Results 1 to 4 of 4

Thread: Zimbra + Samba LDAP auth problems

  1. #1
    Join Date
    Jul 2007
    Rep Power

    Unhappy Zimbra + Samba LDAP auth problems

    Hello all,
    I install zimbra 4.5.6 on Opensuse10.2. Works great!
    Then I also want it as Samba PDC, so I follow Greg's howto, and all seem OK. From zimbra UI, I can add account and posix group.

    But, I notice that when do 'getent passwd' and 'getent group', I cannot see the account and group created from zimbra.

    Seems like the samba server cannot see the LDAP?
    Can anyone please help me to troubleshoot it?

    This is my confs (please let me know if there's more to provide):
    workgroup =
    netbios name = fajar102
    os level = 33
    preferred master = yes
    enable privileges = yes
    server string = %h server (Samba, Opensuse102)
    wins support = yes
    dns proxy = no
    name resolve order = wins bcast hosts
    log file = /var/log/samba/log.%m
    log level = 3 
    max log size = 1000
    syslog only = no
    syslog = 5
    #panic action = /usr/share/samba/panic-action %d
    security = user
    encrypt passwords = true
    ldap passwd sync = yes
    passdb backend = ldapsam:ldap://
    ldap admin dn ="uid=zimbra,cn=admins,cn=zimbra"
    ldap suffix = dc=vulcan,dc=com
    ldap group suffix = ou=groups
    ldap user suffix = ou=people
    ldap machine suffix = ou=machines
    obey pam restrictions = no
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\sUnix\spassword:* %n\n *Retype\snew\sUnix\spassword:* %n\n *password\supdated\ssuccessfully*
    domain logons = yes
    logon path = \\\%U\profile
    logon home = \\\%U
    logon script = logon.cmd
    #add user script = /usr/sbin/useradd --quiet --disabled-password --gecos "" %u
    #add machine script = /usr/sbin/useradd --shell /bin/false --disabled-password --quiet "machine account" --force-badname %u
    ######## FOR OPENSUSE ?? ##########
    username map = /etc/samba/smbusers
    add user script = /usr/local/bin/smbldap-useradd -m %u
    delete user script = /usr/local/bin/smbldap-userdel %u
    add group script = /usr/local/bin/smbldap-groupadd -p %g
    delete group script = /usr/local/bin/smbldap-groupdel %g
    add user to group script = /usr/local/bin/smbldap-groupmod -m %g %u
    delete user from group script = /usr/local/bin/smbldap-groupmod -x %g %u
    set primary group script = /usr/local/bin/smbldap-usermod -g %g %u
    add machine script = /usr/local/bin/smbldap-useradd -w %u
    # if you want to add machines to domain automaticaly, add machine script is:
    add machine script = /usr/local/bin/smbldap-useradd -w -i %u
    socket options = TCP_NODELAY
    domain master = yes
    local master = yes

    account requisite
    account sufficient
    account required     use_first_pass
    auth    required
    auth    sufficient
    auth    required     use_first_pass
    password        requisite  nullok cracklib 
    password        sufficient    nullok use_authtok 
    password        required     try_first_pass use_authtok 
    session required
    session required
    session optional
    session optional
    session required skel=/etc/skel umask=0022
    #passwd:        compat
    #group: compat
    passwd: files ldap
    group: files ldap
    hosts:  files dns
    networks:       files dns
    services:       files ldap
    protocols:      files
    rpc:    files
    ethers: files
    netmasks:       files
    netgroup:       files ldap
    publickey:      files
    bootparams:     files
    automount:      files nis
    aliases:        files ldap
    passwd_compat:  ldap
    group_compat:   ldap
    TLS_REQCERT     allow
    base    dc=vulcan,dc=com
    binddn uid=zimbra,cn=admins,cn=zimbra
    bindpw 123456
    rootbinddn uid=zimbra,cn=admins,cn=zimbra
    uri ldap://
    bind_policy soft
    Last edited by fajarpri; 07-04-2007 at 07:57 PM.

  2. #2
    Join Date
    Jul 2007
    Rep Power


    Can someone help, please?
    I'm a bit desperate

  3. #3
    Join Date
    May 2006
    Rep Power


    Don't worry! I'm sure someone who makes use of a samba configuration will help you out. Expecting a reply within one hour is a little much...that's why there's the paid support (it's also a US holiday btw)
    Last edited by mmorse; 07-04-2007 at 10:41 PM.

  4. #4
    Join Date
    Jul 2007
    Rep Power


    Thanks for the sympathy mmorse
    After pulling my hair out for several hours, finally I can get getent group and passwd to work.

    Apparently I missed to setup /etc/ldap.conf.
    But, I haven't been able to add my windowsXP to the domain.
    I guess it's another thread.

Similar Threads

  1. Replies: 9
    Last Post: 03-01-2008, 07:21 PM
  2. zmtlsctl give LDAP error
    By sourcehound in forum Administrators
    Replies: 5
    Last Post: 03-11-2007, 03:48 PM
  3. zimbra-core missing
    By kinaole in forum Developers
    Replies: 1
    Last Post: 10-02-2006, 11:59 AM
  4. Services stopped working
    By lilwong in forum Administrators
    Replies: 4
    Last Post: 08-15-2006, 09:19 AM
  5. port 7071 not listening OS X install
    By leeimber in forum Installation
    Replies: 7
    Last Post: 03-21-2006, 09:47 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts