Zimbra和Active Directory的结合,Zimbra使用AD进行认证

Zimbra和Active Directory的结合,Zimbra使
用AD进行认证
在日常Active Directory管理中，需要AD辅佐认证的服务好多，今天进行Zimbra和AD结合，是Zimbra通过AD进行认证，账号管理更简单方便。

测试准备：
安装系统：
PC1：Centos6.5 64 最小化安装。

PC2：Windows server 2012
安装Zimbra
1.yum安装依赖库
2.yum -y install libidn11 curl fetchmail libpcre3 libgmp3c2 libxml2
libaiolibstdc++6opensslperlsysstatlibtool-ltdlcompat-libstdc* nc file
3.yum -y update
4.停止系统默认邮件服务
5.chkconfig postfix off
6./etc/init.d/postfix stop
Shutting down postfix: [ OK ]
7.关闭SELINUX（zimbra要求的。

）
8.vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted – Targeted processes are protected,
# mls – Multi Level Security protection.
SELINUXTYPE=targeted
9.改系统防火墙配置（根据个人需要修改）
10.vi /etc/sysconfig/iptables
增加iptables内容如下:
# enable zimbra ports
-A INPUT -mstate --state NEW -m tcp -p tcp --dport25 -j ACCEPT
-A INPUT -mstate --state NEW -m tcp -p tcp --dport80 -j ACCEPT
-A INPUT -mstate --state NEW -m tcp -p tcp --dport110 -j ACCEPT
-A INPUT -mstate --state NEW -m tcp -p tcp --dport389 -j ACCEPT
-A INPUT -mstate --state NEW -m tcp -p tcp --dport443 -j ACCEPT
-A INPUT -mstate --state NEW -m tcp -p tcp --dport465 -j ACCEPT
-A INPUT -mstate --state NEW -m tcp -p tcp --dport993 -j ACCEPT
-A INPUT -mstate --state NEW -m tcp -p tcp --dport995 -j ACCEPT
-A INPUT -mstate --state NEW -m tcp -p tcp --dport5222 -j ACCEPT
-A INPUT -mstate --state NEW -m tcp -p tcp --dport7071 -j ACCEPT
-A INPUT -mstate --state NEW -m tcp -p tcp --dport873 -j ACCEPT
-A INPUT -mstate --state NEW -m tcp -p tcp --dport7110 -j ACCEPT
-A INPUT -mstate --state NEW -m tcp -p tcp --dport7780 -j ACCEPT
11.修改hosts文件
12.vi /etc/hosts
hosts文件增加内容如下：
10.11.32.74
13.重新启动系统
SELINUX需要重启才能生效。

14.reboot
15.下载ZCS安装包
16.cd /home
17.wget -c
/downloads/8.0.7_GA/zcs-8.0.7_GA_6021.RHEL6_6
4.20140408123911.tgz
18.解压Tar包
19.[root@testmail ~]# cd /home
20.[root@testmail home]# tar -xzvf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911.tgz
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/packages/
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/packages/zimbra-apache-8.0.7_GA_6021.RHE L6_64-20140408123911.x86_64.rpm
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/packages/zimbra-core-8.0.7_GA_6021.RHEL6 _64-20140408123911.x86_64.rpm
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/packages/zimbra-ldap-8.0.7_GA_6021.RHEL6 _64-20140408123911.x86_64.rpm
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/packages/zimbra-logger-8.0.7_GA_6021.RHE L6_64-20140408123911.x86_64.rpm
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/packages/zimbra-memcached-8.0.7_GA_6021.
RHEL6_64-20140408123911.x86_64.rpm
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/packages/zimbra-mta-8.0.7_GA_6021.RHEL6 _64-20140408123911.x86_64.rpm
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/packages/zimbra-proxy-8.0.7_GA_6021.RHEL 6_64-20140408123911.x86_64.rpm
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/packages/zimbra-snmp-8.0.7_GA_6021.RHEL 6_64-20140408123911.x86_64.rpm
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/packages/zimbra-spell-8.0.7_GA_6021.RHEL6
_64-20140408123911.x86_64.rpm
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/packages/zimbra-store-8.0.7_GA_6021.RHEL 6_64-20140408123911.x86_64.rpm
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/bin/
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/bin/get_plat_tag.sh
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/bin/zmdbintegrityreport
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/data/
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/data/versions-init.sql
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/YPL.txt
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/zcl.txt
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/zimbra_public_eula_2.4.txt
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/oracle_jdk_eula.txt
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/admin.pdf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/Fedora Server Config.pdf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/Import_Wizard_Outlook.pdf zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/Migration_Exch_Admin.pdf zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/Migration_Exch_User.pdf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/MigrationWizard_Domino.pdf zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/MigrationWizard.pdf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/OSmultiserverinstall.pdf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/quick_start.pdf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/RNZCSO_2005Beta.pdf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/User Instructions for ZCS Import Wizard.pdf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/ZimbraiCalendar Migration Guide.pdf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/Zimbra_Release_Note.pdf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/Zimbra Schema.pdf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/zimbra_user_guide.pdf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/util/
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/util/modules/
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/util/modules/getconfig.sh
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/util/modules/packages.sh
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/util/modules/postinstall.sh
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/util/addUser.sh
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/util/globals.sh
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/util/utilfunc.sh
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/readme_source_en_US.txt
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/readme_binary_en_US.txt
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/install.sh
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/README.txt
21.安装Install，由于是Centos使用redhat安装包，所以安装要添加参数-platform-override
22../install.sh --platform-override
安装过程，主要是“Create domain“改变域名为domain.con；修改管理员密码3->4->r->a；本安装是把所有服务安装在一台服务器上，分布式的安装请参考其他资料。

密码又系统设定为：fd4rqxeKu
23.安装完成后重启一下zimbra
24.su - zimbra
25.zmcontrol stop
26.zmcontrol start
27.安装完成。

直接输入自己当时设定的域名即可访问
管理只需要在域名后面加上:7071即可。

安装Windows2012 + 创建AD
1.PC更名
2.添加角色和功能
3.下一步
只选择AD域服务，其他不选
4.到此Windows2012域服务已经安装完毕，2012跟2008和2003有些不同，需要另外安装域控制器，也就是
虽然安装了域服务，但本机还不是域控制器。

点击右上角的小旗子，点击将此服务器提升为域控制器。

5.添加新林
6.设置还原密码
7.
8.
点击安装
9.到此，Windows2012和一个新的林域已经安装完成。

Zimbra使用AD作为验证
1.打开Zimbra管理界面，选择配置-域名-选择域名-点击右上角的齿轮图标-点击设置验证方法
2.选择外部AD
3.填写AD的域名
4.Ldap绑定不填，下一步
5.验证配置摘要，填写一个普通账户和对应密码：
6.点击测试，测试通过即可，如不通过，请检查上一步填写的账号是否出错或者Domain填写出错。

7.外部组设定不填写。

8.配置完成。

Zimbra使用AD认证的使用方法
1.点击管理，账号，新建账号。

2.输入Email账号，姓名，你会发现原本要求输入密码的地方消失了，没有要求你填写密码。

3.点击完成，即可看见新创建的Email账号
4.进入前台登陆界面，尝试登陆，虽然输入密码，会发现提示密码错误。

5.在AD新建一个账号，名字跟Email账号一致，密码为123456wW (密码设定需要一定复杂性)
6.再次到登陆界面，输入AD账号中的密码，点击登陆。

7.登陆成功。

到此，本文已经完成了，但有几个问题我希望能解决。

1.AD账号能自动同步到Zimbra账号，减小创建账号的手续。

2.Zimbra前台修改密码的时候能同时修改AD的账号密码。

（现时只能通过修改AD账号密码改变Zimbra
账号密码。