How about 'install.log' which I think should be in the /tmp directory.
The log pointed me to /opt/zimbra/.saveconfig/config.save and it was there.
just simple copy samba schema file into /opt/zimbra/openldap/etc/openldap/schema/Originally Posted by Robert Mortimer
/opt/zimbra/bin/zmlocalconfig -s| grep password
it's lisining on the normal ldap port!
what have you already implement?Originally Posted by Robert Mortimer
how do you keep in sync the samba and non samba people's ldap accounts?
and how do you manipulate them?
My Fedora core 4 authenticates against the LDAP serverOriginally Posted by lfarkas
Users update password from windows machines (SAMBA syncs unix password)
LDAP config had to be changed so Dovecott (IMAP POP) could use the passwords
Apache LDAP auth module is used for internal web based apps
LAM (LDAP Account manager) does most of the account management along with the IDEALIX scripts
Sendmail checks valid users and aliases against the LDAP
We have an LDAP aware vacation milter for sendmail
It's short on gloss but I have a single sign-on for intranet, webmail, IMAP, POP & Windows +(VPN if I want to configure RAIDIUS)
Originally Posted by Robert Mortimer
ok that's the case now, but how do you would like to manage users with zimbra? you can't continue to use lam since it's not add zimbra account attribs, but you can't use zibra admin since it's not add posix and samba attribs. otherwise you are in a mixed enviroment and just have problems.
We have a customer with Samba and Zimbra both authenticating against active directory running on the same machine. Zimbra was very easy to make Authenticate against AD 20 minutes work. Samba took more than two days to get right (well done DaveM).
This may be fixed by Samba 4.
However the orginal post was Zimbra as Active directory replacement.
I am not sure how this would be done, but I want to be able to set this all up in less than an hour.
This pdf (Thanks IBM) give some pointers http://ploug.eu.org/doc/smb-ldap-a4.pdf how to do it with the idealx scripts mentioned earlier.
If Zimbra was to do the whole Job then groups and share management would need to be added.
I am just setting a system up now for a charity, they have six windows servers, at different sites and I want a single user name and password for
Windows Logon, Zimbra logon, samba Logon.
The only things that can deliver this are a mixture of Novell products (eDirectory and identity management) or Fedora active directory.
I think both of these can absorb an Active directory setup, Borg style (as in start trek), and be the directory service in charge so to speak.
I wish I had more than a grasshopper brain, else would do some coding myself.
imho we think different think here. what i called ad replacement is one 'database' for users (and computers) and on kind of admin ui to manage them. of course if you have a fixed number of users and you already setup an ldap server the it has nothing to do with zimbra. what i like to see is an ui which able to manage an ldap server (which is used by zimbra, samba, etc..) ans never need to manualy edit the ldap server ie. only manage through this ui.Originally Posted by mintra
that would be nice, easily manageable and consistent (! which is currently not soo easy). and can be setup in an hour....
that's my dream.
Setting up a SAMBA PDC is not hard - see http://qvtech.cc/smbldap/ or other locations for the fantastic smbldap-installer script (10 min to get a PDC if you know where to turn on the ACLs and turn off roaming profiles).
I used this and other components to get my single sign on as stated earlier in this thread.
A next step would be to integrate Zimbra in place of my Dovecot, squirrel mail, Sendmail, Procmail and Milter elements. Just that extra bit of user management for SAMBA attributes added into Zimbra and I would be at it like a flash. As it is I am waiting for an available window.
Had there been any progress on the samba PDC code?
The best place to file enhancement requests is in bugzilla, the Zimbra team can keep track of them better in there. If you want to file this in bugzilla (if it's not in there already) don't forget to vote on it.Originally Posted by Robert Mortimer