Authentification against samba Active directory

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
machine12
Posts: 5
Joined: Mon Jul 16, 2018 11:35 am
Location: Croatia
ZCS/ZD Version: ZCS 8.8.8

Authentification against samba Active directory

Postby machine12 » Wed Sep 12, 2018 9:51 am

Hi everyone,

I have the following situation

Zimbra OSE 8.8.8

my external domain is example.com
my inside samba AD domain is ad.example.com

i would like to use AD authentication of Zimbra against inner AD domain. I know how to do it but my question are:

When I change the authentication to external active directory can the external AD be different (in this example its an sub-domain of external domain) for the authentication to work, or just the usernames have to be the same?
If I just want to test it and return again to internal LDAP, will the passwords of the internal LDAP be intact?

Thanks in advance


PaperAdvocate
Posts: 16
Joined: Tue Oct 11, 2016 9:28 pm

Re: Authentification against samba Active directory

Postby PaperAdvocate » Thu Sep 13, 2018 10:43 pm

If your Zimbra is in production and you don't want to break things for the existing users, you could add another testing subdomain to your Zimbra server (such as testing.example.com) and use this to test AD authentication. You don't need to setup MX records or anything since you're not testing mailflow. Just create some testing accounts for @testing.example.com and try using AD auth there.

For external authentication only the username seems to matter not the @example.com or @ad.example.com. I have @domainA.com as the users email addresses and @internal.domainB.com as the AD domain which Zimbra authenticates against; users are able to login either with just user.name or user.name@domainA.com.

There is a fallback feature so you can still authenticate with Zimbra internally if the external authentication fails: https://wiki.zimbra.com/wiki/Using_and_ ... _attribute

I've never used it before but it's for the scenario that you describe.
machine12
Posts: 5
Joined: Mon Jul 16, 2018 11:35 am
Location: Croatia
ZCS/ZD Version: ZCS 8.8.8

Re: Authentification against samba Active directory

Postby machine12 » Mon Sep 17, 2018 9:26 am

Thank a lot. I will try it your way

PaperAdvocate wrote:If your Zimbra is in production and you don't want to break things for the existing users, you could add another testing subdomain to your Zimbra server (such as testing.example.com) and use this to test AD authentication. You don't need to setup MX records or anything since you're not testing mailflow. Just create some testing accounts for @testing.example.com and try using AD auth there.

For external authentication only the username seems to matter not the @example.com or @ad.example.com. I have @domainA.com as the users email addresses and @internal.domainB.com as the AD domain which Zimbra authenticates against; users are able to login either with just user.name or user.name@domainA.com.

There is a fallback feature so you can still authenticate with Zimbra internally if the external authentication fails: https://wiki.zimbra.com/wiki/Using_and_ ... _attribute

I've never used it before but it's for the scenario that you describe.

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 29 guests