Results 1 to 9 of 9

Thread: Samba extension on existing install?

  1. #1
    Join Date
    Apr 2006
    Posts
    22
    Rep Power
    9

    Default Samba extension on existing install?

    with all of the excitement of the new samba/posix admin extensions, I thought I'd give them a look to see how it would integrate into our existing environment. I built a test box and created a couple of accounts before setting up the samba parts. I've got it working to the point that if I create new accounts, they'll be configured with all of the samba/posix goodness. I'd like to see if there's a way to add the samba/posix attributes to the existing accounts.

    If I use an LDAP administration program (LDAP Admin), I can manually add the sambaSamAccount and posixAccount objectclasses. When I add the objectclasses, I enter the sambaSID, UID, GID, etc. The only problem is that the samba password never gets set. If I change the user's password in the admin UI, it changes the password associated with Zimbra, but the samba password doesn't get set. Does anybody know of a flag that I'm missing to tell Zimbra to change the sambaNTPassword attribute?

  2. #2
    Join Date
    Sep 2005
    Location
    Tucson - San Francisco - Moscow
    Posts
    127
    Rep Power
    10

    Default

    Quote Originally Posted by bersrker View Post
    with all of the excitement of the new samba/posix admin extensions, I thought I'd give them a look to see how it would integrate into our existing environment. I built a test box and created a couple of accounts before setting up the samba parts. I've got it working to the point that if I create new accounts, they'll be configured with all of the samba/posix goodness. I'd like to see if there's a way to add the samba/posix attributes to the existing accounts.

    If I use an LDAP administration program (LDAP Admin), I can manually add the sambaSamAccount and posixAccount objectclasses. When I add the objectclasses, I enter the sambaSID, UID, GID, etc. The only problem is that the samba password never gets set. If I change the user's password in the admin UI, it changes the password associated with Zimbra, but the samba password doesn't get set. Does anybody know of a flag that I'm missing to tell Zimbra to change the sambaNTPassword attribute?
    If you manage to add extra object classes to the existing zimbra accounts than there are two simple ways to set sambaNTPassword attribute:
    1 - opening each account in Zimbra Admin and change the password (do not use "change password" button in the toolbar though_
    or
    2 - use phpldapadmin - it can properly set sambaNTPassword using MD4 hash

    once you set the passwords, you should add

    Code:
     ldap passwd sync = yes
    to smb.conf and after this whenever a user changes windows password using CTRL+ALT+DELETE Samba will also update your Zimbra password
    Bugzilla - Wiki - Downloads - Before posting... Search!
    P.S.: don't forget to vote on this bug
    add Samba LDAP entries to Exchange Migration Tool

  3. #3
    Join Date
    Apr 2006
    Posts
    22
    Rep Power
    9

    Default

    I've discovered that even the new users that I'm creating on this test instance aren't getting their sambaNTPassword entries changed when I change the password though the admin interface. It's like the admin UI doesn't know to change both password entries. Here's what's showing up in the log when I open up a new user and change their password:

    Code:
    May  3 17:28:24 mail slapd[4372]: conn=6 op=35 SRCH base="" scope=2 deref=3 filter="(&(zimbraMailForwardingAddress=vstigers@test.com)(&(objectClass=zimbraDistributionList)(!(objectClass=zimbraCalendarResource))))"
    May  3 17:28:24 mail slapd[4372]: conn=6 op=35 SRCH attr=zimbraCOSId objectClass zimbraAccountCalendarUserType zimbraMailAlias zimbraId uid
    May  3 17:28:24 mail slapd[4372]: is_entry_objectclass("", "2.5.6.1") no objectClass attribute
    May  3 17:28:24 mail slapd[4372]: conn=6 op=35 SEARCH RESULT tag=101 err=0 nentries=0 text=
    May  3 17:28:24 mail slapd[4372]: conn=6 op=36 SRCH base="" scope=2 deref=3 filter="(objectClass=zimbraZimletEntry)"
    May  3 17:28:24 mail slapd[4372]: is_entry_objectclass("", "2.5.6.1") no objectClass attribute
    May  3 17:28:24 mail slapd[4372]: conn=6 op=36 SEARCH RESULT tag=101 err=0 nentries=7 text=
    May  3 17:28:29 mail slapd[4372]: conn=6 op=37 MOD dn="uid=vstigers,ou=people,dc=test,dc=com"
    May  3 17:28:29 mail slapd[4372]: conn=6 op=37 MOD attr=zimbraPasswordModifiedTime userPassword
    May  3 17:28:29 mail slapd[4372]: conn=6 op=38 SRCH base="uid=vstigers,ou=people,dc=test,dc=com" scope=0 deref=3 filter="(objectClass=*)"
    May  3 17:28:29 mail slapd[4372]: conn=6 op=38 SEARCH RESULT tag=101 err=0 nentries=1 text=
    May  3 17:28:29 mail slapd[4372]: conn=6 op=37 RESULT tag=103 err=0 text=
    May  3 17:28:29 mail slapd[4372]: conn=6 op=39 SRCH base="uid=vstigers,ou=people,dc=test,dc=com" scope=0 deref=3 filter="(objectClass=*)"
    May  3 17:28:29 mail slapd[4372]: conn=6 op=39 SEARCH RESULT tag=101 err=0 nentries=1 text=
    May  3 17:28:29 mail slapd[4372]: conn=6 op=40 SRCH base="" scope=2 deref=3 filter="(&(zimbraMailForwardingAddress=vstigers@test.com)(&(objectClass=zimbraDistributionList)(!(objectClass=zimbraCalendarResource))))"
    May  3 17:28:29 mail slapd[4372]: conn=6 op=40 SRCH attr=zimbraCOSId objectClass zimbraAccountCalendarUserType zimbraMailAlias zimbraId uid
    May  3 17:28:29 mail slapd[4372]: is_entry_objectclass("", "2.5.6.1") no objectClass attribute
    May  3 17:28:29 mail slapd[4372]: conn=6 op=40 SEARCH RESULT tag=101 err=0 nentries=0 text=
    May  3 17:28:29 mail slapd[4372]: conn=6 op=41 SRCH base="" scope=2 deref=3 filter="(objectClass=zimbraZimletEntry)"
    May  3 17:28:29 mail slapd[4372]: is_entry_objectclass("", "2.5.6.1") no objectClass attribute
    May  3 17:28:29 mail slapd[4372]: conn=6 op=41 SEARCH RESULT tag=101 err=0 nentries=7 text=
    May  3 17:28:29 mail slapd[4372]: conn=6 op=42 SRCH base="" scope=2 deref=3 filter="(&(objectClass=zimbraAccount)(!(objectClass=zimbraCalendarResource)))"
    May  3 17:28:29 mail slapd[4372]: conn=6 op=42 SRCH attr=zimbraCOSId objectClass zimbraAccountCalendarUserType displayName zimbraId zimbraMailHost uid zimbraAccountStatus description zimbraMailStatus zimbraCalResType zimbraDomainType zimbraDomainName
    May  3 17:28:29 mail slapd[4372]: is_entry_objectclass("", "2.5.6.1") no objectClass attribute
    May  3 17:28:29 mail slapd[4372]: conn=6 op=42 SEARCH RESULT tag=101 err=0 nentries=9 text=
    As you can see, the userPassword attribute is getting modified, but not sambaNTPassword. When the user gets created, the sambaNTPassword entry is created correctly, but from here on, it doesn't seem to get updated. Should I be changing the password in a different location? I can go into the server and manually enter "smbpasswd user" and set it, but that's sort of against the spirit of having Zimbra manage it all. This is happening on a RedHat AS4 box running the latest version of Zimbra.

    This is the only hangup that I'm having with getting this up and running. The PAM and Samba modules are talking to the LDAP server just fine...I can log in via SSH with my Zimbra account info, and using the first password I set up, I can log in through Samba to the server. It's just that when the password changes, the Samba password stays the same, but the Zimbra password changes as expected. Any ideas?

  4. #4
    Join Date
    May 2007
    Posts
    1
    Rep Power
    8

    Default

    Same issue here. Our users would primarily be changing their passwords thru the Zimbra UI rather than via Samba. Is there any way to get Zimbra to update the sambaNTPassword?

  5. #5
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Ignore this post. I'm bumping it so I don't forget about it
    ZFR

  6. #6
    Join Date
    May 2007
    Posts
    1
    Rep Power
    8

    Default zimbra admin console hangs on login after samba/posix admin extensions deployed

    ZCS 4.5.4GA Network edition. After deploying posix/samba admin extensions, console hangs at 'loading'

    IE debug window complains of "line 158, char 9 Error: Expected identifier, string or number" and "line 22275, char 1 Error:'exception thrown and not caught'

    Thanks,

    Scott

  7. #7
    Join Date
    Apr 2006
    Posts
    22
    Rep Power
    9

    Default

    Just to give an update, still having the same problems after updating test instance to 4.5.5_GA. sambaNTPassword hash isn't being updated after changing the password for a user through the admin console. Can't seem to get Zimbra to change the second password after adding the schema. It's bizarre because the password is correctly set when creating a new account, but not when changing the password. Is there a mechanism that needs to be changed somewhere?

  8. #8
    Join Date
    Apr 2006
    Posts
    22
    Rep Power
    9

    Default

    Has anybody been able to get the samba password changed when changing a user's password through the admin interface yet? If so, was there anything special to get it to work? This is the last thing that's keeping me from deploying this solution.

  9. #9
    Join Date
    Feb 2007
    Location
    Jacksonville, FL
    Posts
    12
    Rep Power
    8

    Default Another deployment without sambaNTPassword synchronizing

    Another deployment without sambaNTPassword synchronizing


    We too are experiencing this issue. It is the final obstacle to deployment. Other than this snafu, everything else works perfect.
    ----
    Matt Walston
    Entire IT Department
    Air Control Systems

Similar Threads

  1. Integration with existing Samba, is this possible?
    By wolrah in forum Administrators
    Replies: 0
    Last Post: 07-26-2007, 07:30 AM
  2. Replies: 16
    Last Post: 11-29-2006, 09:36 AM
  3. Advice for install on existing server
    By sjames in forum Installation
    Replies: 2
    Last Post: 07-24-2006, 02:59 PM
  4. install on existing server
    By mtndan in forum Installation
    Replies: 3
    Last Post: 05-26-2006, 09:51 AM
  5. Replies: 5
    Last Post: 10-14-2005, 02:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •