Zimbra Tips : Integration of Active Directory/Samba4 with Zimbra Mail Server

Posted by

Zimbra Mail Server have 3 methods of authentications. First method is Internal LDAP Zimbra, second method is external LDAP and third method is External Active Directory. On this section, i will explain how to integration active directory as center authentication users of Zimbra.

Active directory can be replaced with Samba4. Information about and how to install Samba4, can checked at this link https://imanudin.net/category/samba/

– Go to Zimbra Admin | Configure | Domains. Right click on domain and select Configure Authentication

– Select External Active Directory and Next

– in AD domain name, inser domain from Active Directory and also AD server then Next

zimbra-integrated-samba4

– On the LDAP Bind, leave it blank then Next

– In the Authentication Config Summary, enter one of the user to be tested whether the connection between Zimbra with Active Directory / Samba4 is correct or not, and then click Test. If successful, then the connection is correct. However, if that fails, try to check its configuration, both the status of service on Active Directory / Samba4 or service on Zimbra itself

zimbra-integrated-test-user

– On the External Group Setting leave it blank and click Next and Finish

Now, your domain has been integration with active directory/Samba4 for authentication.  Although already using External Active Directory/Samba4, we still need to create an account manually via Zimbra admin as mailboxes of users who are in the Active Directory/Samba4.

If you want to automatic create mailbox from users of active directory/Samba4, you can using Zimbra Auto Provision as describe at this link : http://goo.gl/4dXlGJ or from this blog for how to 😀

Update July 2, 2021

If you are using Samba4 and get error like below

com.zimbra.cs.ldap.LdapException: LDAP error: – unable to ldap authenticate: BindSimple: Transport encryption required.

Add this to smb.conf and restart Samba4 service

ldap server require strong auth = No

Or you can configure LDAP over SSL here: Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC. Please make sure you are using a trusted certificate

Good luck and hopefully useful 😀

26 comments

  1. hi iman,

    Great and nice blog..

    I follow your tutorials, successfully integrate AD and zimbra in my test environment.. but in my case we have multiple mail domain.. how can i accomplish this to have all users in AD have single sign-on?

    1. Hi Ferjun,

      Did you mean, you have multi domains in single Zimbra Mail server? if yes, you only doing same configure for other domain

  2. hi iman, thanks I got it.. Need your help how I can migrate from iredmail to Zimbra..what are the tools needed to to this.. I’m looking around the net but can’t find any guide..

    Thanks appreciate your help..

  3. I follow your tutorials, successfully integrate AD and zimbra in my test environment.. but in my case we have multiple mail domain.. how can i accomplish this to have all users in AD have single sign-on?

    ZSC-OSE – CentOS 6 MSWIN12K2R2 AD
    zimbra.mail AD pink.com, red.com, yellow.com, black.com, white.com

    Thank you

    1. H Pinky,

      Please Doing the same configuration for other domain. Integrated AD with Zimbra refer into domain, not to servers. So, you could configure the same configuration as domain previously

  4. hi iman,
    I have integrated authentication between Zimbra and AD, but I can not change the password of the email on AD from web mail. how i can do it ?

  5. I’ve tried the steps but without success. What if my AD doesn’t allow anonymous query? Do I have to fill in the LDAP Bind page? I’ve tried several combination of the Bind DN but can’t get it to work. Anyone got an example? Can’t find anything from Google.

  6. Integration of Zimbra with AD is done.

    Now when user change his password from AD he is able to login with new password as well as he is able to login with old password.

    I cant understand why?

    When I restart mta service (zmmtactl restart) then zimbra will not accept old password.

    1. Hello,

      I think Zimbra have the cache for every user login. Please wait until 1 minutes and try to re-login again with a new password

  7. hi,

    i have configured wirh samba 4 and I have problems withs some account, It seems that user principalname is a number then is not working .cI have migrated from openldap where username was name ans alias number , ans was available to auth with boths usernames, and now any of boths works…
    where is the problem?

  8. Hallo Mas Iman,

    Mau tanya dong, klo keluar error begini terus kenapa ya?
    com.zimbra.cs.ldap.LdapException: LDAP error: – unable to ldap authenticate: BindSimple: Transport encryption required.
    ExceptionId:qtp509886383-4354:https://10.5.4.4:7071/service/admin/soap/CheckAuthConfigRequest:1477651391328:2c81c7ae9f444966
    Code:ldap.LDAP_ERROR

    klo connetion ke samba server sudah saya coba dengan
    telnet 389
    coneccted mas.

    terus saya coba ke AD lain WIN2K3 tandpa ssl jga tetap bisa.

    Regards,

    1. Hi mas,

      Coba pada saat konfigurasi, masukkan username dan password pada BIND untuk autentikasi. Pada contoh artikel disini menggunakan mode anonymous

      1. Hello Iman,

        I installed in lab mode an zimbra 8.7 and an samba 4.5.0.
        I try the integration of zimbra server for authentification but l have the same problem that Nopriyan in October 2016 says:

        com.zimbra.cs.ldap.LdapException: LDAP error: – unable to ldap authenticate: BindSimple: Transport encryption required.

        I don’t understand the language of his posts and your reponse.
        Please can you translate his post and your response in English?

        Thanks

          1. Thanks a lot for the link.
            I change the smb.conf with the detail of the samba post for activate TLS for samba but after i have this error on Zimbra:

            “SSL connection problem. Probably a self-signed certificat by server: third authority”

            I test samba and zimbra in lab mode so i don’t want pay a certificate from an certification authority. nobody else had his problem? Can i desactivate some security on the zimbra side?
            I search but i find nothing on this subject…

            Thanks for your help

  9. Udah bisa mas.
    Ternyata pada samba v 4.4.5 harus menambahkan config tls pada smb.conf nya.

    Thanks buat tutorialnya, sangat membantu.

    Regards,

  10. HI,
    I want to install Zimbra8 mail server and Samba4 on a single dell server, what are the steps of doing this? When I try to install both of these then dnscache service gives error..

    Plz help.

    Thanks

Leave a Reply to iman Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.