Zimbra Mail Server have 3 methods of authentications. First method is Internal LDAP Zimbra, second method is external LDAP and third method is External Active Directory. On this section, i will explain how to integration active directory as center authentication users of Zimbra.
Active directory can be replaced with Samba4. Information about and how to install Samba4, can checked at this link https://imanudin.net/category/samba/
– Go to Zimbra Admin | Configure | Domains. Right click on domain and select Configure Authentication
– Select External Active Directory and Next
– in AD domain name, inser domain from Active Directory and also AD server then Next
– On the LDAP Bind, leave it blank then Next
– In the Authentication Config Summary, enter one of the user to be tested whether the connection between Zimbra with Active Directory / Samba4 is correct or not, and then click Test. If successful, then the connection is correct. However, if that fails, try to check its configuration, both the status of service on Active Directory / Samba4 or service on Zimbra itself
– On the External Group Setting leave it blank and click Next and Finish
Now, your domain has been integration with active directory/Samba4 for authentication. Although already using External Active Directory/Samba4, we still need to create an account manually via Zimbra admin as mailboxes of users who are in the Active Directory/Samba4.
If you want to automatic create mailbox from users of active directory/Samba4, you can using Zimbra Auto Provision as describe at this link : http://goo.gl/4dXlGJ or from this blog for how to 😀
Update July 2, 2021
If you are using Samba4 and get error like below
com.zimbra.cs.ldap.LdapException: LDAP error: – unable to ldap authenticate: BindSimple: Transport encryption required.
Add this to smb.conf and restart Samba4 service
ldap server require strong auth = No
Or you can configure LDAP over SSL here: Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC. Please make sure you are using a trusted certificate
Good luck and hopefully useful 😀
hi iman,
Great and nice blog..
I follow your tutorials, successfully integrate AD and zimbra in my test environment.. but in my case we have multiple mail domain.. how can i accomplish this to have all users in AD have single sign-on?
Hi Ferjun,
Did you mean, you have multi domains in single Zimbra Mail server? if yes, you only doing same configure for other domain
yes, multi domain in single Zimbra Mail Server..
hi iman, thanks I got it.. Need your help how I can migrate from iredmail to Zimbra..what are the tools needed to to this.. I’m looking around the net but can’t find any guide..
Thanks appreciate your help..
I follow your tutorials, successfully integrate AD and zimbra in my test environment.. but in my case we have multiple mail domain.. how can i accomplish this to have all users in AD have single sign-on?
ZSC-OSE – CentOS 6 MSWIN12K2R2 AD
zimbra.mail AD pink.com, red.com, yellow.com, black.com, white.com
Thank you
H Pinky,
Please Doing the same configuration for other domain. Integrated AD with Zimbra refer into domain, not to servers. So, you could configure the same configuration as domain previously
hi iman,
I have integrated authentication between Zimbra and AD, but I can not change the password of the email on AD from web mail. how i can do it ?
Hi Tran Duc Thang,
You cannot change password AD via Zimbra Webmail. You should use third party application like LTB. Please take a look the following article : https://imanudin.net/2015/02/03/how-to-change-password-users-active-directorysamba4-via-web-using-ldap-toolbox/
I’ve tried the steps but without success. What if my AD doesn’t allow anonymous query? Do I have to fill in the LDAP Bind page? I’ve tried several combination of the Bind DN but can’t get it to work. Anyone got an example? Can’t find anything from Google.
Hello,
You can use BIND DN. In my Samba4 AD, by default the BIND DN is cn=Administrator,CN=users,DC=MY-DOMAIN,DC=TLD
Integration of Zimbra with AD is done.
Now when user change his password from AD he is able to login with new password as well as he is able to login with old password.
I cant understand why?
When I restart mta service (zmmtactl restart) then zimbra will not accept old password.
Hello,
I think Zimbra have the cache for every user login. Please wait until 1 minutes and try to re-login again with a new password
hi,
i have configured wirh samba 4 and I have problems withs some account, It seems that user principalname is a number then is not working .cI have migrated from openldap where username was name ans alias number , ans was available to auth with boths usernames, and now any of boths works…
where is the problem?
Hello Nirt,
Sorry, i am cannot help you :(. My experience about LDAP is less (not much)
Hallo Mas Iman,
Mau tanya dong, klo keluar error begini terus kenapa ya?
com.zimbra.cs.ldap.LdapException: LDAP error: – unable to ldap authenticate: BindSimple: Transport encryption required.
ExceptionId:qtp509886383-4354:https://10.5.4.4:7071/service/admin/soap/CheckAuthConfigRequest:1477651391328:2c81c7ae9f444966
Code:ldap.LDAP_ERROR
klo connetion ke samba server sudah saya coba dengan
telnet 389
coneccted mas.
terus saya coba ke AD lain WIN2K3 tandpa ssl jga tetap bisa.
Regards,
Hi mas,
Coba pada saat konfigurasi, masukkan username dan password pada BIND untuk autentikasi. Pada contoh artikel disini menggunakan mode anonymous
Hello Iman,
I installed in lab mode an zimbra 8.7 and an samba 4.5.0.
I try the integration of zimbra server for authentification but l have the same problem that Nopriyan in October 2016 says:
com.zimbra.cs.ldap.LdapException: LDAP error: – unable to ldap authenticate: BindSimple: Transport encryption required.
I don’t understand the language of his posts and your reponse.
Please can you translate his post and your response in English?
Thanks
Hi Alexander,
Nopriyan have solved the problem with add TLS on smb.conf. Please see the example configuration from this link : https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC#Important_smb.conf_parameters_for_LDAPS
Thanks a lot for the link.
I change the smb.conf with the detail of the samba post for activate TLS for samba but after i have this error on Zimbra:
“SSL connection problem. Probably a self-signed certificat by server: third authority”
I test samba and zimbra in lab mode so i don’t want pay a certificate from an certification authority. nobody else had his problem? Can i desactivate some security on the zimbra side?
I search but i find nothing on this subject…
Thanks for your help
Hi Alexander,
You can try SSL lets encrypt installing on Zimbra
Udah bisa mas.
Ternyata pada samba v 4.4.5 harus menambahkan config tls pada smb.conf nya.
Thanks buat tutorialnya, sangat membantu.
Regards,
bisa lihat konfigurasinya gimana? saya juga mengalami seperti itu
HI,
I want to install Zimbra8 mail server and Samba4 on a single dell server, what are the steps of doing this? When I try to install both of these then dnscache service gives error..
Plz help.
Thanks
Hi,
You cannot run Zimbra and Samba4 together on the single machine/same machine.