advertisement
▼
Scroll to page 2
of
402
Administrator Guide
Your ticket as a domain user will be saved on the computer. The token will be picked up by the spnego-aware browser and sent in the Authorization header to the Zimbra server.
2.
Browse to the Zimbra Web Client log on page. You should be redirected to your ZWC inbox without being prompted for user name and password.
If spnego auth fails, the user is redirected to an error URL.
Troubleshooting setup
Make sure the following are true.
•
The browser is in the Intranet zone.
•
The user is accessing the server using a Hostname rather than IP address.
•
Integrated Windows authentication in Internet Explorer is enabled, and the host is trusted in Firefox.
•
The server is not local to the browser.
•
The client’s Kerberos system is authenticated to a domain controller.
If the browser display the "401 Unauthorized", it's most likely that the browser either did not send another request with Authorization in response to the 401, or had sent an Authorization which is not using the
GSS-API/SPNEGO scheme.
Check your browser settings, and make sure it is one of the supported browsers/platforms
If you are redirected to the error URL specified in
zimbraSpnegoAuthErrorURL
, that means The SPNEGO authentication sequence does not work.
Take a network trace, make sure the browser sends Authorization header in response to the 401. Make sure the Negotiate is using GSS-API/
SPNEGO, not NTLM (use a network packet decoder like Wireshark) .
After verifying that the browser is sending the correct Negotiate, if it still does not work, turn on the following debug and check Zimbra logs:
•
ADD "-DDEBUG=true -Dsun.security.spnego.debug=all" (note, not replace) to localconfig key spnego_java_options
•
Add log4j.logger.org.mortbay.log=DEBUG in log4j
Then restart the mailbox server.
Browse to the debug snoop page: http://{server}:{port}/spnego/snoop.jsp.
See if you can access the snoop.jsp
Check zmmailboxd.out and mailox.log for debug output.
382 Network Edition Zimbra Collaboration
advertisement
advertisement
Table of contents
- 13 Audience
- 13 Third-Party Components
- 13 Support and Contact Information
- 15 Architectural Overview
- 16 Core Email, Calendar and Collaboration Functionality
- 16 Zimbra Components
- 17 Zimbra Application Packages
- 20 Mail Flow—Multi-Server Configuration
- 21 Zimbra System Directory Tree
- 23 Zimbra Web Clients
- 23 Web Services and Desktop Clients
- 24 Offline Mode
- 25 Security Measures
- 25 Identity and Access Management
- 26 Information Security and Privacy
- 26 System Logs
- 29 License Types
- 30 License Requirements
- 30 License Usage by Account Type
- 31 License Activation
- 31 Automatic License Activation
- 31 Manual License Activation
- 31 When Licenses are not Installed or Activated
- 32 Obtain a License
- 32 Managing Licenses
- 32 License Information
- 33 License Expiration
- 33 Renewal
- 34 Updating Your License
- 35 Mailbox Server
- 35 Message Store
- 36 Data Store
- 36 Index Store
- 38 Web Application Server
- 38 Mailstore Services
- 38 User Interface Services
- 38 Web Application Server Split
- 38 Installation and Configuration of the Web Application Server Split
- 39 Backing Up the Mailbox Server
- 39 Mailbox Server Logs
- 41 LDAP Traffic Flow
- 42 LDAP Directory Hierarchy
- 43 Zimbra Collaboration LDAP Schema
- 44 Zimbra Collaboration Objects
- 46 Account Authentication
- 46 Internal Authentication Mechanism
- 46 External LDAP and External AD Authentication Mechanism
- 47 Custom Authentication
- 48 Kerberos5 Authentication Mechanism
- 49 Global Address List
- 51 Flushing LDAP Cache
- 51 Flush the Cache for Themes and Locales
- 51 Flush Accounts, Groups, COS, Domains, and Servers
- 54 Incoming Mail Routing Overview
- 54 Zimbra MTA Deployment
- 55 Postfix Configuration Files
- 55 SMTP Authentication
- 55 SMTP Restrictions
- 55 Sending Non Local Mail to a Different Server
- 56 Anti-Virus and Anti-Spam Protection
- 56 Anti-Virus Protection
- 57 Anti-Spam Protection
- 70 Receiving and Sending Mail
- 71 Message Queues
- 73 Benefits of Using Zimbra Proxy
- 74 Zimbra Proxy Components
- 74 Proxy Architecture and Flow
- 75 Changing the Zimbra Proxy Configuration
- 75 Zimbra Proxy
- 75 Zimbra Proxy Ports
- 76 Setting Up IMAP and POP Proxy After HTTP Proxy Installation
- 78 Configuring Zimbra HTTP Proxy
- 79 Setting Up HTTP Proxy
- 81 Setting Proxy Trusted IP Addresses
- 82 Configuring Zimbra Proxy for Kerberos Authentication
- 83 Administrator Accounts
- 84 Logging in to the Administration Console
- 84 Modifying Administrator Passwords
- 85 Customizing the Login and Logout Pages
- 85 Managing Tasks
- 86 Navigating the User Interface
- 87 Home Navigation Pane
- 88 Home UI
- 89 Monitor UI
- 92 Manage UI
- 94 Configure UI
- 96 Global Settings UI
- 98 Tools and Migration UI
- 100 Search UI
- 101 Setting Up a Simple Search
- 101 Help Center UI
- 102 Tools in Collaborator Tables
- 103 Message of the Day
- 103 Closing a Message of the Day
- 103 Creating Message(s) of the Day
- 104 Removing Message(s) of the Day
- 104 Functional Reference
- 104 GUI Roadmap
- 105 Popup Menu Options
- 108 Containers
- 109 Global Configuration
- 110 General Information Configuration
- 112 Attachments Configuration
- 112 Setting Up Email Attachment Rules
- 113 Blocking Email Attachments by File Type
- 113 MTA Configuration
- 115 Global IMAP and POP Configuration
- 115 Working With Domains
- 116 Domain General Information Configuration
- 118 Global Address List (GAL) Mode Configuration
- 119 Using GAL sync accounts for faster access to GAL
- 121 Authentication Modes
- 122 Virtual Hosts
- 123 Setting Account Limits
- 123 Renaming a Domain
- 124 Adding a Domain Alias
- 125 Enabling Support for Domain Disclaimers
- 126 Disabling Disclaimers for Intra-domain Emails
- 126 Disabling the Disclaimer Feature
- 126 Zimlets on the Domain
- 126 Managing Server Settings
- 127 General Server Settings
- 128 Change MTA Server Settings
- 128 Setting Up IP Address Binding
- 129 Managing SSL Certificates for ZCS
- 129 Installing Certificates
- 130 Viewing Installed Certificates
- 131 Maintaining Valid Certificates
- 131 Install a SSL Certificate for a Domain
- 133 Using DKIM to Authenticate Email Message
- 133 Configure Zimbra Collaboration for DKIM Signing
- 134 Update DKIM Data for a Domain
- 135 Remove DKIM Signing from ZCS
- 135 Retrieve DKIM Data for a Domain
- 135 Anti-spam Settings
- 140 Anti-virus Settings
- 141 Zimbra Free/Busy Calendar Scheduling
- 142 Zimbra Collaboration to Zimbra Collaboration Free/Busy Interoperability
- 143 Setting Up S/MIME
- 143 Prerequisites
- 143 S/MIME License
- 144 Enable S/MIME Feature
- 144 Importing S/MIME Certificates
- 145 Storage Management
- 146 Implementing Hierarchical Storage Management
- 147 Email Retention Management
- 148 Configuring Email Lifetime Rules
- 148 Purging Email Messages
- 149 Configuring Message Retention and Deletion Policies
- 149 Global Retention Policy
- 149 COS Retention Policy
- 150 Managing the Dumpster
- 151 Configure Legal Hold on an Account
- 152 Customized Admin Extensions
- 152 Deploying New Administration Console UI Modules
- 152 Removing An Admin Extension Module
- 155 Managing Account Usages with a COS
- 156 Selecting Features and Preferences
- 157 Disabling Preferences
- 157 Setting Default Time Zone
- 157 Using Server Pools
- 157 Setting Account Quota
- 158 Setting Quotas in Domains
- 158 Managing Excess Quota
- 159 Managing Passwords
- 159 Directing Users to Your Change Password Page
- 160 Configuring a Password Policy
- 161 Managing Login Policies
- 162 Managing Session Timeout Policies
- 162 Managing Default External COS
- 163 Messaging and Collaboration Applications
- 163 Email Messaging Features
- 170 Address Book Features
- 170 Calendar Features
- 172 Troubleshooting Calendar Appointment Problems
- 172 Changing Remote Calendar Update Interval
- 172 Disabling Attendee Edits to Appointments
- 172 Setting Other User Calendar Preferences
- 174 Setting Up Zimbra Tasks
- 174 Zimbra Web Client User Interface Themes
- 175 Two Factor Authentication
- 175 2FA for New User Account
- 175 2FA for Existing User Account
- 176 2FA for Class of Service
- 177 Other Configuration Settings for Accounts
- 177 Enable Sharing
- 178 Configure SMS Notification
- 178 Configure Attachment Viewing
- 178 Display a Warning When Users Try to Navigate Away
- 179 Enabling the Check Box for the Web Client
- 179 Preferences Import/Export
- 179 Adding Words to Spell Dictionary
- 181 Creating a Single User Accounts
- 182 Migrating Accounts and Importing Account Email
- 182 Migrating Accounts from a Zimbra Server
- 184 Migrating Accounts from Generic IMAP Servers
- 186 Migrating Accounts using an XML File
- 187 Importing Email for Selected Accounts
- 188 XML File Examples
- 189 Auto Provisioning New Accounts from External LDAP
- 190 Overview
- 191 Auto-Provisioning Attributes
- 194 Place holders
- 194 Eager Mode Configuration
- 196 Lazy Mode Configuration
- 197 Manual Mode Configuration
- 198 Managing Resources
- 198 Set Up the Scheduling Policy
- 201 Status of User Accounts
- 202 Deleting an Account
- 202 Viewing an Accounts Mailbox
- 202 Using an Email Alias
- 203 Working with Distribution Lists
- 203 Setting Subscription Policies for Distribution Lists
- 203 Management Options for Owners of Distribution Lists
- 204 Creating a Distribution List
- 205 Managing Access to Distribution Lists
- 207 Enabling View of Distribution List Members for AD Accounts
- 208 Using Dynamic Distribution Lists
- 208 Create Dynamic Distribution Lists
- 211 Moving a Mailbox
- 211 Global Configuration Options for Moving Mailboxes
- 213 Target Types for Granting Administrative Rights
- 215 Rights
- 215 System-defined rights
- 215 Attribute Right
- 217 Implementing Delegated Administration
- 218 Administrator Groups and Administrators
- 218 Configure Grants on Administrator Accounts or Admin Groups
- 218 Grant ACLs to a Target
- 219 Revoking Rights
- 219 View Rights Granted to Administrators
- 219 Predefined Delegated Administrator Role
- 219 Domain Administration Group
- 220 Distribution List Administration Group
- 220 Creating Delegated Administrator Roles
- 228 Zimbra Logger
- 228 Enabling Server Statistics
- 228 Reviewing Server Status
- 229 Enabling or Disabling Server Services
- 229 Viewing Server Performance Statistics
- 230 Configuring Logger Mail Reports
- 230 Configuring Disk Space Notifications
- 230 Monitoring Servers
- 231 Configuring Denial of Service Filter Parameters
- 231 Identifying False Positives
- 232 Customizing DoSFilter Configuration
- 233 Tuning Considerations for ZCS 8.0.3 and later
- 233 Working with Mail Queues
- 235 View ing Mail Queues
- 235 Flushing Message Queues
- 235 Monitoring Mailbox Quotas
- 236 Viewing Quota
- 236 Increase or Decrease Quota
- 236 Viewing MobileSync Statistics
- 236 Monitoring Authentication Failures
- 237 Viewing Log Files
- 238 Syslog
- 238 Using log4j to Configure Logging
- 238 Logging Levels
- 240 Protocol Trace
- 241 Reviewing mailbox.log Records
- 244 Reading a Message Header
- 245 Fixing Corrupted Mailbox Index
- 245 Checking for Index Corruption
- 246 Repairing and Reindexing a Corrupt Index
- 246 SNMP Monitoring and Configuration
- 246 SNMP Monitoring Tools
- 246 SNMP Configuration
- 246 Errors Generating SNMP Traps
- 246 Checking MariaDB
- 247 Checking for Zimbra Collaboration Software Updates
- 248 Updating Zimbra Connector for Microsoft Outlook
- 248 Notifications and Alerts Sent by Zimbra Collaboration
- 249 Service status change notification
- 249 Disk usage notification
- 249 Duplicate mysqld processes running notification
- 249 SSL certificates expiration notification
- 250 Daily report notification
- 250 Database integrity check notification
- 250 Backup completion notification
- 251 Backing Up the Mailbox Server
- 252 Backup Methods
- 252 Standard Backup
- 253 Auto-Grouped Backup Method
- 254 Directory Structure for Backup Files
- 255 Backup and Restore Using the Administration Console
- 255 Configure Backup from the Admin Console
- 256 Backup and Restore Using the Command Line Interface
- 257 Backing up using the Standard Method
- 257 Scheduling a Standard Backup
- 259 Full Backup Process
- 259 Incremental Backup Process
- 260 Finding a Specific Backups
- 261 Aborting a Full Backup in Progress
- 261 Back up using the Auto-Grouped Method
- 261 Configuring Auto-Grouped Backup from the CLI
- 262 Schedule Auto-Group Backups
- 263 Backup Options
- 263 Backup Up content Options
- 263 Back Up the MySQL Database
- 264 Managing Disk Space for Backups
- 264 Restoring Data
- 265 Restore Process
- 267 Stop a Restore Process
- 267 Restore Mailboxes When Mail Server Is Down
- 268 Restore Individual Accounts on a Live System
- 268 Exclude Items from a Restore
- 269 Restore the LDAP Server
- 269 General Steps for Disaster Recovery
- 270 Crash Recovery Server Startup
- 270 Restore the Zimbra Collaboration
- 271 Install ZCS on a New Server
- 273 Restoring from Different Failure Scenarios
- 274 Change Local Configuration Files After Restoring Zimbra
- 275 Using snapshots to Backup and Restore
- 277 Mobile Device Security Policies
- 278 Setting Up Mobile Policies on ZCS
- 279 Mobile Device Security Policies
- 282 Managing Mobile Devices
- 283 Supporting Autodiscover
- 283 Set Up Mobile Synchronization for User Accounts
- 284 Change Mobile Device Password Policy
- 284 User’s Mobile Device Self-Care Features
- 287 How Archiving Works
- 289 How Discovery Works
- 289 Installing the Archiving Package
- 289 Installing zimbra-archiving in a Single-Server Environment
- 290 Installing zimbra-archiving in a Multi-Server Environment
- 291 Manage Archiving From the Administration Console
- 291 Enable Archiving
- 291 Creating a Dedicated Archive COS
- 291 Setting Up an Archive Account Name
- 292 Set Up Archiving for a Users Mailbox
- 293 Archive Mailboxes
- 293 Creating an archive mailbox and assigning a COS
- 293 Creating an Archive Mailbox with No COS or Password
- 293 Enabling Archive Forwarding to a Third-party Archiving Server
- 294 Searching Across Mailboxes
- 294 Cross Mailbox Search from the Administration Console
- 297 Legal Intercept Settings
- 297 Setting Up Legal Intercept
- 298 Setting Up Legal Intercept to Forward Message Header
- 298 Modifying the Intercept Cover Email Message
- 299 Creating Mailbox Snapshots for Legal Discovery
- 299 Creating a Mailbox Snapshot Zip File
- 301 Changing Theme Color and Logos on the Zimbra Web Client
- 302 Customizing Base Theme Colors
- 302 Replacing the ZWC Logo
- 303 Using the Admin Console to Modify Theme Colors and Logo
- 305 Using the CLI to Change Theme Colors and Logo
- 307 Adding Your Logos
- 308 Changing the Logo on the Touch Client
- 309 Managing Zimlets from the Administration Console
- 310 Deploying Custom Zimlets
- 310 Enable, Disable, or Make Zimlets Mandatory
- 311 Undeploying a Zimlet
- 311 Adding Proxy-Allowed Domains to a Zimlet
- 311 Upgrading a Zimlet
- 311 Managing Zimlets from the Command Line Interface
- 311 Deploying Zimlets
- 312 Adding Proxy Allowed Domains to a Zimlet
- 312 Deploying a Zimlet and Granting Access to a COS
- 313 Viewing Installed Zimlets
- 313 Changing Zimlet Configurations
- 313 Upgrading a Zimlet
- 314 Using the Zimbra Gallery
- 314 Developing Customized Zimlets
- 315 General Tool Information
- 321 Using non-ASCII Characters in CLIs
- 323 Account Provisioning Commands
- 324 Calendar Resource Provisioning Commands
- 325 Free Busy Commands
- 325 Domain Provisioning Commands
- 326 COS Provisioning Commands
- 327 Server Provisioning Commands
- 327 Config Provisioning Commands
- 328 Distribution List Provisioning Commands
- 328 Mailbox Commands
- 329 Miscellaneous Provisioning Commands
- 330 Logs Commands
- 330 Search Commands
- 331 Share Provisioning Commands
- 331 Unified Communication Service Commands
- 331 IMAP/POP Proxy Commands
- 331 Examples—using zmprov
- 334 Configure Auto-Grouped Backup from the CLI
- 334 Changing Conversations Thread Default
- 335 Detecting Corrupted Indexes
- 375 Configuration Process
- 376 Create the Kerberos Keytab File
- 378 Configure ZCS
- 381 Configure Your Browser
- 381 Test your setup
- 382 Troubleshooting setup
- 383 Configure Kerberos Auth with SPNEGO Auth
- 384 Setting Up Single Sign-On Options for ZCO
- 385 How to read the crontab
- 385 ZCS Cron Jobs
- 386 Jobs for crontab.store
- 386 Jobs for crontab.logger
- 387 Jobs for crontab.mta
- 388 Single Server Crontab -l Example