[cifs-protocol] Implement password hash synchronization with Azure AD Connect sync [119110624002737]
Obaid Farooqi
obaidf at microsoft.com
Fri Nov 15 19:54:51 UTC 2019
Hi Metze:
In my repro (not involving samba DC), I see that pass hash synchronization happens in couple of minutes.
Can you please send me network traces which is taken when password in changed on Samba DC and from that point 5 minutes in future ? The captures should be from both connect server and Samba DC.
Also can you please send a network capture of manual sync captured on connect server?
Regards,
Obaid Farooqi
Escalation Engineer | Microsoft
Exceeding your expectations is my highest priority. If you would like to provide feedback on your case you may contact my manager at ramagane at Microsoft dot com
-----Original Message-----
From: Obaid Farooqi
Sent: Wednesday, November 6, 2019 10:12 AM
To: Stefan Metzmacher <metze at samba.org>
Cc: cifs-protocol at lists.samba.org; support <support at mail.support.microsoft.com>
Subject: RE: Implement password hash synchronization with Azure AD Connect sync [119110624002737]
Hi Metze:
I'll help you with this issue and will be in touch as soon as I have an answer.
Regards,
Obaid Farooqi
Escalation Engineer | Microsoft
-----Original Message-----
From: Obaid Farooqi <obaidf at microsoft.com>
Sent: Wednesday, November 6, 2019 10:09 AM
To: Stefan Metzmacher <metze at samba.org>
Cc: cifs-protocol at lists.samba.org; support <support at mail.support.microsoft.com>
Subject: RE: Implement password hash synchronization with Azure AD Connect sync [119110624002737]
Hi Metze:
Thanks for contacting Microsoft. I have created a case to track this issue. A member of the open specifications teams will be in touch soon.
Regards,
Obaid Farooqi
Escalation Engineer | Microsoft
-----Original Message-----
From: Stefan Metzmacher <metze at samba.org>
Sent: Wednesday, November 6, 2019 7:01 AM
To: Interoperability Documentation Help <dochelp at microsoft.com>; cifs-protocol at lists.samba.org
Subject: Implement password hash synchronization with Azure AD Connect sync
Hi DocHelp,
we have customers trying to use Azure AD connect to sync their Samba DC with Azure.
It works in general, but they report that changed passwords in Samba are not replicated (at least not in a timely manner). Doing a manual replication works.
The following page talks about
"password hash synchronization heartbeat events":
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Ftshoot-connect-password-hash-synchronization%23password-sync-log&data=02%7C01%7Cobaidf%40microsoft.com%7Cecc788e2b5444ebc584908d762d3b181%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637086533671679591&sdata=g10UwcDw2ZAkImP%2FSiswGMmwNGJK2yrLSfRoSK67g8s%3D&reserved=0
What protocol is used for this heartbeat feature?
So far I only saw (I guess unrelated) LDAP traffic as well as the MS-DRSR replication with DRSGetNCChanges() from the Azure AD connect host to the Samba AD DC.
It would be good to know which protocols are required for the AD DC to implement for this to work.
Thanks!
metze
More information about the cifs-protocol
mailing list