrect password".

    On samba.example.com I get:

    Code:
    root@samba:~# smbclient -U toaddmachines //samba.example.com/toaddmachines
    Password:
    session setup failed: NT_STATUS_LOGON_FAILURE
    and

    Code:
    root@samba:~# smbclient -U toaddmachines //samba.example.com/toaddmachines
    Password:
    session setup failed: NT_STATUS_PASSWORD_MUST_CHANGE
    I get the NT_STATUS_LOGON_FAILURE when I use the actual password and NT_STATUS_PASSWORD_MUST_CHANGE when I use the previous password...



    Any ideas?

    I could not add the Windows XP machine to the domain...


  6. #6
    Join Date
    Jul 2009
    Posts
    24
    Rep Power
    6

    Unhappy Need help here...

    I repeat everything, now using Ubuntu 8.04.3 LTS Server 32-bit.

    Still canīt make Zimbra and Samba work together.

    I read the base tutorials and howtos several times.

    Someone here had sucess making Zimbra 6.0.1 and Samba work together using Ubuntu 8.04.3 LTS Server?


  7. #7
    Join Date
    Jul 2009
    Posts
    24
    Rep Power
    6

    Default

    Anyone achieve sucess with Zimbra 6.0.1 and Ubuntu 8.04.3 LTS Server?

    As I want to use Zimbra 6.0.1 I will try with another distro...


  8. #8
    Join Date
    Jul 2008
    Location
    openhagen
    Posts
    81
    Rep Power
    7

    Default

    I have succesfully setup 6.0.1 + samba on Ubuntu 8.04.3 LTS by using the guide from Zimbra (with some modifications though). At which step are you stuck?

  9. #9
    Join Date
    Jul 2009
    Posts
    24
    Rep Power
    6

    Default

    Hi lithorus!

    Please take a look at http://www.zimbra.com/forums/153926-post5.html

    I tried to describe as detailed as I can the step where problems began.

    Thanks for helping!

  10. #10
    Join Date
    Jul 2008
    Location
    openhagen
    Posts
    81
    Rep Power
    7

    Default

    Quote Originally Posted by peracchi View Post
    Hi lithorus!

    Please take a look at http://www.zimbra.com/forums/153926-post5.html

    I tried to describe as detailed as I can the step where problems began.

    Thanks for helping!
    How did the create the user "toaddmachines", by command line?

    Edit:
    When you change the password for the user inside the zimbra webmail it does not change the password for the samba account.

Similar Threads

  1. Replies: 3
    Last Post: 04-07-2014, 05:52 AM
  2. zimbra install with perpetually broken logger/stats
    By jptech in forum Installation
    Replies: 8
    Last Post: 09-29-2008, 03:33 PM
  3. Replies: 8
    Last Post: 08-07-2008, 06:18 AM
  4. Replies: 8
    Last Post: 02-27-2007, 04:10 AM
  5. Replies: 16
    Last Post: 09-07-2006, 07:39 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •