Mixed authentication - disable external for specific accounts
-
- Outstanding Member
- Posts: 284
- Joined: Sat Sep 13, 2014 1:55 am
- ZCS/ZD Version: 8.8.15_FOSS Patch38
Mixed authentication - disable external for specific accounts
Hi everybody, in our setup we have Zimbra 8.0.6 configured with authentication on Active Directory, and zimbraAuthFallbackToLocal set to TRUE to allow logins for specific accounts (related to automatical internal services) that do not have a domain account. Everything works ok, but we have zimbra log files filled with failed AD login attempts by those accounts, since they check their inboxes automatically very often.
Is there a way to set only internal authentication for specific accounts? I found only domain-wide settings.
Is there a way to set only internal authentication for specific accounts? I found only domain-wide settings.
Mixed authentication - disable external for specific accounts
Hi jobe, did you find solution? I have exactly same issue.
- jorgedlcruz
- Zimbra Alumni
- Posts: 2782
- Joined: Thu May 22, 2014 4:47 pm
Mixed authentication - disable external for specific accounts
Hi guys,
Could you please let us know the result of zmcontrol -v ?
Best regards
Could you please let us know the result of zmcontrol -v ?
Best regards
Mixed authentication - disable external for specific accounts
Release 8.0.6_GA_5922.RHEL6_64_20131203103705 RHEL6_64 FOSS edition
Yeah..., i know - time to upgrade. But will it change anything in that case?
Yeah..., i know - time to upgrade. But will it change anything in that case?
-
- Outstanding Member
- Posts: 284
- Joined: Sat Sep 13, 2014 1:55 am
- ZCS/ZD Version: 8.8.15_FOSS Patch38
Mixed authentication - disable external for specific accounts
Hi Jorge and greges,
I did not manage to find a solution for this problem
Here is my zmcontrol -v:
Release 8.0.6.GA.5922.UBUNTU10.64 UBUNTU10_64 NETWORK edition
I did not manage to find a solution for this problem
Here is my zmcontrol -v:
Release 8.0.6.GA.5922.UBUNTU10.64 UBUNTU10_64 NETWORK edition
Mixed authentication - disable external for specific accounts
An idea ...
In my case, there would be no problem if I could change order of authentication method. First one - Local auth (Zimbra), second - External (Active Directory).
If the first one completes success then no external auth.
If the first one fail - then try external auth.
Is it possible?
Explaining - Why I need this?
I've made migration process of accounts with passwords from old email system (not zimbra) to Zimbra. Old system was configured only for local auth (separate user passwords for A.D. and mail server) So, now I have some clients with are authenticate with local passwords (old way - will change in time) and some clients with are authenticate with domain. And some email accounts with are not in the domain.
And now... For users with domain accounts which have e-mail clients configured "old way" - with "local" passwords , there are cases when AD can lock their accouts because of many authentication failures in short time (ex. someone has a lot of configured/connected Zimbra calendars and many e-mail accouts). And It's happening.
In my case, there would be no problem if I could change order of authentication method. First one - Local auth (Zimbra), second - External (Active Directory).
If the first one completes success then no external auth.
If the first one fail - then try external auth.
Is it possible?
Explaining - Why I need this?
I've made migration process of accounts with passwords from old email system (not zimbra) to Zimbra. Old system was configured only for local auth (separate user passwords for A.D. and mail server) So, now I have some clients with are authenticate with local passwords (old way - will change in time) and some clients with are authenticate with domain. And some email accounts with are not in the domain.
And now... For users with domain accounts which have e-mail clients configured "old way" - with "local" passwords , there are cases when AD can lock their accouts because of many authentication failures in short time (ex. someone has a lot of configured/connected Zimbra calendars and many e-mail accouts). And It's happening.
Mixed authentication - disable external for specific accounts
Jorge de la Cruze , any idea? You asked to check MTA version, what for?
- jasggomes
- Advanced member
- Posts: 90
- Joined: Sat Sep 13, 2014 12:59 am
- Location: Lisbon, PT
- ZCS/ZD Version: Release 8.7.11.GA.1854.UBUNTU14.64
- Contact:
Re: Mixed authentication - disable external for specific accounts
Hi to all,
Zimbra version is 8.8.7_GA_1964.FOSS
Instead of opening another thread, I'll use this one.
Due to the fact that we had to upgrade our Win 2008 R2 server to Win2019 Essentials, we are now facing an issue related to the number of users we can have on the AD itself.
So, we have the authentication to the AD enabled but we have more than 25 email addresses in use, mainly these are service accounts, so the idea is to allow these service accounts to login using the local database instead of the AD one.
Can this be done? or do I need to revert back to use only the local database and disable the use of the AD one ?
Regards.
JG
Zimbra version is 8.8.7_GA_1964.FOSS
Instead of opening another thread, I'll use this one.
Due to the fact that we had to upgrade our Win 2008 R2 server to Win2019 Essentials, we are now facing an issue related to the number of users we can have on the AD itself.
So, we have the authentication to the AD enabled but we have more than 25 email addresses in use, mainly these are service accounts, so the idea is to allow these service accounts to login using the local database instead of the AD one.
Can this be done? or do I need to revert back to use only the local database and disable the use of the AD one ?
Regards.
JG
- DualBoot
- Elite member
- Posts: 1326
- Joined: Mon Apr 18, 2016 8:18 pm
- Location: France - Earth
- ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
- Contact:
Re: Mixed authentication - disable external for specific accounts
Hello,
you set up the authentication fallback to do that.
Regards,
you set up the authentication fallback to do that.
Regards,
- jasggomes
- Advanced member
- Posts: 90
- Joined: Sat Sep 13, 2014 12:59 am
- Location: Lisbon, PT
- ZCS/ZD Version: Release 8.7.11.GA.1854.UBUNTU14.64
- Contact:
Re: Mixed authentication - disable external for specific accounts
Thank you for your reply.DualBoot wrote:Hello,
you set up the authentication fallback to do that.
Regards,
Well, pretty much after writing on these threads I managed to find the setting that allows to use both Internal and External.
For future reference to others, it is on::
Configure -> Domains -> <domain to be configured> ->edit
then
Authentication -> click the checkbox 'If fail,fail back to local password management'.
This solved the question to me, as my accounts now can log on using local authentication.
Regards.
JG