LDAP Admin Password: Not verified

[SuperLex]

Hello everybody,

I can't progress with my multi server intallation, I had install an LDAP Zimbra server and I would like to continue to install an MDA Zimbra and MTA Zimbra.

So, when I want to configure by menu on the MTA or MDA, I'm going to the first step (Common configuration) I type my LDAP master host: ldap.mydomain.com and I put my password but I have the message Not Verified.
The password is the same of my LDAP administration password.
I had follow and read the installation guide of Zimbra and search on Internet but I didn't found the miracle solution.

I'm on centos 7.5.1804 and the last Zimbra version 8.8.10.
My DNS have the good configuration, the firewall is down on the LDAP server and the LDAP server is fonctionnal.
On my resolv.conf: I have my domain, the IP of my DNS, and the public DNS.
On my host file: I have the LDAP, MDA, MTA, DNS IP address.
I don't understand were is my problem.

Who can help me ? Thank you.

[L. Mark Stone]

Hello everybody,

I can't progress with my multi server intallation, I had install an LDAP Zimbra server and I would like to continue to install an MDA Zimbra and MTA Zimbra.

So, when I want to configure by menu on the MTA or MDA, I'm going to the first step (Common configuration) I type my LDAP master host: ldap.mydomain.com and I put my password but I have the message Not Verified.
The password is the same of my LDAP administration password.
I had follow and read the installation guide of Zimbra and search on Internet but I didn't found the miracle solution.

I'm on centos 7.5.1804 and the last Zimbra version 8.8.10.
My DNS have the good configuration, the firewall is down on the LDAP server and the LDAP server is fonctionnal.
On my resolv.conf: I have my domain, the IP of my DNS, and the public DNS.
On my host file: I have the LDAP, MDA, MTA, DNS IP address.
I don't understand were is my problem.

Who can help me ? Thank you.

Please post the actual contents of the /etc/hosts and /etc/resolv.conf files from all of your zimbra servers as a start.

Depending on what we see we may ask for more info.

Mark

[SuperLex]

Thank you for your answer,

You can see my files:

- hosts:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.252 ldap.domain.com
192.168.1.251 mda.domain.com
192.168.1.250 mta.domain.com

- resolv.conf:
# Generated by NetworkManager
search domain.com
nameserver 192.168.1.254
nameserver 208.67.222.222

Thank you.

[L. Mark Stone]

Thank you for your answer,

You can see my files:

- hosts:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.252 ldap.domain.com
192.168.1.251 mda.domain.com
192.168.1.250 mta.domain.com

- resolv.conf:
# Generated by NetworkManager
search domain.com
nameserver 192.168.1.254
nameserver 208.67.222.222

Thank you.

OK, well there are some big problems right there for sure...

First, your /etc/hosts file should read:

Code: Select all

127.0.0.1 localhost.localdomain localhost
192.168.1.252   ldap.domain.com ldap
192.168.1.251   mda.domain.com mda
192.168.1.250   mta.domain.com mta

Next, any nameservers in /etc/resolv.conf must resolve the RFC1918 private IP addresses of your Zimbra servers, so please delete the OpenDNS server line so that /etc/resolv.conf contains just:

Code: Select all

search domain.com
nameserver 192.168.1.254

Lastly make sure that from each and every one of your Zimbra servers forward, reverse and MX lookups succeed, again with the private IP addresses of your Zimbra servers. You should see something like:

Code: Select all

ubuntu@ldap:~$ host ldap
ldap.domain.com has address 192.168.1.252
ubuntu@ldap:~$ host 192.168.1.252
252.1.168.192.in-addr.arpa domain name pointer ldap.domain.com.
ubuntu@ldap:~$ dig @192.168.1.254 domain.com mx
<snip>
;; ANSWER SECTION:
domain.com. 0	IN	MX	5 mta.domain.com.
<snip>
;; ADDITIONAL SECTION:
mta.domain.com. 0 IN	A	192.168.1.250
<snip>

You may also want to consider using dnsmasq on your Zimbra servers for DNS resolution, and use the OpenDNS servers for upstream resolution.

Take a look at my blog posts for more info:
https://www.missioncriticalemail.com/20 ... ick-start/
https://www.missioncriticalemail.com/20 ... ion-guide/

You may also want to reread the Single- and Multi-Server Installation Guides available here: https://www.zimbra.com/documentation/

Hope that helps,
Mark

[SuperLex]

Thank you for your answer,

I had configure my files like you and I want use my DNS server.
I had reinstall LDAP server dans reinstall MTA server and the password is again in Not Verified.

The commands tests are all functional.

[L. Mark Stone]

So what passwords are you entering when the second installer asks you to verify them?

[SuperLex]

The password is the same of all LDAP configuration:
Ldap Admin password:
Ldap root password
Ldap replication password
Ldap postfix password
Ldap amavis password
Ldap nginx password
Ldap Bes Searcher password

[L. Mark Stone]

The password is the same of all LDAP configuration:
Ldap Admin password:
Ldap root password
Ldap replication password
Ldap postfix password
Ldap amavis password
Ldap nginx password
Ldap Bes Searcher password

I know the password is generally the same, but what I was trying to ask you is:

How did you get the passwords you entered when prompted by the installer on the second server? Did you just try to accept the passwords provided by the installer on the second Zimbra server, or did you run "zmlocalconfig -s | grep -i password" on the first Zimbra server and manually enter those passwords when the installer on the second server prompts you for them?

I ask because, based on what you posted regarding your /etc/resolv.conf and /etc/hosts files, it seems that you are not following the installation instructions. That's why I suggested reviewing them.

In my experience, it's common that even experienced Linux sys admins new to Zimbra multi-server installs will interpret "verify" the password on subsequent Zimbra installs as just looking at, and hitting Enter to "verify" what the installer shows. But that's not correct; you have to use the passwords provided by the first Zimbra server.

Mark

[SuperLex]

On the LDAP server i put zmlocalconfig -s | grep 'ldap_' | egrep 'password|url' command, and I had put the password on MTA or MDA server.

I'm in re-reading the zimbra installation.

[SuperLex]

Hi,

I retry an new install with your configuration files and fallow the zimbra configuration guide. It's allways Not Verified. I d'ont know why the MTA or MDA server can't resolv password of LDAP server