This is part 2 of 2 article. Previous article : User Account Integration between Samba PDC & Zimbra Mail Server on openSUSE/SLES Part 1
MANAGING SAMBA DOMAIN WITH ZIMBRA ADMIN
- Restart samba service with the following command :
service smb restart
- Login to Zimbra Admin and see that these are 2 new entry on left panel menu : Posix Groups and Samba Domain. If you click on Samba Domain, there should be existing entry, your Samba domain (in my sample : vavai.co.id). Please restart your computer if you found nothing on the Samba Domain menu.
MANAGING LINUX AND SAMBA GROUPS USING ZIMBRA ADMIN
- Login to Zimbra Admin
- Choose Posix Groups
- Click New. Fill in you new group, ie : Accounting. Move to Samba Group tab and choose your domain from combo box. Fill in 2 (default entry for group) on group type text box.
- Click Save
Test the configuration whether Samba successfully read new added groups or no by using this command on konsole/terminal :
su getent group
Samba should be response by display list of groups and your new group should be listed on the list.
Create new user account by using following procedure :
- Open Zimbra Admin
- Click Account
- Click New
- Fill in account profile and description. Account name, First Name, Last Name and Password are mandatory, mark with *. Scroll down to bottom of account wizard to change password.
- Click Next until finish. These are should be 2 add-on tabs/wizard at the end of Account configuration: Posix Groups and Samba Domain. Add your new account as your new group member and Samba domain member
- Click finish
Test the configuration whether Samba successfully read new added user account or no by using following command on konsole/terminal :
su getent passwd
Samba should be response by display list of user account and your new user should be listed on the user list.
UPDATE PROFILE FOR EXISTING ACCOUNT
Run the following command to update profile of existing Zimbra user (user created before Samba-Zimbra joined). Replace Samba SID with your own (Look at Zimbra Admin | Samba Domain) :
zmprov ma email@example.com +objectClass posixAccount uidNumber 10003 gidNumber 10001 homeDirectory /home/admin loginShell /bin/bash zmprov ma firstname.lastname@example.org +objectClass sambaSamAccount sambaDomainName vavai.co.id sambaSID S-1-5-21-3745602466-621825477-2613676135-21006 sambaAcctFlags [UX]
MAKING WINDOWS NT DOMAIN GROUP
We will use this group as Administrative user for join client as domain member :
- Login to Zimbra Admin
- Choose Posix Groups, click New
- Fill ini group name : Domain Admins. Move to Samba tab, pick your domain name from combo box and then choose Special Windows group – Domain Admins
- Click Save
- Run the following command to give this group domain administrative permission :
net rpc rights grant "vavai.co.idDomain Admins" SeAddUsersPrivilege SeMachineAccountPrivilege SePrintOperatorPrivilege
- Create a new user with Zimbra domain and add it as “Domain Admins” group member
ADDING WINDOWS NT/2000/XP MACHINE TO SAMBA DOMAIN
- Login to your Windows workstation with your Administrator user/permission
- Right click on My Computer
- Choose Properties
- Move to Computer Name tab
- Click Change
- Fill in your computer name
- Fill in vavai.co.id as member of domain (not workgroup. Replace vavai.co.id with your domain name)
- Click OK
- Windows will be asked about Administrator user name and password. Use Zimbra user and password who is joined asÂ Domain Admin group member
Finish. You should be able to restart your computer and then login with Zimbra user name and password. You may also use LDAP client as user authentication on Linux client. Modify share permission, share folder, profile, etc to fit with your environment setting.