Two-Factor Authentication for Zimbra Open Source Edition

Posted by

Thanks to BTACTIC, an open source & cloud solution that has created a great add-on MALDUA’S Zimbra OSE 2FA Extension & Administration Zimlet. This add-on enables the Two Factor Authentication feature on Zimbra Open Source Edition.

I have tested it on Zimbra 8.8.15 OSE and Zimbra 10 OSE (unofficial) and it works.

# Install MALDUA’S Zimbra OSE 2FA Extension

Download lastversion

pip3 install lastversion

Plese run as user ROOT

mkdir /tmp/zimbra-ose-2fa
cd /tmp/zimbra-ose-2fa/
lastversion --format assets --only 0.6.0 extract https://github.com/btactic/zimbra-ose-2fa

Install MALDUA’S Zimbra OSE 2FA Extension

./install.sh --compulsory

Note: On multi server, run above step on every mailboxes servers

Restart Mailbox

su - zimbra -c 'zmmailboxdctl restart'

Now, open Zimbra Admin to enable TFA on COS or per account

Note:
– Tick Enable 2FA for enable.
– Tick Require 2FA if you want to enforce 2FA for user. When user login from webmail, user will be enforce to set-up 2FA

Login to webmail to Begin set-up 2FA

Insert password first to setup 2FA

You must install authenticator app to insert Key from generated in the next step

Add key to the authenticator app

Enter code generated by authenticator app

If the code matches, you have successfully set up 2FA

Now, when user login from webmail, user will be asked 2FA code generated by authenticator app

For setup application who does not support TOTP, you can generate application passcode. You can follow guidance from Zimbra Wiki: https://wiki.zimbra.com/wiki/Zimbra_Two-factor_authentication

Good luck 🙂

Source: https://github.com/btactic/zimbra-ose-2fa

27 comments

  1. saya coba di zimbra berhasil, buka via webmail juga sukses, tapi kalo setting di client outlook dan thunderbird msh blm berhasil, ada panduannya juga nggak pak yg untuk setting di client ms outlook dan thunderbird?
    Terima kasih

  2. It seems that when changing the main password of the email account, all created 2FA application passwords are purged, although this should not happen. Apparently, it’s a bug?

      1. unable to run “lastversion –format assets –only 0.6.0 extract https://github.com/btactic/zimbra-ose-2fa” getting this below error message, could please help me to resolve this issue.

        “/usr/lib64/python3.6/tarfile.py:2221: RuntimeWarning: The default behavior of tarfile extraction has been changed to disallow common exploits (including CVE-2007-4559). By default, absolute/parent paths are disallowed and some mode bits are cleared. See https://access.redhat.com/articles/7004769 for more details. RuntimeWarning)”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.