[Samba] Office365

[Praveen Ghimire]

Hi All,

We have a Ubuntu AD on version 4.7.6 and are trying to implement Office 365. We have been able to configure so far


-          Password sync

-          Filtering  users in certain OUs in AD to  Azure AD

What we can't get to work is seamless SSO. Initially we installed the Azure AD sync in a server 2012 (AD member server) and tried to run the SSO, it comes up with "An error occurred locating computer account" . Then as a test we added a 2008R2 server and promoted it as DC. We ran the same steps and got the same message. Through powershell we get "directory service is unavailable" error.

We then ran a netmon trace on the 2008R2 box when running the powershell bits and it seems to be connecting to the Ubuntu server.  It seems to using GSS-SPNEGO

LDAPSASLBuffer: BufferLength: 102, AuthMechanism: GSS-SPNEGO


The smb.conf looks like


[global]
        workgroup = LIN
        realm = LIN.GROUP
        netbios name = SERVER5
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes
        log file = /var/log/samba/log.%m
        log level = 4
        winbind nss info = rfc2307
        acl allow execute always = True
        server services = -dns
        allow dns updates = nonsecure and secure
      ldap server require strong auth = no
       client ldap sasl wrapping = plain


We have logged a call with Microsoft Azure support.

Any thoughts?


Regards,
Praveen Ghimire