Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: AD Authentication issue

  1. #1
    Join Date
    Sep 2011
    Posts
    256
    Rep Power
    4

    Default AD Authentication issue

    Hi Folks,

    Is it possible to configure authentication in a such way that some of the users can be authenticated from AD while others will be authenticated using Internal mechanism? Or once the authentication is configured it will be applied globally?

  2. #2
    Join Date
    May 2009
    Posts
    33
    Rep Power
    6

    Default

    Authentication is always local with failover to external.

    Providing the password for the user is not in the local DB it will then try an external source, if configured i.e. AD.

    Its worth turning off the ability to change passwords for your AD users.

  3. #3
    Join Date
    Sep 2011
    Posts
    256
    Rep Power
    4

    Default

    Nah,,that doesnt answer my question. Well, what I wanted to know is just like GAL where GAL can be pulled from Internal as well as External..is it possible to that few of the users will be authenticated against AD while others from internal?

  4. #4
    Join Date
    May 2009
    Posts
    33
    Rep Power
    6

    Default

    yes...

    if the user is being authenticated via AD the system always checks locally before trying the AD Authentication. If the user is an AD user the internal authentication will fail and the sign on will move to anther check i.e. external. If the user is a local user then it never bothers with the AD authentication check...

    so you can have some local users and some AD users...

    it would have taken 10 seconds to test

  5. #5
    Join Date
    Sep 2011
    Posts
    256
    Rep Power
    4

    Default

    OK - so, is it something like this? System will always first try to authenticate against local database and if not then it will query AD?

    Also in that case what should be my Authentication Option? Internal or external Active Directory.

    I do not have AD built right now hence I had to post the question on forum.

  6. #6
    Join Date
    May 2009
    Posts
    33
    Rep Power
    6

    Default

    Just create a user as normal.

    All users are local users its just the password is coming from AD if you want. So when you create an AD user it is a local user with a NULL password.

    So no difference for user accounts...

    If you want the account to authenticate locally it just needs a password on the system...

    If you are creating an AD user you would not fill in a password.

    Quote Originally Posted by blason View Post
    I do not have AD built right now hence I had to post the question on forum.
    Its fine .... hence the

  7. #7
    Join Date
    Sep 2008
    Posts
    74
    Rep Power
    7

    Default

    I don't believe this is the case. I have attempted to do what you're saying and have not been able to in the past. Further, I just tested again with the same result. This warning is listed just above the password configuration when you have external authentication set up for a domain:
    Note: These settings do not affect the passwords set by users in domains that are configured to use external authentication.

    If this is supposed to work, then there's a trick I need to learn.

  8. #8
    Join Date
    Sep 2011
    Posts
    256
    Rep Power
    4

    Default

    even I really doubt if this would work but any way I will have to wait for some more days before I actually try that with my AD server since I do not have AD with me at this moment.

  9. #9
    Join Date
    May 2009
    Posts
    33
    Rep Power
    6

    Default

    Create the account as normal

    Search for the account and highlight by selecting (don't double click on the account).... in the menu above there is a button "change password"

    I will add a screen shot if needed... I do this all the time.

    even if the account authenticates to the AD you can still add a password... it will just mean that there are two passwords for that account... 1 local and 1 in AD...
    Last edited by Guest; 02-14-2012 at 10:28 AM.

  10. #10
    Join Date
    Sep 2008
    Posts
    74
    Rep Power
    7

    Default

    @Guest
    What version of Zimbra do you use? In mine, "Change password" is greyed out for accounts on domains that are configured for AD.

Similar Threads

  1. Custom Authentication issue
    By srini in forum Developers
    Replies: 0
    Last Post: 02-10-2011, 06:40 AM
  2. Replies: 2
    Last Post: 10-27-2010, 11:42 AM
  3. External LDAP Authentication Issue
    By xtreme-one in forum Installation
    Replies: 10
    Last Post: 02-16-2007, 06:52 PM
  4. LDAP Authentication issue
    By premoddev in forum Administrators
    Replies: 7
    Last Post: 12-22-2006, 07:15 AM
  5. Authentication to external ldap stop working.
    By jahaj in forum Installation
    Replies: 3
    Last Post: 12-05-2006, 02:17 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •