Page 1 of 1

Mixed authentication - disable external for specific accounts

Posted: Tue Dec 16, 2014 3:54 pm
by 7224jobe

Hi everybody, in our setup we have Zimbra 8.0.6 configured with authentication on Active Directory, and zimbraAuthFallbackToLocal set to TRUE to allow logins for specific accounts (related to automatical internal services) that do not have a domain account. Everything works ok, but we have zimbra log files filled with failed AD login attempts by those accounts, since they check their inboxes automatically very often.


Is there a way to set only internal authentication for specific accounts? I found only domain-wide settings.



Mixed authentication - disable external for specific accounts

Posted: Fri Jan 16, 2015 1:52 am
by greges
Hi jobe, did you find solution? I have exactly same issue.

Mixed authentication - disable external for specific accounts

Posted: Fri Jan 16, 2015 2:43 am
by jorgedlcruz
Hi guys,

Could you please let us know the result of zmcontrol -v ?



Best regards

Mixed authentication - disable external for specific accounts

Posted: Fri Jan 16, 2015 3:19 am
by greges
Release 8.0.6_GA_5922.RHEL6_64_20131203103705 RHEL6_64 FOSS edition

Yeah..., i know - time to upgrade. But will it change anything in that case?

Mixed authentication - disable external for specific accounts

Posted: Fri Jan 16, 2015 3:40 am
by 7224jobe
Hi Jorge and greges,

I did not manage to find a solution for this problem :(



Here is my zmcontrol -v:

Release 8.0.6.GA.5922.UBUNTU10.64 UBUNTU10_64 NETWORK edition

Mixed authentication - disable external for specific accounts

Posted: Fri Jan 16, 2015 5:51 am
by greges
An idea ...

In my case, there would be no problem if I could change order of authentication method. First one - Local auth (Zimbra), second - External (Active Directory).

If the first one completes success then no external auth.

If the first one fail - then try external auth.

Is it possible?



Explaining - Why I need this?

I've made migration process of accounts with passwords from old email system (not zimbra) to Zimbra. Old system was configured only for local auth (separate user passwords for A.D. and mail server) So, now I have some clients with are authenticate with local passwords (old way - will change in time) and some clients with are authenticate with domain. And some email accounts with are not in the domain.

And now... For users with domain accounts which have e-mail clients configured "old way" - with "local" passwords , there are cases when AD can lock their accouts because of many authentication failures in short time (ex. someone has a lot of configured/connected Zimbra calendars and many e-mail accouts). And It's happening.

Mixed authentication - disable external for specific accounts

Posted: Tue Jan 20, 2015 9:42 am
by greges
Jorge de la Cruze , any idea? You asked to check MTA version, what for? ;)

Re: Mixed authentication - disable external for specific accounts

Posted: Tue Jan 29, 2019 9:42 am
by jasggomes
Hi to all,

Zimbra version is 8.8.7_GA_1964.FOSS

Instead of opening another thread, I'll use this one.

Due to the fact that we had to upgrade our Win 2008 R2 server to Win2019 Essentials, we are now facing an issue related to the number of users we can have on the AD itself.

So, we have the authentication to the AD enabled but we have more than 25 email addresses in use, mainly these are service accounts, so the idea is to allow these service accounts to login using the local database instead of the AD one.

Can this be done? or do I need to revert back to use only the local database and disable the use of the AD one ?

Regards.
JG

Re: Mixed authentication - disable external for specific accounts

Posted: Tue Jan 29, 2019 9:51 am
by DualBoot
Hello,

you set up the authentication fallback to do that.

Regards,

Re: Mixed authentication - disable external for specific accounts

Posted: Tue Jan 29, 2019 11:30 am
by jasggomes
DualBoot wrote:Hello,

you set up the authentication fallback to do that.

Regards,


Thank you for your reply.

Well, pretty much after writing on these threads I managed to find the setting that allows to use both Internal and External.

For future reference to others, it is on::

Configure -> Domains -> <domain to be configured> ->edit
then
Authentication -> click the checkbox 'If fail,fail back to local password management'.

This solved the question to me, as my accounts now can log on using local authentication.

Regards.
JG