Zimbra和Active Directory的结合,Zimbra使用AD进行认证
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
Zimbra和Active Directory的结合,Zimbra使
用AD进行认证
在日常Active Directory管理中,需要AD辅佐认证的服务好多,今天进行Zimbra和AD结合,是Zimbra通过AD进行认证,账号管理更简单方便。
测试准备:
安装系统:
PC1:Centos6.5 64 最小化安装。
PC2:Windows server 2012
安装Zimbra
1.yum安装依赖库
2.yum -y install libidn11 curl fetchmail libpcre3 libgmp3c2 libxml2
libaiolibstdc++6opensslperlsysstatlibtool-ltdlcompat-libstdc* nc file
3.yum -y update
4.停止系统默认邮件服务
5.chkconfig postfix off
6./etc/init.d/postfix stop
Shutting down postfix: [ OK ]
7.关闭SELINUX(zimbra要求的。
)
8.vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing – SELinux security policy is enforced.
# permissive – SELinux prints warnings instead of enforcing.
# disabled – No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted – Targeted processes are protected,
# mls – Multi Level Security protection.
SELINUXTYPE=targeted
9.改系统防火墙配置(根据个人需要修改)
10.vi /etc/sysconfig/iptables
增加iptables内容如下:
# enable zimbra ports
-A INPUT -mstate --state NEW -m tcp -p tcp --dport25 -j ACCEPT
-A INPUT -mstate --state NEW -m tcp -p tcp --dport80 -j ACCEPT
-A INPUT -mstate --state NEW -m tcp -p tcp --dport110 -j ACCEPT
-A INPUT -mstate --state NEW -m tcp -p tcp --dport389 -j ACCEPT
-A INPUT -mstate --state NEW -m tcp -p tcp --dport443 -j ACCEPT
-A INPUT -mstate --state NEW -m tcp -p tcp --dport465 -j ACCEPT
-A INPUT -mstate --state NEW -m tcp -p tcp --dport993 -j ACCEPT
-A INPUT -mstate --state NEW -m tcp -p tcp --dport995 -j ACCEPT
-A INPUT -mstate --state NEW -m tcp -p tcp --dport5222 -j ACCEPT
-A INPUT -mstate --state NEW -m tcp -p tcp --dport7071 -j ACCEPT
-A INPUT -mstate --state NEW -m tcp -p tcp --dport873 -j ACCEPT
-A INPUT -mstate --state NEW -m tcp -p tcp --dport7110 -j ACCEPT
-A INPUT -mstate --state NEW -m tcp -p tcp --dport7780 -j ACCEPT
11.修改hosts文件
12.vi /etc/hosts
hosts文件增加内容如下:
10.11.32.74
13.重新启动系统
SELINUX需要重启才能生效。
14.reboot
15.下载ZCS安装包
16.cd /home
17.wget -c
/downloads/8.0.7_GA/zcs-8.0.7_GA_6021.RHEL6_6
4.20140408123911.tgz
18.解压Tar包
19.[root@testmail ~]# cd /home
20.[root@testmail home]# tar -xzvf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911.tgz
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/packages/
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/packages/zimbra-apache-8.0.7_GA_6021.RHE L6_64-20140408123911.x86_64.rpm
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/packages/zimbra-core-8.0.7_GA_6021.RHEL6 _64-20140408123911.x86_64.rpm
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/packages/zimbra-ldap-8.0.7_GA_6021.RHEL6 _64-20140408123911.x86_64.rpm
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/packages/zimbra-logger-8.0.7_GA_6021.RHE L6_64-20140408123911.x86_64.rpm
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/packages/zimbra-memcached-8.0.7_GA_6021.
RHEL6_64-20140408123911.x86_64.rpm
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/packages/zimbra-mta-8.0.7_GA_6021.RHEL6 _64-20140408123911.x86_64.rpm
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/packages/zimbra-proxy-8.0.7_GA_6021.RHEL 6_64-20140408123911.x86_64.rpm
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/packages/zimbra-snmp-8.0.7_GA_6021.RHEL 6_64-20140408123911.x86_64.rpm
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/packages/zimbra-spell-8.0.7_GA_6021.RHEL6
_64-20140408123911.x86_64.rpm
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/packages/zimbra-store-8.0.7_GA_6021.RHEL 6_64-20140408123911.x86_64.rpm
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/bin/
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/bin/get_plat_tag.sh
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/bin/zmdbintegrityreport
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/data/
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/data/versions-init.sql
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/YPL.txt
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/zcl.txt
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/zimbra_public_eula_2.4.txt
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/oracle_jdk_eula.txt
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/admin.pdf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/Fedora Server Config.pdf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/Import_Wizard_Outlook.pdf zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/Migration_Exch_Admin.pdf zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/Migration_Exch_User.pdf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/MigrationWizard_Domino.pdf zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/MigrationWizard.pdf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/OSmultiserverinstall.pdf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/quick_start.pdf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/RNZCSO_2005Beta.pdf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/User Instructions for ZCS Import Wizard.pdf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/ZimbraiCalendar Migration Guide.pdf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/Zimbra_Release_Note.pdf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/Zimbra Schema.pdf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/docs/en_US/zimbra_user_guide.pdf
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/util/
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/util/modules/
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/util/modules/getconfig.sh
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/util/modules/packages.sh
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/util/modules/postinstall.sh
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/util/addUser.sh
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/util/globals.sh
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/util/utilfunc.sh
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/readme_source_en_US.txt
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/readme_binary_en_US.txt
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/install.sh
zcs-8.0.7_GA_6021.RHEL6_64.20140408123911/README.txt
21.安装Install,由于是Centos使用redhat安装包,所以安装要添加参数-platform-override
22../install.sh --platform-override
安装过程,主要是“Create domain“改变域名为domain.con;修改管理员密码3->4->r->a;本安装是把所有服务安装在一台服务器上,分布式的安装请参考其他资料。
密码又系统设定为:fd4rqxeKu
23.安装完成后重启一下zimbra
24.su - zimbra
25.zmcontrol stop
26.zmcontrol start
27.安装完成。
直接输入自己当时设定的域名即可访问
管理只需要在域名后面加上:7071即可。
安装Windows2012 + 创建AD
1.PC更名
2.添加角色和功能
3.下一步
只选择AD域服务,其他不选
4.到此Windows2012域服务已经安装完毕,2012跟2008和2003有些不同,需要另外安装域控制器,也就是
虽然安装了域服务,但本机还不是域控制器。
点击右上角的小旗子,点击将此服务器提升为域控制器。
5.添加新林
6.设置还原密码
7.
8.
点击安装
9.到此,Windows2012和一个新的林域已经安装完成。
Zimbra使用AD作为验证
1.打开Zimbra管理界面,选择配置-域名-选择域名-点击右上角的齿轮图标-点击设置验证方法
2.选择外部AD
3.填写AD的域名
4.Ldap绑定不填,下一步
5.验证配置摘要,填写一个普通账户和对应密码:
6.点击测试,测试通过即可,如不通过,请检查上一步填写的账号是否出错或者Domain填写出错。
7.外部组设定不填写。
8.配置完成。
Zimbra使用AD认证的使用方法
1.点击管理,账号,新建账号。
2.输入Email账号,姓名,你会发现原本要求输入密码的地方消失了,没有要求你填写密码。
3.点击完成,即可看见新创建的Email账号
4.进入前台登陆界面,尝试登陆,虽然输入密码,会发现提示密码错误。
5.在AD新建一个账号,名字跟Email账号一致,密码为123456wW (密码设定需要一定复杂性)
6.再次到登陆界面,输入AD账号中的密码,点击登陆。
7.登陆成功。
到此,本文已经完成了,但有几个问题我希望能解决。
1.AD账号能自动同步到Zimbra账号,减小创建账号的手续。
2.Zimbra前台修改密码的时候能同时修改AD的账号密码。
(现时只能通过修改AD账号密码改变Zimbra
账号密码。